Posted on November 10, 2017 at 2:57 PM
A Minnesota resident has been found guilty of hiring hacking services to launch DDoS attacks against his former employer.
A 46-year-old male from Minnesota was recently charged with employing the services of three different hacking service providers to conduct a year-long distributed denial of service (DDoS) attack on his former employer. The man has since been officially charged by US federal prosecutors.
According to prosecutors John Kelsey Gammell made contact with seven different DDoS hacking providers and proceeded to pay monthly subscriptions to three of them. Gammell’s attack was directed at his former place of work, the Washburn Computer Group. However, Gammell targeted several other firms in his campaign between July 2015 and September 2016, including the Minnesota Judicial Branch, Hennepin County, several banks, as well as other companies who previously employed Gammell.
Gammell rejected to plea during his court appearance in Minneapolis last week. If Gammell agreed to the plea, all charges would have been resolved and Gammell’s prison sentence would have between 15 and 17 years. However, the magistrate is currently revising motions which could either lead to dismissing the case entirely or to suppress certain evidence.
The complaint was officially filed in April earlier this year. FBI Special Agent Brian Behm confirmed in a sworn affidavit that Washburn’s initial troubles included inexplicable shutdowns of several websites. Although the company frantically searched for the root of the problem, they could not trace it using server log files. Closer inspection revealed that the IP address linked to the DDoS attack was hidden behind a Virtual Private Network (VPN). Since VPN’s traditional don’t store logs with their users’ activity, it was almost impossible to detect the source of the attacks.
However, in the midst of the attack, Washburn received two bizarre, almost taunting emails which referred to the company’s continuous IT troubles. The emails made it possible to trace emails back to the source. After a court-ordered subpoena forced Google and Yahoo to provide the responsible IP address, it was successfully traced back to Gammell’s home address and cell phone number.
Google’s court-ordered information confirmed that in the period between May 2015 and September 2016, Gammell had contact with several DDoS providing services, commonly referred to as “boosters” or “stressers”. These sites operate on a monthly subscription basis where subscribers can request DDoS attacks on any IP address or website that they wish. The more the subscriber pays per month, the more aggressive the attack becomes.
Gammell’s email history confirmed that his three frequented DDoS attack providers included cStress, vDOS, and booter.xyz. Prosecutors confirmed that Gammell paid a total of $235 to cStress alone. In total Gammell frequently paid as much as $199 per month for all three services.
While cStress is currently offline, Behm confirmed that an archived main page claimed that the provider’s premium package had the power to shut down large servers and websites. In addition, the page boasted disruptions that could last up until an hour, as well as 30Gbps of dedicated bandwidth.
Behm’s investigation also dug up several emails from the DDoS service providers to Gammell, which thanked him for being a patron. After Gammell upgraded to diamond membership status at booter.xyz, Gammell sent emails to his correspondents in which he sang the DDoS service provider’s praises.
Washburn employed Gammell for a period of 17 years. According to reports, Gammell and the company parted on good terms three and a half years ago, following a dispute regarding payment for training services that Gammell provided.
Rachel Paulrose, Gammell’s attorney argued that Gammell technically did not conduct the campaigns, the DDoS attackers did, she suggested that the court direct its charges against them.
However, there has been long-standing disputes between governmental law and regulation and the anonymous so-called cyber hitmen, who launch attacks without consequence or persecution.
However, this is not always the case. One of Gammell’s favorite services, vDOS, experienced consequences last year in September after two Israeli teenagers were discovered to be the co-owners of vDOS. Following the discovery, their website was taken down and the two teenagers were arrested.
Paulrose stated that the case should be dismissed as, according to the attorney, it was a mere prank which was aimed at a dormant site which did not cause any significant financial harm to Washburn.
However, according to the Assistant US attorney, Timothy Rank, the prank is of a criminal nature. Rank added that Gammell will face the criminal charges for his actions as his prank demonstrated malicious and damaging intent.