A Russian man has been arrested in Cyprus on charges that he launched denial-of-service attacks on Amazon.com and eBay in 2008, the U.S. Department of Justice announced.
Dmitry Olegovich Zubakha, 25, of Moscow, was arrested Wednesday, the DOJ said.
An indictment against Zubakha in U.S. District Court for the Western District of Washington, unsealed Thursday, alleges that he and another Russian man used denial-of-service attacks against the websites, also including Priceline.com, in June 2008.
During the attacks, traffic at Amazon.com rose to 600 to 1,000 percent of normal traffic levels, causing the website to be unavailable to customers for several hours, according to the indictment.
Zubakha and his co-conspirator allegedly claimed credit for the attacks in hacker forums, the DOJ said in a press release. The co-conspirator called Priceline.com and offered his services as a consultant to stop the denial-of-service attack, the DOJ said.  In October 2009, law enforcement traced the possession of more than 28,000 stolen credit card numbers to Zubakha and his co-conspirator.
“These cyber bandits do serious harm to our businesses and their customers,” U.S. Attorney Jenny Durkan of the Western District of Washington said in a statement. “But the old adage is true: the arm of the law is long. This defendant could not hide in cyberspace.”
The indictment charged Zubakha with conspiracy to intentionally cause damage without authorization to a protected computer and two counts of intentionally causing damage to a protected computer resulting in a loss of more than US$5,000. Zubakha is also charged with possession of 15 or more unauthorized access devices and aggravated identity theft for a separate incident involving the possession of stolen credit card numbers in October 2009.
The DOJ is seeking to extradite Zubakha from Cyprus, where he remains in custody.
The sentence for conspiracy can be up to five years in prison, while intentionally causing damage to a protected computer can lead to 10 years in prison and a $250,000 fine. The sentence for possession of more than 15 unauthorized access devices can be up to 10 years in prison and a $250,000 fine. Aggravated identity theft is punishable by an additional two years in prison on top of any sentence for the underlying crimes.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant’s e-mail address is firstname.lastname@example.org.