DDoS-for-hire service which bombarded websites with attacks earns man two years in prison
The US authorities have sentenced a man to 24 months in a federal prison after he was found to have run a DDoS-for-hire service that knocked websites off the internet.
33-year-old Matthew Gatrel, of St Charles, Illinois, ran a criminal operation that launched Distributed Denial-of-Service (DDoS) attacks on behalf of hundreds of paying customers via his "booter" site DownThem.org.
Gatrel's DownThem service, according to a US Department of Justice press release, launched more than 200,000 attacks for over 2000 registered users of DownThem between October 2014 and November 2018.
Exploiting misconfigured routers and other devices attached to the internet, DownThem customers could launch DNS reflection attacks that flooded their intended targets with unwanted internet traffic.
DownThem offered a variety of different subscription plans to customers, depending on how much they were willing to pay and the ferocity of the DDoS attack they wished to unleash. Victims included schools, universities, government websites, and financial institutions worldwide.
Meanwhile, Ampnode, another website operated by Gatrel, promised "bulletproof" server hosting and, to this day, appears to offer "dedicated spoofing servers".
According to the Department of Justice, Ampnode's servers could be "pre-configured with DDoS attack scripts and lists of vulnerable 'attack amplifiers' used to launch simultaneous cyberattacks on victims."
Ampnode's website may still be online, but visitors to DownThem are now greeted by a seizure message from the US authorities.
One of Gatrel's co-conspirators, 29-year-old Juan "Severon" Martinez of Pasadena, California, who turned from being a customer of DownThem to being the co-administrator of the Downthem website in 2018, pleaded guilty to one count of unauthorised impairment of a protected computer in August 2021, and was sentenced to five years' probation.
Any business which relies upon its website to make money, and provides services to its customers, needs to consider very seriously how it will protect itself against the threat of a DDoS attack.
DDoS attacks have been launched against websites for many years, often for the purposes of extortion, and the problem has not gone away. The availability of DDoS-for-hire "booter" services has given even the least tech-savvy criminals the ability to disrupt websites, or even make them entirely inaccessible to the outside world.
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022