Co Down teenager gets suspended sentence over multiple cyber-attacks

Josh Maunder (19) admitted carrying out ‘hundreds’ of DDOS attacks on police and banks

A Co Down teenager has been given a 20-month prison sentence, suspended for three years, for creating a computer virus which attacked police and financial institution websites.

Josh Maunder (19), of Abbey Park, Bangor, had pleaded guilty to a total of 19 charges, which included 13 counts of unauthorised act impairing the operation of a computer, making an article intended to be used for computer misuse, obtaining an article to commit an offence and possessing articles in connection with fraud.

Maunder also admitted single counts of conspiring to commit an unauthorised act and supplying an article to be used in computer misuse.

All of the offences were committed between December 1st, 2017 and September 13th, 2018, when he was aged 15.


Downpatrick Crown Court, sitting in Belfast, heard how Maunder created a “distributed denial of service (DDOS) attack which is a form of “cyber attack’' in which target websites are “flooded with requests so they become overloaded and cease to function’'.

Prosecution counsel David McNeill told the court that the investigation was sparked after online gaming platform had been bombarded with DDOS attacks in 2018, which cost them $61,000.

“The company identified the attacker as using the name ‘Metzi’ who posted abuse and threats on’s chatroom.’’

Research by the company found YouTube videos of the defendant using the ‘Metzi’ name and “speaking with a Northern Ireland accent’. It made a complaint to Action Fraud who passed it to the PSNI.

Mr McNeill said that on September 13th, 2018, police searched Maunder’s home. He was “at his computer and in control of the online programme, which co-ordinated the DDOS attacks’'.

Police seized his computer and his phone and during interviews he made “full and frank admissions’' to his offences, admitting he knew DDOS attacks were illegal and had carried out “hundreds of attacks’'.

One data file showed that had been used in 10,763 DDOS attacks between January and March 2018 by 857 users, which included his customers who paid money into his Paypal account.

“Police assess he was motivated by online fame or kudos amongst his peers.,” Mr McNeill said.

The prosecution lawyer added that other websites targeted for DDOS attacks were the Nationwide Building Society,, the US Department of Justice, Nuclear Fallout servers, a Czech police force and a server hosting an amateur boxing match.

Maunder told the Probation Service that he was not motivated by financial greed, that he only made a small amount of money which he spent on “running the website and on takeaway food’'.

Defence counsel David McDowell KC said Maunder had a previous clear record and has no matters pending. He told the court that Maunder is “attempting to gain employment on the lawful side of cyber security’' and had been interviewed by a California-based cyber security company. “His application was unsuccessful but representatives of the company flew from the USA to Northern Ireland to meet him which underscores the value of his skills for legitimate uses.’’

Judge Geoffrey Miller acknowledged Maunder had been “frank and honest’' at police interview during which he expressed remorse for his crimes.

“These were malicious attacks and carried out without permission but I accept he was not motivated by revenge,’’ said Judge Miller. “Had the attacks on the Nationwide Building Society proved fully successful, the cost implications to its business and its customers would have been considerable.’’