Cyberhitmen hired for sustained DDoS attacks against mans ex-employer

John Kelsey Gammell, a 46-year-old man from Minneapolis, MN has been charged with hiring cyber attackers to target his ex-employer with a year’s worth of “distributed denial of service” (DDoS) attacks in July 2015 to September 2016. The targeted business, a point-of-sale system repair company Washburn Computer Group (WCG) was where Gammell worked.

According to US federal prosecutors, Gammell hired three people and paid them a monthly subscription to carry attacks against the company’s system and bring them down. The attacks cost the company a whopping $15,000 in damages but he didn’t stop there, authorities also accused him of paying $19.99 to $199.99 monthly to conduct cyber attacks on Hennepin County, Minnesota Judicial Branch, and some banks.

Cyberhitmen hired for sustained DDoS attacks against mans former employer

Other than DDoS, one of the hacking-for-hire used by Gammell was vDOS, a cyber-attack service that was hacked in July 2016 and taken down in September 2016 after two of its key operators were arrested in Israel. The files and documents related to vDOS collected by the FBI (Federal Bureau of Investigation) revealed communication between Gammell’ and vDOS administrators along with purchase records, reported Star Tribune Newspaper.

To get in touch with vDOS admins, Gammell used two pseudo names “AnonCunnilingus” and “anonrooster.” A look at leaked vDOS customer record shows roughly 1,500 customers used vDOS from April 2016 to August 2016 and one among them was “AnonCunnilingus.” Here is one of the emails sent by Gammell (Via KrebsonSecurity).

“Dear Colleagues, this is Mr. Cunnilingus. You underestimate your capabilities. Contrary to your statement of “Notice!” It appears from our review that you are trying to stress test a DDoS protected host, vDOS stresser is not capable of taking DDoS protected hosts down which means you will not be able to drop this hosting using vDOS stresser…As they do not have my consent to use my internet, after their site being down for two days, they changed their IP and used Rackspace DDoS mitigation and must now be removed from cyberspace. Verified by downbyeveryone. We will do much business. Thank you for your outstanding product 🙂 We Are Anonymous USA.”

Screenshot from John Kelsey Gammell’s Facebook account

Gammell was caught after authorities traced the email addresses he used after attackers carried out DDoS attacks upon his instructions. According to a sworn affidavit [PDF] submitted by FBI Special Agent Brian Behm, at the time when Washburn started suffering cyber attacks, there was no way of identifying its culprits since the IP addresses linked to the DDoS attacks was associated with a virtual private network (VPN) provider based in the United States, wrote Behm.

However, during the attacks, Washburn received two taunting emails (with a gif file showing a laughing mouse) asking about the attacks. One of the emails was sent from a Gmail account while the other was a Yahoo email address inquiring whether the company needed help with the ongoing attacks. The FBI discovered that both accounts were created on an IP address associated with Gammell’s home address along with an AT&T cell phone number in his name.

Gammell has pleaded not guilty to the charges and rejected the plea deal offer that would have resolved all charges and capped his possible prison sentence at a mandatory 15 to 17 years. The Newspaper further reported that Gammell’s attorney, Rachel Paulose filed a motion urging a federal magistrate to review the case. Currently, the motion is under review as to whether the case should be dismissed or not.

Paulose also told U.S. Magistrate Judge David Schultz that the FBI got their hands on the evidence through an anonymous researcher who stole the data by hacking the vDOS service. Therefore, the evidence should be inadmissible. She also argued that her client didn’t attack the targets personally.

“The government has failed to charge a single one of those ‘cyber hit men’ services, named and evidently well known to the government,” Paulose wrote. “Instead the government’s neglect has allowed the professional cyber hit men for hire to skip off merrily into the night.”

DDoS attacks are increasing around the world since it has become a lucrative business. When vDOS was hacked, its records revealed that the attackers earned $600,000 in just two and launched 150,000 DDoS attacks. However, there are some who do it for fun, therefore, don’t forget to calculate the cost and probability of a DDoS attack on this DDoS Downtime Cost Calculator.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.