Owner of DDoS-as-a-service Websites Found Guilty, Faces up to 35 Years in Prison

A federal grand jury has convicted a man in Los Angeles for running websites that allow paying customers to launch DDoS (distributed denial of service) attacks.

Like many other types of attacks and criminal enterprises, DDoS is now offered in many cases as a service, meaning people can simply rent and deploy it. The days when attackers had to control large computer networks to attack a business or a website are long gone. Criminals can often rent the services.

Matthew Gatrel from Illinois had a couple of websites offering paying users DDoS capabilities, DownThem.org and AmpNode.com.

"DownThem sold subscriptions allowing customers to launch DDoS attacks while AmpNode provided 'bulletproof' server hosting to customers with an emphasis on 'spoofing' servers that could be pre-configured with DDoS attack scripts and lists of vulnerable' attack amplifiers' used to launch simultaneous cyberattacks on victims," said the US Attorney's Office for the Central District of California.

"Records from the DownThem service revealed more than 2,000 registered users and more than 200,000 launched attacks, including attacks on homes, schools, universities, municipal and local government websites, and financial institutions worldwide," the office added.

The services provided subscription plans that gave users escalating attack capability, letting them choose the duration of the attack and even the power.

Gatrel was found guilty on one count of conspiracy to commit unauthorized impairment of a protected computer, one count of conspiracy to commit wire fraud, and one count of unauthorized impairment of a protected computer.

The defendant hasn't been sentenced yet, but he's looking at a maximum sentence of 35 years in federal prison. Gatrel had a partner in his business, Juan Martinez, who pleaded guilty on August 26 to one count of unauthorized impairment of a protected computer. Martinez faces a 10-year prison sentence.