Bitcoin Baron

A hacker once considered "the Internet’s most inept criminal" received on Monday a prison sentence of 20 months in prison for launching DDoS attacks against the city of Madison, Wisconsin —attacks which caused delays and outages to various municipality services, including its 911 emergency call center.

The DDoS attacks took place between March 9 and March 14, 2015, and the man's name is Randall Charles Tucker, 23, a hacker who went online under the pseudonym of "Bitcoin Baron."

Tucker behind countless of defacements and DDoS attacks

Authorities filed charges against Tucker in August 2016, two years after the Baron started his hacking career which mostly included defacing websites and launching a long string of DDoS attacks against various entities that he came across in his daily routine.

Attacks didn't follow a particular pattern, and Tucker never bothered hiding his actions, often announcing upcoming or past attacks on his Twitter timeline and in public and private chatrooms.

For the time, Tucker was your regular confused hacktivist who took up arms against causes he saw as unjust, including launching attacks part of #OpSeaWorld, an operation of the Anonymous hacker collective against the maltreatment of ocean life inside SeaWorld parks.

Other victims of his rage included the networks of various US municipalities, childrens' hospitals, news sites, web hosting firms, banks, gaming servers, and the homepages of other hacker groups.

Most of the attacks were short-lived, as Tucker moved from target to target in a quick pace.

His most publicized hacks were when he defaced the website of the Shriners Hospitals for Children with child pornography, when he attacked the website of the Arizona Department of Child Safety, and when he attempted to extort 100 Bitcoin from the city of Moore, Oklahoma.

Tucker didn't pay attention to the small details... or the big ones

But Bitcoin Baron was never a hacker admired for his dedication or skills. He infamously botched a "social justice operation" against the San Marcos Police Department when he hacked into the department's website and left a message demanding the jailing of an officer who was accused of beating, injuring, and illegally arresting a student.

Unknown to Tucker was that the officer in question had been fired and jailed two years prior to his attack. Ooops, indeed.

Tucker also launched DDoS attacks against News2Share.com, a user-generated video-based news portal, on two different occasions, demanding they feature one of his self-made hacker "call for arms" videos.

The site gave in to his demands and eventually featured the video, only to get a few hundred views from his effort, and almost no national media attention, as he was hoping.

Big mouth and no OpSec

According to court documents, Tucker was never keen on operational security (OpSec), which allowed law enforcement to gather troves of information about his past actions, making the case an easy win for prosecutors.

The prosecution said Tucker relished the mayhem he caused with his DDoS attack against the city of Madison, which affected first-responders, hospitals, the county jail, and government email communications throughout the area.

Prosecutors said that in a Skype chat with a fellow hacker, Tucker forwarded links to news articles about the fallout from his DDoS attacks and boasted that he was "becoming quite famous on the net." He gleefully said, "this shit is exciting."

Tucker also bragged that he has "done this for 2 years" and "haven’t been caught."

Tucker also stabbed his father with a kitchen knife

Some part of this reckless hacking and DDoS spree appears to have taken place after Tucker was arrested and released pre-trial for aggravated assault after stabbing his father with a kitchen knife.

He was later sentenced to a 1.5-year prison sentence and surrendered himself to a state prison two months after his Madison DDoS attacks.

Tucker told fellow hackers he was "shutting down sites and getting myself on the news as Bitcoin Baron before I go," most likely referring to his pending prison sentence.

In hindsight, the following tweet didn't age pretty well, as this came just before his initial 1.5 years sentencing, and as authorities were slowly retracing his hacks and getting ready to levy new charges.

In a New York Observer article that broke down the charges from his original indictment, Tucker was labeled as "the Internet’s most inept criminal" because of his sloppy OpSec, poor hacking skills, and use of automated tools. A few years down the line, some of those sloppy defacements and DDoS attacks appear to have been on purpose, as Tucker appears to have tried to boost his reputation before he went to prison.

Tucker pleaded guilty to the hacking-related charges in April 2017. The prosecution asked for a 41-month prison sentence, according to a sentencing memorandum, but the judge handed down a 20-month prison sentence instead. He was also ordered to pay $69,000 in restitution.

Related Articles:

Author of LuminosityLink RAT Pleads Guilty After Being Arrested Last Year

ProtonMail DDoS Attacks Are a Case Study of What Happens When You Mock Attackers

Hacker Who Worked With FSB Agents in Email Hacks Gets 5 Years in Prison

CoinVault Ransomware Authors Have Their Day in Court in the Netherlands

Hacker Steals Military Docs Because Someone Didn’t Change a Default FTP Password