A 23-year-old Ohio student who took down the websites of Fox News’ Bill O’Reilly and conservative pundit Ann Coulter, and briefly disrupted the network of the University of Akron, has been sentenced to 30 months in prison.

In addition, former University of Akron student Mitchell Frost must pay $40,000 to O’Reilly and $10,000 to the university in restitution.

ADVERTISEMENT

He pleaded guilty in May, when he faced up to 15 years in jail:

Mitchell L. Frost of Ohio was charged with one count of causing damage to a protected computer system and one count of possessing 15 or more unauthorized access devices. He could be sentenced to 15 years in prison and fined up to $250,000. According to court documents, between August 2006 and March 2007 while enrolled at UA, Frost used school computers to access IRC channels to control other computers and computer networks via botnet zombies, which were located throughout the United States and in other countries. Frost then used the compromised computers to spread malicious code, commands and information to more computers, so he could get information and data from the compromised computer networks, and for the purpose of launching DDoS attacks on computer systems and websites.

Prosecutors said his sentence was harsher because he allegedly lied to his probation officer about setting up a website that sold a legal version of synthetic marijuana (the substance, JWH, was legal in his state).

“Frost was a first-year student at the university at the time of the attacks,” Computerworld’s Robert McMillan reported Monday night. “He used the school’s computer network to control a botnet he’d built up between August 2006 and March 2007, and launched denial of service (DOS) attacks against Rudy Giuliani’s Joinrudy2008.com website, Billoreilly.com and Anncoulter.com. He attacked the Bill O’Reilly site five times, ultimately forcing it offline.”

Frost also disrupted the network of his university for eight and a half hours in March 2007, McMillan notes.

ADVERTISEMENT

“Frost’s dorm room was raided two weeks later,” McMillan writes. “He wasn’t charged, however, until May of this year.”

He adds: “Prosecutors asked the court for a tough sentence after Frost lied to his probation officer about an online business he’d set up following his arrest. In a letter to the court, Frost said he set up the Discountjwh.com website earlier this year after quitting his job as a Stanley Steemer carpet cleaning technician. JWH is a form of synthetic cannabis that is legal for sale in some U.S. states, including Ohio.”

Frost reportedly claimed he was selling the substance as “bonsai plant fertilizer.”

ADVERTISEMENT

He’ll also serve three years probation after being released from prison.

The most severe sentence ever issued in a hacking case was delivered to hacker Albert Gonzalez in March. Gonzalez, 28, received a 20-year prison term for stealing tens of millions of credit and debit card numbers.

ADVERTISEMENT

“Gonzalez pleaded guilty in September to multiple federal charges of conspiracy, computer fraud, access device fraud and identity theft for hacking into TJX, which owns T.J. Maxx, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority,” SC Magazine, a security periodical, wrote in March. “He [faced] up to 25 years in prison for these charges.”

Prior to Gonzalez’ sentencing, the harshest sentence ever doled out for hacking was 13 years.