US authorities have sentenced a man to two years in federal prison after he was found to have run a Distributed Denial-of-Service (DDoS) for-hire service that knocked websites off the internet.
Matthew Gatrel, 33, of St Charles, Illinois, ran a criminal operation that launched DDoS attacks on behalf of hundreds of paying customers through a “booter” site called DownThem.org.
According to a US Department of Justice (DOJ) press release, Gatrel’s DownThem service launched more than 200,000 attacks on over 2,000 registered users between October 2014 and November 2018.
DownThem customers could launch DNS reflection attacks that flooded their targets with unwanted internet traffic by exploiting misconfigured routers and other devices attached to the internet.
The service offered a variety of different subscription plans to its customers, depending on how much they were willing to pay and the desired intensity level of the attack. Victims included schools, universities, government websites, and financial institutions throughout the world.
Another website by Gatrel, called Ampnode, promised “bulletproof” server hosting and still appears to offer “dedicated spoofing servers.”
According to the DOJ, Ampnode’s servers could be “pre-configured with DDoS attack scripts and lists of vulnerable ‘attack amplifiers’ used to launch simultaneous cyberattacks on victims.”
While Ampnode’s website is still online, DownThem visitors are now greeted by a seizure message from US authorities.
Juan “Severon” Martinez of Pasadena, Calif., one of Gatrel’s co-consirators, pleaded guilty to one count of unauthorized impairment of a protected computer in August and was sentenced to five years’ probation.