LOS ANGELES – Federal authorities today arrested one of two defendants charged in a federal indictment with making false threats of violent attacks at many locations – including Los Angeles International Airport and numerous Southern California school districts – and staging attacks on computer systems belonging to institutions and companies, including a Long Beach-based company.
The two defendants allegedly are members of the Apophis Squad, a worldwide collective of computer hackers and swatters intent on using the internet to cause chaos. The collective caused disruptions by making threatening phone calls, sending bogus reports of violent school attacks via email, and launching distributed denial-of-service (DDoS) attacks on websites.
Timothy Dalton Vaughn, 20, of Winston-Salem, North Carolina – who used online handles that include “WantedbyFeds” and “Hacker_R_US” – was arrested this morning by special agents with the FBI.
The second defendant named in the indictment – George Duke-Cohan, 19, of Hertfordshire, United Kingdom, who used online handles that included “DigitalCrimes” and “7R1D3N7” – is currently serving a prison sentence in Britain for making a hoax threat targeting an airliner, a threat that is detailed in the indictment unsealed today.
The indictment alleges that Apophis Squad conducted cyber and swatting attacks against individuals, businesses, and institutions in the U.S. and the United Kingdom. Members made threats of bombs and school shootings that were “designed to cause fear of imminent danger and did cause the closure of hundreds of schools on two continents on multiple occasions,” according to the indictment.
The conspiracy alleged in the indictment spanned the first eight months of 2018, during which members of Apophis Squad communicated various threats – sometimes using “spoofed” email addresses to make it appear the threats had been sent by innocent parties, including the mayor of London. They also allegedly defaced websites and launched denial-of-service attacks. In addition, Vaughn allegedly conducted a DDoS attack that took down hoonigan.com, the website of a Long Beach motorsport company, for three days, and sent extortionate emails to the company demanding a Bitcoin payment to cease the attack.
The indictment also alleges that Duke-Cohan called the FBI field office in Omaha, Nebraska on multiple occasions, discussed the deployment of deadly pathogens in the office, and threatened to rape and kill the wife of the FBI personnel who answered the phone.
Vaughn bragged in an online forum that Apophis Squad had targeted over 2,000 schools in the United States and more than 400 in the United Kingdom, according to the indictment, which details threats about imminent shootings and bombs being sent to school districts across Southern and Central California. Duke-Cohan allegedly posted a message on Twitter taking credit for the hoax emails on behalf of Apophis Squad in which he said, “We are OPEN for request for school lockdowns / evacs.”
The Apophis Squad also took credit for hacking and defacing the website of a university in Colombia, resulting in visitors to the site seeing a picture of Adolf Hitler holding a sign saying “YOU ARE HACKED” alongside the message “Hacked by APOPHIS SQUAD.”
The 11-count indictment, which was returned by a federal grand jury on February 8 and unsealed today, charges Vaughn and Duke-Cohan with conspiracy and eight additional felony offenses, including making threats to injure in interstate commerce and making interstate threats involving explosives. Vaughn is additionally charged with intentionally damaging a computer and interstate threat to damage a protected computer with intent to extort.
Vaughn is expected to make his initial court appearance in the Middle District of North Carolina this afternoon.
An indictment contains allegations that a defendant has committed a crime. Every defendant is presumed innocent until and unless proven guilty beyond a reasonable doubt.
If he is convicted of all 11 charges in the indictment, Vaughn would face a statutory maximum sentence of 80 years in federal prison. If he is convicted of the nine charges in the indictment in which he is named, Duke-Cohan would face a statutory maximum sentence of 65 years in federal prison.
This case is the result of an investigation by the Federal Bureau of Investigation, with assistance provided by the United States Secret Service as part of the Electronic Crimes Task Force.
This case is being prosecuted by Assistant United States Attorney Jennie L. Wang of the Cyber & Intellectual Property Crimes Section.