2 min read

DDoS-for-hire service which bombarded websites with attacks earns man two years in prison

Graham CLULEY

June 15, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
DDoS-for-hire service which bombarded websites with attacks earns man two years in prison

The US authorities have sentenced a man to 24 months in a federal prison after he was found to have run a DDoS-for-hire service that knocked websites off the internet.

33-year-old Matthew Gatrel, of St Charles, Illinois, ran a criminal operation that launched Distributed Denial-of-Service (DDoS) attacks on behalf of hundreds of paying customers via his "booter" site DownThem.org.

Gatrel's DownThem service, according to a US Department of Justice press release, launched more than 200,000 attacks for over 2000 registered users of DownThem between October 2014 and November 2018.

Exploiting misconfigured routers and other devices attached to the internet, DownThem customers could launch DNS reflection attacks that flooded their intended targets with unwanted internet traffic.

DownThem offered a variety of different subscription plans to customers, depending on how much they were willing to pay and the ferocity of the DDoS attack they wished to unleash.  Victims included schools, universities, government websites, and financial institutions worldwide.

Meanwhile, Ampnode, another website operated by Gatrel, promised "bulletproof" server hosting and, to this day, appears to offer "dedicated spoofing servers".

According to the Department of Justice, Ampnode's servers could be "pre-configured with DDoS attack scripts and lists of vulnerable 'attack amplifiers' used to launch simultaneous cyberattacks on victims."

Ampnode's website may still be online, but visitors to DownThem are now greeted by a seizure message from the US authorities.

One of Gatrel's co-conspirators, 29-year-old Juan "Severon" Martinez of Pasadena, California, who turned from being a customer of DownThem to being the co-administrator of the Downthem website in 2018, pleaded guilty to one count of unauthorised impairment of a protected computer in August 2021, and was sentenced to five years' probation.

Any business which relies upon its website to make money, and provides services to its customers, needs to consider very seriously how it will protect itself against the threat of a DDoS attack.

DDoS attacks have been launched against websites for many years, often for the purposes of extortion, and the problem has not gone away.  The availability of DDoS-for-hire "booter" services has given even the least tech-savvy criminals the ability to disrupt websites, or even make them entirely inaccessible to the outside world.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read
Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read