DDoS-for-hire service which bombarded websites with attacks earns man two years in prison
The US authorities have sentenced a man to 24 months in a federal prison after he was found to have run a DDoS-for-hire service that knocked websites off the internet.
33-year-old Matthew Gatrel, of St Charles, Illinois, ran a criminal operation that launched Distributed Denial-of-Service (DDoS) attacks on behalf of hundreds of paying customers via his "booter" site DownThem.org.
Gatrel's DownThem service, according to a US Department of Justice press release, launched more than 200,000 attacks for over 2000 registered users of DownThem between October 2014 and November 2018.
Exploiting misconfigured routers and other devices attached to the internet, DownThem customers could launch DNS reflection attacks that flooded their intended targets with unwanted internet traffic.
DownThem offered a variety of different subscription plans to customers, depending on how much they were willing to pay and the ferocity of the DDoS attack they wished to unleash. Victims included schools, universities, government websites, and financial institutions worldwide.
Meanwhile, Ampnode, another website operated by Gatrel, promised "bulletproof" server hosting and, to this day, appears to offer "dedicated spoofing servers".
According to the Department of Justice, Ampnode's servers could be "pre-configured with DDoS attack scripts and lists of vulnerable 'attack amplifiers' used to launch simultaneous cyberattacks on victims."
Ampnode's website may still be online, but visitors to DownThem are now greeted by a seizure message from the US authorities.
One of Gatrel's co-conspirators, 29-year-old Juan "Severon" Martinez of Pasadena, California, who turned from being a customer of DownThem to being the co-administrator of the Downthem website in 2018, pleaded guilty to one count of unauthorised impairment of a protected computer in August 2021, and was sentenced to five years' probation.
Any business which relies upon its website to make money, and provides services to its customers, needs to consider very seriously how it will protect itself against the threat of a DDoS attack.
DDoS attacks have been launched against websites for many years, often for the purposes of extortion, and the problem has not gone away. The availability of DDoS-for-hire "booter" services has given even the least tech-savvy criminals the ability to disrupt websites, or even make them entirely inaccessible to the outside world.
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022
Why and how to hide your IP address while traveling
April 13, 2022
How Bitdefender Can Help Restore Your Privacy in the Digital Age
April 04, 2022
How Strong is VPN Encryption?
February 28, 2022