An Illinois man was sentenced to two years in prison for operating a distributed denial of service (DDoS ) platform that allowed threat actors to conduct over 200,000 attacks.
The sentenced man, Matthew Gatrel, 33, had created and operated the websites “downthem.org” and “ampnode.com.” The former sold subscriptions to a powerful DDoS arsenal, and the latter was a bulletproof hosting service that also aided customers in launching their own DDoS attacks.
The FBI led the law enforcement operation with international assistance from the United Kingdom National Crime Agency and the Dutch Police.
A DDoS attack is when threat actors send high volumes of traffic against an internet server or website, quickly using up all of the device’s available resources and making them inaccessible to legitimate requests. As such, they can potentially cause severe financial damages due to business disruption.
Typically, they require a swarm of devices to generate high volumes of garbage traffic and hit the target server with many bogus requests.
The services operated by Gatrel gave threat actors short-term access to malicious infrastructure, enabling them to carry out damaging attacks by renting and selecting DDoS attacks they would like to launch.
The Department of Justice says that Gatrel aided threat actors who conducted attacks, offering guidance and demonstrations of his service.
“Gatrel offered expert advice to customers of both services, providing guidance on the best attack methods to “down” different types of computers, specific hosting providers, or to bypass DDoS protection services,” explained the Department of Justice press release.
“Gatrel himself often used the DownThem service to demonstrate to prospective customers the power and effectiveness of products, by attacking the customer’s intended victim and providing proof, via screenshot, that he had severed the victim’s internet connection.”
While DownThem was a DDoS service, the DOJ says Ampnode is a bulletproof hosting service that allowed threat actors to conduct attacks without fear of abuse and takedown requests by victims.
Clients of the AmpNode hosting service were also found to be running their own DDoS-for-hire platforms using pre-configured attack scripts provided by the hosting service.
A two-year sentence
From October 2014, when Gatrel set up the illicit platforms, until the moment of his arrest in August 2021, DownThem.org had carried out hundreds of thousands of individual DDoS attacks.
“Records from the DownThem service revealed more than 2,000 registered users and more than 200,000 launched attacks, including attacks on homes, schools, universities, municipal and local government websites, and financial institutions worldwide,” said the DOJ announcement.
Gatrel was found guilty of the following three felonies, incurring up to 35 years of imprisonment:
- one count of conspiracy to commit unauthorized impairment of a protected computer
- one count of conspiracy to commit wire fraud
- one count of unauthorized impairment of a protected computer
Co-defendant Juan Martinez, who pleaded guilty to one count (unauthorized impairment of a protected computer) in the summer of 2021, was sentenced to five years’ probation.
He started as one of Gatrel’s customers, but in 2018, he was promoted to the role of DownThem.org administrator.
Source: www.bleepingcomputer.com