Man Gets 15 Years for DDoS Revenge Campaign

A New Mexico man has been handed down a 15-year prison sentence for launching DDoS attacks against former employers and business competitors and public services.

John Kelsey Gammell pleaded guilty on January 17, to one count of conspiracy to cause intentional damage to a protected computer and two counts of being a felon-in-possession of a firearm.

He was sentenced late last week to 180 months behind bars, plus restitution to his victims to be decided at a later date.

Those victims include companies Gammell used to work for, companies that chose not to hire him, competitors of his business, law enforcement agencies and courts.

Washburn Computer Group, the Minnesota State Courts, Dakota County Technical College, Minneapolis Community and Technical College, and the Hennepin County were just some of those whose websites he targeted.

Between July 2015 and March 2017 he’s said to have launched attacks from his own computer and via multiple DDoS-as-a-service offerings on roughly three dozen target websites.

Gammell also used IP address anonymization services, crypto-currency to pay for “DDoS-for-hire” services, and fake email accounts to hide his identity, as well as encryption and drive-cleaning tools to conceal digital evidence on his machines at home, according to the DoJ.

Despite being a convicted felon, Gammell possessed several handguns and AR-15 assault rifle parts, which helped to bump up his sentencing further still.

The case highlights the ease with which even lone attackers can launch damaging attacks on organizations.

DDoS-as-a-service sites offer a range of packages starting at as little as $5 per month, although attacks typically cost as little as $25 per hour, according to research by Kaspersky Lab last year.

What’s Hot on Infosecurity Magazine?