Member of Hacker Collective Pleads Guilty to Federal Charges of Making Online Threats to Schools and Possessing Child Pornography

          LOS ANGELES – A North Carolina man pleaded guilty today to federal charges of making bogus threats of shootings and bombings to schools in the United Kingdom and the United States, including numerous schools in Southern California.

          Timothy Dalton Vaughn, 21, of Winston-Salem, North Carolina, also admitted making false reports of a plane hijacking and conducting computer attacks, as well as possessing child pornography.

          Vaughn – who used online handles that include “WantedbyFeds” and “Hacker_R_US” – pleaded guilty this afternoon to possession of child pornography, conspiring to make threats and damage a computer, and computer hacking.

          Authorities have linked Vaughn to the Apophis Squad, a worldwide collective of computer hackers and swatters intent on using the Internet to cause chaos. The collective caused disruptions by making threatening phone calls, sending bogus reports of violent school attacks via email, and launching distributed denial-of-service (DDoS) attacks on websites. Vaughn and another man were named earlier this year in a grand jury indictment that alleged a series of cyber and swatting attacks in 2018, including threats of bombs and school shootings that were “designed to cause fear of imminent danger and did cause the closure of hundreds of schools on two continents on multiple occasions.”

          Vaughn specifically admitted today that he provided to his co-defendant contact information for at least 86 school districts that received emailed threats of an armed student. The threatened attacks included the imminent detonation of a bomb made with ammonium nitrate and fuel oil, bombs placed under school transportation vehicles, and the placement of explosives under school buses and on sports fields, according to Vaughn’s plea agreement.

          In a plea agreement filed in relation to today’s hearing, Vaughn admitted that in early 2018 he demanded 1.5 bitcoin (then worth approximately $20,000) from Hoonigan, a Long Beach motorsport company, to prevent denial-of-service attacks on its website. When the company refused to pay, he launched a DDoS attack that disabled hoonigan.com.

          Vaughn also admitted helping his co-defendant make a false report of a hijacking on a United Airlines plane flying from London to San Francisco.

          In relation to the child pornography count, Vaughn admitted possessing nearly 200 sexually explicit images and videos depicting children, including at least one toddler.

          As a result of his guilty pleas, Vaughn will face a statutory maximum sentence of 35 years in federal prison when he is sentenced by United States District Judge Otis D. Wright II on June 8.

          The second defendant named in the indictment – George Duke-Cohan, 20, of Hertfordshire, United Kingdom, who used online handles that included “DigitalCrimes” and “7R1D3N7” – is currently serving a prison sentence in Britain for the false report of the hijacking. Duke-Cohan is charged in the indictment with nine counts. If he were to be convicted, Duke-Cohan would face a statutory maximum sentence of 65 years in federal prison.

          An indictment contains allegations that a defendant has committed a crime. Every defendant is presumed innocent until and unless proven guilty beyond a reasonable doubt.

          This case is the result of an investigation by the FBI with assistance provided by the United States Secret Service as part of the Electronic Crimes Task Force.

          This case is being prosecuted by Assistant United States Attorney Julia S. Choe of the Cyber and Intellectual Property Crimes Section.