A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.
A US California Central District jury found the Prairie State’s Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.
Gatrel, was convicted of owning and operating two websites – DownThem.org and AmpNode.com – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.
“Gatrel ran a criminal enterprise designed around launching hundreds of thousands of cyber-attacks on behalf of hundreds of customers,” prosecutors wrote in a sentencing memorandum.
“He also provided infrastructure and resources for other cybercriminals to run their own businesses launching these same kinds of attacks. These attacks victimized wide swaths of American society and compromised computers around the world.”
According to the FBI, Gatrel gave expert advice to his subscribers, including given guidance on the best ways to bring down different types of computers and to bypass services designed to protect enterprises against DDoS attacks. He also gave information on specific hosting providers.
Gatrel demonstrated to prospective subscribers how well his services worked by using DownThem for demonstrations that included attacks on the customer’s intended victim and using screenshots to prove that he had down the target’s internet connection.
“Gatrel’s DownThem customers could select from a variety of different paid ‘subscription plans,'” the FBI wrote. “The subscription plans varied in cost and offered escalating attack capability, allowing customers to select different attack durations and relative attack power, as well as the ability to launch several simultaneous, or ‘concurrent’ attacks.”
A customer would enter the information needed to launch an attack. After that, Gatrel’s system would run reflected amplification attacks, using one or more of his dedicated attack servers to illegally draw the necessary resources from hundreds to thousands of systems for the DDoS attack.
Juan Martinez, a 29-year-old from Pasedena, California, was a customer of Gatrel and became a co-administrator of the site in 2018. He pleaded guilty in August 2021 to one count of unauthorized impairment of a protected computer and was sentenced to five years of probation.
Among the tech vendors helping the FBI’s investigation were Akamai, Cloudflare, DigitalOcean, Google, Palo Alto Networks’ Unit 42 threat intelligence group, the University of Cambridge Cyber Crime Centre and Unit 221B. ®