Owner of DDoS for hire sites found guilty of hacking offences

Department of justice sign on a building
(Image credit: Shutterstock)

A man from the US state of Illinois has been found guilty of running websites that allowed paying users to launch distributed denial of service (DDoS) attacks.

Matthew Gatrel, aged 32, was the founder and owner of DownThem.org, which between October 2014 and November 2018 enabled users to buy DDoS attacks as subscriptions, and AmpNode.com, which allowed subscribers to operate their own DDoS services.

He also provided “expert advice” on the best ways to attack different types of computers, specific hosting providers, and recommended strategies to bypass DDoS protection services.

Alongside former customer Juan Martinez, of Pasadena, California, Gatrel profited by allowing an estimated 2,000 registered users to launch over 200,000 attacks, targeting individuals, schools, universities, municipal and local government websites, and financial institutions worldwide, according to the US Department of Justice (DoJ).

Although the DoJ didn’t provide a list of victims, French cloud computing company OVH was named in the original complaint as having been targeted by DownThem in 2017. Other potential victims included web hosting platforms NFO and Vox.

The complaint, first filed in 2018, accused Gatrel and Martinez of allowing customers to severely disrupt “home and small business Internet connections for prices of around $1.75 per day”. DownThem offered at least six subscription models, with the prices dependent on how many days the victim would be knocked offline.


Ransomware made MSPeasy

The MSP's guide to saving the day


The DoJ announced on Thursday that Gatrel had been “found guilty of three felonies: one count of conspiracy to commit unauthorized impairment of a protected computer, one count of conspiracy to commit wire fraud, and one count of unauthorized impairment of a protected computer”.

Gatrel is expected to face a statutory maximum sentence of 35 years in federal prison. The sentencing hearing has been scheduled for 27 January 2022.

Martinez, also known under the alias “Severon”, pleaded guilty on 26 August to one count of unauthorized impairment of a protected computer. He will face up to 10 years in prison, with the sentencing set to 2 December 2020.

The UK's National Crime Agency and the Dutch national police force reportedly assisted in the arrests and gathering of evidence.

Sabina Weston

Having only graduated from City University in 2019, Sabina has already demonstrated her abilities as a keen writer and effective journalist. Currently a content writer for Drapers, Sabina spent a number of years writing for ITPro, specialising in networking and telecommunications, as well as charting the efforts of technology companies to improve their inclusion and diversity strategies, a topic close to her heart.

Sabina has also held a number of editorial roles at Harper's Bazaar, Cube Collective, and HighClouds.