Posted on January 23, 2018 at 7:18 PM
He not only used his own computers to perform the attacks, he enlisted the help of DDoS-for-hire services including Inboot, CStress, and VDos.
John Kelsey Gammell, a 55-year-old New Mexico native, pleaded guilty to sabotaging multiple websites that were owned by his ex-employers, various competitors, and even law enforcement. He did so by enlisting DDoS (Distributed Denial of Service) to help in the attacks. Gammell pleaded guilty on January 17 in front of a Minnesota court. He is facing charges of conspiring to commit damage and being a felon-in-possession of a firearm.
In a report from the Justice Department, his reign of terror went from July in 2015 to March in 2017. In this timeframe, Gammell carried out various attacks, all with the plan of inebriating his targeted websites with large amounts of (fake) traffic.
Some of the websites that Gammell went against include the Dakota Technical College, Minnesota State Courts, Minneapolis Community and Technical College, Washburn Computer Group, and the Hennepin County Sheriff’s Office.
Gammell took careful care when covering his tracks. He used an anonymous IP address to hide his location and identity. For payment regarding the DDoS services, he used cryptocurrency. Gammell had many services running at concurrent times to make his attacks stronger.
As a previous convicted felon, Gammell was prohibited from having guns or gun ammunition. But that didn’t stop him from keeping enough to stock a small army. After being caught by police, he admitted that he had various gun parts, including A5-15 assault rifle pieces and a .45 caliber handgun, along with ridiculous amounts of ammo, such as 420 rounds of rifle ammunition and hundreds of rounds for a Heckler & Koch P2000 handgun.
As of right now, Gammell has not received a time in regard to his sentence.
Gammell was not the first cybercriminal to perform such an attack, and will likely not be the last. DDoS attacks have become easier to carry out, not costing nearly as much as they used to all while being harder to track down for authorities.
SecureList recently released a report claiming that DDoS based attacks run for around $6 on the black market. If you want a more in-depth attack, it might run you up to $110.
Motives are often varied behind DDoS attacks. Whether it’s a practical joke or blackmail, the growing market for DDoS attacks have made DDoS into a high-profile business. One not short of fraud, on either side, as most attackers don’t do their research into the DDoS they are hiring.