The young hacker, who is from Finland and goes by the name “zeekill,” was handed a two-year suspended sentence by a court in Finland. He was also ordered to fight cybercrime as part of his rehabilitation, SkyNews reports.
Attacks by the hacker group knocked Microsoft’s online gaming networks PlayStation and Xbox offline for several days in late December.
Lizard Squad took credit for bringing down the online networks and said that it wanted to expose their poor security, MailOnline reports.
The attack meant that 160 million users were unable to use their consoles. This included kids who had just received them as Christmas gifts. Downloaded games couldn’t be played and gamers around the world couldn’t compete against each other.
The disruptions, which began on Christmas day, continued for several days, and angry parents tweeted hundreds of messages to PlayStation and Xbox on Twitter and were accompanied by the message “#christmasruined.”
Zeekill, whose real name is reportedly Julius Kivimaki, Forbes reports, was also implicated in an alleged harassment campaign against a young man, 20, who was the victim of an online hoax, MailOnline reports.
The man’s house was flooded with thousands of phone calls from people who were given his phone number, thinking it was a hotline for a car competition.
The teenager was also found guilty by the Espoo District Court of allegedly tampering with servers at Harvard University and MIT (the Massachusetts Institute of Technology) and money laundering, SkyNews reports.
The court also confiscated his PC and ordered him to hand over €6,588 ($7,315.92) worth of property allegedly obtained through his crimes, BBC News reports. He was convicted of alleged “instances of aggravated computer break-ins.”
Judge Wilhelm Norrmann noted that Kivimaki was only 15 and 16 when he allegedly committed the crimes in 2012 and 2013.
In a statement, the Court said:
“[The verdict] took into account the young age of the defendant at the time, his capacity to understand the harmfulness of the crimes, and the fact that he had been imprisoned for about a month during the pre-trial investigation.”
However, Alan Woodward, a consultant, who advises Europol and other sites on cybercrime issues, expressed concern.
“Whilst I’m sure the courts considered all the circumstances surround the conviction and the sentence that was warranted, there is a question as to whether such sentences will act as a deterrent to other hackers,” Woodward said.
“It is not necessarily the place of the courts to factor in deterrence in their sentences.
“However, if I were another hacking group, was not that bothered about just having something on my record, and saw someone attract a suspended sentence for over 50,000 hacks, some of which caused significant damage, I don’t think it would cause me much concern,” he said.
Kivimaki allegedly compromised over 50,000 computer servers by using vulnerabilities in ColdFusion, a software program.
This enabled him to install “backdoors” in to thousands of the computers, making it possible him to retrieve information stored on them.
Prosecutors say that the teenager allegedly added malware to about 1,400 of the servers, BBC News reports. He was then able to create a botnet, which he used to carry out denial of service attacks on other computers. This bombards affected computers with a flood of internet traffic and overwhelms them in the process.
The court also found him guilty of allegedly helping steal seven gigabytes worth of data, sent from email addresses that ended in @mit.edu, the system used by MIT, BBC News reports. The court was told that traffic to MIT was redirected to a website on a server run by Harvard University, meaning that it could then be examined. Educause, the company that provides MIT’s email infrastructure, reports it has incurred more than $213,000 (£139,000) in costs as a consequence.
Kivimaki was arrested in September 2013.