DDoS Attacker Receives 15-Year SentenceConvicted Felon John Gammell Pleaded Guilty to Disruptions, Possessing Firearms
A New Mexico man has been sentenced to serve 15 years in prison for launching distributed denial-of-service attacks against prior employers, business competitors and police, as well as for being a convicted felon in possession of firearms.
See Also: Autonomous Response: Threat Report
John Kelsey Gammell, 55, was sentenced on Thursday by U.S. District Judge Wilhelmina M. Wright in Minnesota. On Jan. 17, Gammell had pleaded guilty to one count of conspiracy to cause intentional damage to a protected computer and two counts of being a felon in possession of a firearm (see DDoS Attacker Targeted Banks, Police, Former Employer).
As an already convicted felon, Gammell had been prohibited from possessing firearms. But in Colorado, where he worked, he admitted to possessing parts that could be used to construct an AR-15 assault rifles, and he also possessed 15 high-capacity magazines and 420 rounds of 5.56 x 45mm full metal jacket rifle ammunition, authorities say. He also admitted to possessing two handguns plus hundreds of rounds of ammunition in New Mexico, where he resided.
DDoS Attack Spree
According to court documents, Gammell went on a DDoS attack spree from July 2015 through March 2017, using cryptocurrency to hire on-demand attacks from sites such as Booter.xyz, CStress, Inboot, IPStresser and vDoS (see DDoS for Hire: Israel Arrests Two Suspects).
"Of the seven DDoS-for-hire websites, search warrant results and vDos records indicate Gammell made payments to cStress, inboot.me and vDos," FBI Special Agent Brian Behm wrote in a complaint against Gammell filed in court on April 14, 2017. "In email communications with several individuals ... Gammell identified cStress, vDos and booter.xyz as his favorite DDoS services to use."
Using these DDoS-on-demand sites, Gammell disrupted "dozens of victims," including his former employer, Washburn Computer Group in Monticello, Minnesota, which suffered more than a year of disruptions, according to his plea agreement.
Other organizations that Gammell targeted with site disruptions included Convergys, Enterprise Rent-A-Car, Hong Kong Exchanges and Clearing, JP Morgan Chase, Verizon Communications, Wells Fargo and in Minnesota, Dakota County Technical College, the state courts' website and the Hennepin County Sheriff's Office in Minneapolis.
Gammell also admitted to attempting to disguise his DDoS activities through a variety of means.
"Gammell took a variety of steps to avoid detection and circumvent his victims' DDoS attack mitigation efforts, such as using IP address anonymization services to mask his identity and location, using cryptocurrency in payment for DDoS-for-hire services, using multiple DDoS-for-hire services at once to amplify his attacks, using spoofed emails to conceal his conduct, and using encryption and drive-cleaning tools to conceal digital evidence of his conduct on his computers," according to his plea agreement.
According to court documents, Gammell also planned to offer his own DDoS-on-demand service, to be advertised via Facebook and Craigslist, he told an alleged collaborator via email. Gammell said he planned to procure the actual disruptions via cStress and vDos because they were "the two most reliable and powerful 'stresser' services."
The FBI has continued to issue alerts about so-called stresser/booter services as well as to warn potential users of such sites that they're breaking the law. Such services are often marketed as a way to "stress test" your own website. But law enforcement agencies say the "DDoS on demand" services are widely used by attackers to disrupt websites and extort organizations into paying attackers to restore access. Regardless, using them is illegal, authorities say.
The FBI says such crimes are underreported and encourages any organization that has been targeted to alert authorities (see FBI to DDoS Victims: Please Come Forward).