Colton Grubbs had previously pleaded guilty to conspiracy to unlawfully accessing computers in the furtherance of a criminal act, among other crimes.
When Grubbs was first charged, he claimed LuminosityLink was a legitimate tool for system administrators, and he never intended for it to be used maliciously. He reversed course in a plea agreement he signed in July 2017. In that document, he admitted for the first time that he knew some customers were using the software to control computers without owners' knowledge or permission. Grubbs also admitted emphasizing a wealth of malicious features in marketing materials that promoted the software.
The malicious features included the ability for LuminosityLink to be installed without notification, record key presses, surveil targets using their computer cameras and microphones, view and download computer files, steal names and passwords used to access websites, use infected computers to mine digital currencies, use victim computers to launch DDoS attacks, and prevent anti-malware software from detecting and removing the software.
He sold this software for $40 a pop to more than 6,000 people globally.
"Our modern society is dependent on computers, mobile devices, and the use of the Internet," Robert M. Duncan Jr., United States Attorney for the Eastern District of Kentucky, said in a Monday statement. "People simply have to have confidence in their ability to use these modern instruments to transact their business, privately communicate, and securely maintain their information."
Grubbs was also ordered to forfeit the money he made from his crimes, including 114 bitcoins, currently worth approximately $725,000.
“He has learned from his misdeeds”
Brandon Marshall, Grubbs' attorney, wrote in a sentencing memorandum that, as a teenager, Grubbs turned to coding and the Internet as a refuge from his parents, who frequently got in arguments with one another.
"There is every reason to believe that Colton's future will be positive and fruitful and that he has learned from his misdeeds," Marshall noted, asking for just 24 months. "Colton also respectfully requests that the Court consider his notable youth as it determines an appropriate sentence."
By contrast, prosecutors asked the judge to impose a sentence of 36 months.
"Grubbs made a business of flouting the law (except where it benefitted him) and profited from helping less sophisticated people commit computer intrusions," Neeraj K. Gupta, an assistant United States attorney, wrote. "His messages show that he has no respect for the law and show contempt for moral rules and social norms. His crimes and conspiracies require a lengthy sentence."
In the end, the judge split the difference.
reader comments
112