Two hackers charged for DDoS attacks, threats to LAX

One of the accused is already serving time, while the other was arrested Tuesday morning.
Apophis Squad

Two men were charged with conducting cyberattacks on various organizations and threatening physical violence on Southern California school districts and the Los Angeles International Airport, among other targets, according to an indictment that was unsealed by U.S. prosecutors on Tuesday.

The men, an American and a Briton, sent false reports of violent attacks on schools via email and carried out distributed denial-of-service (DDoS) attacks on websites, according to the indictment announced by the U.S. Attorney’s Office of the Central District of California.

The defendants –a 19-year-old British national named George Duke-Cohan and a 20-year-old North Carolina man named Timothy Dalton Vaughn – are accused of being part of a hacking collective known as Apophis Squad. Duke-Cohan is already serving a prison sentence in Britain for threatening violence on an airliner, U.S. officials said. Vaughn’s online moniker, “WantedbyFeds,” turned prophetic Tuesday morning when he was arrested by U.S. authorities. Their alleged criminal activity took place in the first eight months of 2018.

Threats allegedly made by the men closed hundreds of schools in the United States and United Kingdom, according to the indictment, using email addresses that spoofed other entities, including the Mayor of London, to lend legitimacy to the threats.


The charges paint a picture of malice: Duke-Cohan, Vaughn, and other Apophis Squad hackers would “DDoS or deface the websites of entities with which they were displeased,” the indictment states.

Vaughn is accused of conducting a DDoS attack that knocked a website belonging to a California motorsport company offline for three days, and then demanding Bitcoin to stop the attack. He was expected to appear in court Tuesday afternoon.

Vaughn and Duke-Cohan also allegedly collaborated on a weeklong DDoS attack on ProtonMail, the encrypted email service. Duke-Cohan taunted the Switzerland-based email provider on Twitter, claiming it had weak DDoS protection, prosecutors said. As with so many of the men’s alleged targets, it is unclear why they attacked ProtonMail, other than because of their appetite for chaos.

You can read the full indictment below.

[documentcloud url=”” responsive=true]

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts