Owner of DDoS for hire sites found guilty of hacking offences
Matthew Gatrel faces 35 years in prison when he is sentenced in January 2022
A man from the US state of Illinois has been found guilty of running websites that allowed paying users to launch distributed denial of service (DDoS) attacks.
Matthew Gatrel, aged 32, was the founder and owner of DownThem.org, which between October 2014 and November 2018 enabled users to buy DDoS attacks as subscriptions, and AmpNode.com, which allowed subscribers to operate their own DDoS services.
He also provided “expert advice” on the best ways to attack different types of computers, specific hosting providers, and recommended strategies to bypass DDoS protection services.
Alongside former customer Juan Martinez, of Pasadena, California, Gatrel profited by allowing an estimated 2,000 registered users to launch over 200,000 attacks, targeting individuals, schools, universities, municipal and local government websites, and financial institutions worldwide, according to the US Department of Justice (DoJ).
Although the DoJ didn’t provide a list of victims, French cloud computing company OVH was named in the original complaint as having been targeted by DownThem in 2017. Other potential victims included web hosting platforms NFO and Vox.
The complaint, first filed in 2018, accused Gatrel and Martinez of allowing customers to severely disrupt “home and small business Internet connections for prices of around $1.75 per day”. DownThem offered at least six subscription models, with the prices dependent on how many days the victim would be knocked offline.
Ransomware made MSPeasy
The MSP's guide to saving the dayFree download
The DoJ announced on Thursday that Gatrel had been “found guilty of three felonies: one count of conspiracy to commit unauthorized impairment of a protected computer, one count of conspiracy to commit wire fraud, and one count of unauthorized impairment of a protected computer”.
Gatrel is expected to face a statutory maximum sentence of 35 years in federal prison. The sentencing hearing has been scheduled for 27 January 2022.
Martinez, also known under the alias “Severon”, pleaded guilty on 26 August to one count of unauthorized impairment of a protected computer. He will face up to 10 years in prison, with the sentencing set to 2 December 2020.
The UK's National Crime Agency and the Dutch national police force reportedly assisted in the arrests and gathering of evidence.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download