Student who created malware worth £45,000 while living with parents is jailed

Your support helps us to tell the story

Support Now

Find out moreClose

As your White House correspondent, I ask the tough questions and seek the answers that matter.

Your support enables me to be in the room, pressing for transparency and accountability. Without your contributions, we wouldn't have the resources to challenge those in power.

Your donation makes it possible for us to keep doing this important work, keeping you informed every step of the way to the November election

Andrew Feinberg

White House Correspondent

A university student who created malware targeting government websites while living with his parents has been jailed.

Amar Tagore, 21, a third-year university student, offered buyers malware (malicious software) to disrupt corporate and state-run websites, while living with his parents in Alexandria, West Dunbartonshire.

He supplied a tool used by hundreds of online customers to carry out distributed denial of services (DDoS) attacks which forced users to take their websites offline, and made nearly £45,000 from his crimes.

He also provided technical support to those who bought the cyber-attack software, which he constructed and sold, according to the Crown Office and Procurator Fiscal Service (COPFS).

Tagore, a third-year cybersecurity student, was jailed for 21 months at Dumbarton Sheriff Court after pleading guilty to computer misuse charges and a breach of proceeds of crime legislation.

Police were alerted after the Department for Work and Pensions (DWP) suffered regular DDoS attacks at a Jobcentre site in Braintree, Essex, between May 12 and August 18 2022, the court heard.

Officers identified a suspect whose mobile phone was found to run a programme called Myra, which was running two different attack “commands” towards DWP’s computer system, according to COPFS.

The Myra home page and its IP address were then traced to Tagore.

The website provided different Myra packages including a “normal” one for beginners, and a VIP package giving users a “larger network increase and complex vector structures”.

Another VIP+ package stated it had “access to all add-on packages for full accessibility to the network. Specialised with your attack suite to meet any desires”.

Officers carried out a search of the house Tagore shared with his parents in November 2022 and found him logged into a “Myra VI” terminal window through two large monitors and was using “commands” which allowed another user to use two separate attack methods, the court heard.

Analysis of Tagore’s laptop revealed 73,347 search references including the word “Myra”, with another 1,131 found on his mobile phone.

A financial investigation found that between January 2020 and November 2022, Tagore earned £44,433 from the sales of his malicious software.

Sineidin Corrins, deputy procurator fiscal for specialist casework at COPFS, said: “Amar Tagore’s criminal conduct had the potential to cause serious disruption to government-affiliated and commercial websites all over the world.

“He made tens of thousands of pounds through the sale of his malicious software and technical expertise.

“But he is now paying the price for his criminal conduct, and we are already taking steps to recover his criminal benefit under proceeds of crime legislation.

“This investigation involved domestic and international partners and reflects the worldwide nature of cyber crime investigations which does not stop at traditional borders.

“COPFS is committed to fighting cyber crime at all levels and to protecting our communities and businesses from the effects of such criminality.”

Tagore will now be subject to confiscation action under proceeds of crime legislation.