Defendant said to have fled following allegations related to cyber-attack

A US man alleged to be behind a 2010 DDoS attack on the Santa Cruz County government has been detained nine years after failing to appear in court

A US man alleged to be behind a 2010 DDoS attack on the Santa Cruz County government has been detained – nine years after failing to appear in court.

Christopher Doyon, 56, formerly of Mountain View, California, and now a resident of Mexico City, Mexico, was arrested in Mexico earlier this month.

He appeared in federal court on Tuesday (June 15) accused of failing to appear at a February 2012 status conference, following his pretrial release in 2011.

Doyon is now facing multiple charges related to the 2010 cyber-attack, as well as further charges related to his failure to appear.

Charges

Doyon, also known by the handle ‘Commander X’, was previously indicted on charges of conspiracy to cause intentional damage to a protected computer and aiding and abetting intentional damage to a protected computer, according to a US Department of Justice (DoJ) statement.

The DDoS attack was allegedly carried out in protest against new restrictions and definitions on camping within Santa Cruz City, California, which were seen as an affront to the city’s homeless population, according to the 2011 indictment (PDF).

The indictment claims that Doyon was part of an online group known as the People’s Liberation Front (PLF) which the US courts described as “an online collective of individuals that was associated with collaborative hacking attacks motivated by political and social goals, often referred to as ‘hacktivism’.”

Penalties

Doyon faces stiff penalties if found guilty: a maximum of two years’ imprisonment, a $250,000 fine, and three years of supervised release for failure to appear after pre-trial release, plus a maximum of five years’ imprisonment, three years of supervised release, and a fine of $250,000 – plus restitution if appropriate – for conspiracy to cause intentional damage.

The maximum statutory penalty for causing intentional damage to a protected computer and aiding and abetting is 10 years’ imprisonment, three years of supervised release, and a fine of $250,000 – plus restitution if appropriate.

The DoJ release reaffirmed that an indictment merely alleges that crimes have been committed, and all defendants are presumed innocent until proven guilty.


READ US Computer Fraud and Abuse Act: What the ‘landmark’ Van Buren ruling means for security researchers