West Midlands Police raided his home and found on his computer 750 names and passwords from infected computers.
Bessell admitted nine charges at an earlier court appearance.
Investigators found Bessell had seized remote control of at least 9,083 “bots” – computers under his command, infected without owner’s knowledge – which he used to launch 102 attacks on firms such as Pokemon, Skype and Google.
As well as the cyber attacks, the court heard Bessell was responsible for setting up what police called an “online hackers’ shop”.
He created his own business, called Aiobuy, on the deep web – an area of the internet search engines cannot find.
Bessell made more than £50,000 in proceeds from selling both his and other people’s malware products, enabling users to spread viruses, conduct attacks and steal data.
He registered the company using a false address to give it a legitimate company status.
His site advertised 9,077 items and had 1,000,000 recorded visitors, with over 34,000 sales.
When police raided his home, his computer was found to hold two programmes which are designed to infect computers and retrieve email, banking and log-in details from a web data form before passing it over the internet to a secure server.
Bessell was arrested following an investigation by West Midlands Police’s Cyber Regional Organised Crime Unit.
Investigating officer Det Con Mark Bird said: “This is one of the most significant cybercrime prosecutions we’ve seen, he was offering an online service for anyone wanting to carry out a web attack.
“It meant anyone who had a grudge against an individual or company, or who simply wanted to conduct a cyber-attack, didn’t need the technical know-how themselves.
“They simply needed to pick a piece of malware, pay the fee, and Bessell would do the rest.”
Hannah Sidaway, from the Crown Prosecution Service, said Bessell’s actions had, “enabled others across the world to commit thousands of criminal attacks”.