Ehtosham Javed warns ‘this is just the beginning’ as he floods Merseyside Police with thousands of emails

A cyber attacker was left scarred after being doused with boiling sugar water in prison. Ehtosham Javed warned ‘this is just the beginning’ as floods Merseyside Police accounts with more than 10,000 emails in the space of less than four hours, “paralyzing” critical services and “potentially putting lives at risk”.

This happened after he developed a grievance following a previous police raid on his home. He passed off his actions as “no big deal”, but told an online contact: “I’m going to make an example of Merseyside that no police force will forget.”

Liverpool Crown Court heard this week that officers from Merseyside Police’s cybercrime unit attended Javed’s speech on Priory Road in Bowdon, Greater Manchester, on August 31 last year “as part of a investigation into the activities of an online group. The 34-year-old man was taken into custody and arrested, but later filed a complaint against his arrest and “stated that he did not want any further contact” with law enforcement.

LEARN MORE: Mum bragged she was ‘the best in the North West’ at smuggling drugs into prisonLEARN MORE: Shouts of ‘I love you bro’ and ‘keep your head up, boy’ in court as man admits killing girlfriend

Charles Lander, defending, described how the matter was then referred to his professional standards department, with updates on the case then provided to the defendant through his lawyers. Then, between 4:59 p.m. and 8:47 p.m. on April 7 this year, Merseyside Police were subject to a cyberattack in which a total of 12,304 emails were sent to addresses spread across in nine departments.

These included the police and crime commissioner’s office, serious collision investigation and safer roads units, rural wildlife heritage, the staff union and volunteer police cadets. Shortly after 5.30pm that day, Javed called the police and told a call handler: “You may notice an influx of emails to Merseyside Police.

“I’m basically spamming your email addresses with almost a few million emails, to the point where your email addresses will become completely useless. I’ve been trying to get your attention for a while now and it seems like the only way I feel like I’ll attract attention if I completely disrupt your services.

“Ten of your police officers came to my house and carried out an illegal raid. The information commission told me to send an email to your data protection and for some reason they decided not to answer me. They just decided to ignore me completely. I waited patiently for a response.”

When told he was committing a criminal offence, Javed replied: “I don’t think it’s serious.” He added during the four-minute call: “The problem is the police officer I’ve been trying to contact for three months, the reason this is all happening is he’s really ignored me for several months. This is just the beginning.

A targeted inbox is believed to have been used by other forces and agencies to contact Merseyside Police, particularly with “important information, which is sometimes critical and may contain information involving life or death situations”. Javed’s emails started out at a rate of four per minute, but “as time went on, they got faster and faster.”

In order to combat the cyber attack, numerous IT specialists had to be called in, as it was impossible to predict how long the incident would persist. Officers from Greater Manchester Police then went to Javed’s home at 7pm and arrested him.

A “half-filled suitcase” was discovered inside the property, and it is believed he may have been planning to leave the UK for Pakistan. He made no comment during the interview “except to deny that he was leaving for Pakistan and that the suitcase was from a recent trip.”

Although no computer was inside Javed’s house, his Samsung mobile phone had the Team Viewer app on it. This would have allowed “remote control of other computers” and access to two other devices.

Meanwhile, he was found to have carried out a number of searches on Google since the early hours of April 7, looking for how to carry out a denial of service attack “aimed at flooding a web server with enough traffic to cause overloading this server and affecting its ability to operate’ Javed then searched for ‘Merseyside Police emails’ and ‘how much damage would millions of emails cost an organisation’, and said also visited the police website.

He had also sent a message to another user on Discord the day before saying: “The funny thing is Greater Manchester Police made the same mistake a few years ago and Merseyside Police made the same mistake, except I didn’t continue to sue. As my case is dropped, I will make an example of Merseyside that no police force will forget.

Javed has two previous convictions for assault in 2008 and for obstructing a railway line in 2021. Ronan Maguire, defending, told the court his client had suffered from “difficulties with social communication and interaction throughout throughout his life” and added: “I understand that there are elements which could concern your honor with regard to the comments he made during these events, I ask the court to examine the remarks which he uttered in the context of his condition.

“It appears that, in terms of his anger towards Merseyside Police, it was relatively short-lived. It appears that he only researched the act on the day of the offense.

“It’s clear he was frustrated. The complaint to Merseyside Police was not without some legitimacy. He felt like he was being ignored. Of course, that gives him absolutely no excuse for what he did. which he did.

“But Your Honor must consider his reaction, in my view, in the context of his condition. One could argue, given his diagnosis, that the way he reacted was perhaps rather predictable.

“His detention was very difficult. He was the victim of constant intimidation. He was attacked very seriously on two occasions, when boiling sugar water was thrown at him. He literally bears the scars of his detention.

“He complained to the authorities. He understands that prison is not supposed to be a public holiday, but this has been particularly difficult for him.

“He is a man who is slightly doomed for his age. Knowing that his condition has afflicted him all his life, it is clear that he has been successful for long periods of time.”

Javed admitted unauthorized modification of computer hardware. Appearing via video link from HMP Liverpool wearing a black Bench jumper and glasses, he was sentenced to a year in prison on Wednesday.

However, he has already served 33 weeks of pre-trial detention and will therefore be released soon. Sentencing, Judge David Potter said: “It is clear that you were very unhappy with the information provided to you and the progress of your complaint.

“You knew from searching the internet that some of the inboxes you were targeting were critical to the operation of Merseyside Police. By paralyzing them for hours on end, lives were potentially put at risk.

“During this ambush you contacted Merseyside Police yourself and explained to a call handler that you were spamming them with what you ultimately hoped would be a few million emails. You were trying to get their attention and thought the only way to do that was to disrupt their services.

“You didn’t consider spamming Merseyside Police in the way you did to be a big deal, quote unquote. You focused more on the fact that you had been ignored than on the damage you chat to Merseyside Police systems.

“The consequences of what you did were serious. The police were unable to predict how or when this would end and had to prepare for the worst. Many specialists had to be called in to repair the damage you had caused.

“There was an element of revenge. You are clearly a very intelligent individual who had the ability to carry out this cyberattack.

“There must be an element of deterrence. Those tempted to launch denial-of-service attacks against vital public services can expect prison sentences.

“I make this solemn promise to you. If you go online again and seek to disrupt a public service, or any other service, through denial of service, the punishment you receive next time will be considerably longer than it was previously. is not today.