Minnesota Man Charged for Employing ‘Hacker-for-hire’ to Target Local Business Website
Minnesota is now the witness to a very different kind of cyber crime-related case; in fact it’s the first of its kind in Minnesota. Federal prosecutors, as per reports, have now charged a person, a former state resident, with employing “hackers-for-hire” to target the website of a local business.
As per prosecutors, the person in question, a 46-year-old man named John Kelsey Gammell, paid hacking services to carry out DDoS (Distributed Denial of Service) attacks targeting the websites affiliated with the Monticello business firm, Washburn Computer Group. Gammell used to work there and he had paid the hackers to inflict a year’s worth of DDoS attacks so as to bring down the websites affiliated with the business. (DDoS attacks aim at overwhelming a system or network with data and thereby blocking access for legitimate users or even knocking all web services offline).
Washburn Computer Group, which is a POS (Point-of-Sale) repair company, has told the federal prosecutors that the DDoS attacks have cost it about $15,000. As for John Kelsey Gammell, things don’t seem to end with the Washburn hack; he is also accused of having paid $19.99 to $199.99, in monthly payments, to hack and bring down the networks of many other institutions, including the Minnesota Judicial Branch, Hennepin County and several banks.
In its report on the incident, the Minnesota-based Star Tribune observes- “The case reflects concern among law enforcement officials nationwide that hackers ranging from disgruntled ex-employees to enemy nation states are ramping up attacks on an ever-expanding array of personal digital devices connected to the web.”
The Star Tribune also quotes acting U.S. Attorney Gregory Brooker in Minneapolis- “As a society that is increasingly reliant on network-connected devices, these types of cyberattacks pose a serious threat to individuals, businesses, and even our nation’s critical infrastructure”
DDoS attacks are showing an increasing trend; the Star Tribune says that that FBI’s Internet Crime Complaint Center had reported that last year DDoS attacks had caused victims losses amounting to over $11 million. Cyber criminals marshal all kinds of devices- digital video recorders, home appliances etc- to carry out massive operations. There had been many reports in recent times of IoT (Internet of Things) devices being used to plan and carry out DDoS attacks. Hackers can even take over millions of devices worldwide and carry out DDoS attacks so massive that just one such attack could damage thousands of networks worldwide. In such a situation every organization needs to be prepared, with trained professional and sophisticated, effective tools to face and mitigate such DDoS attacks.
Well, coming back to the Minnesota incident, John Kelsey Gammell, the man who has been charged with having employed “hackers-for-hire” to target networks, had sought out, according to FBI, seven websites offering DDoS-for-hire services and had paid monthly fees to carry out the attacks. This happened from July 2015 to September 2016. Another notable thing is that Gammel has been traced primarily because of the taunting e-mails he had allegedly sent after the attacks.
The Star Tribune report observes- “The government’s case against Gammell underlines the difficulty of linking any suspect to the daily torrent of attacks often carried out by far-afield hackers who advertise their services online. Authorities might not have caught Gammell without tracing taunting e-mails he allegedly sent after attacks.”
As per reports, the case against John Kelsey Gammell goes on; he has reportedly rejected a plea offer and a federal magistrate is reviewing motions filed by his attorney. The attorney has sought the dismissal of the case or the suppressing of the evidence, reportedly quoting different reasons. One argument reportedly is that Gammel didn’t personally attack Washburn while the other argument states that the government has failed to charge the real hackers, despite being aware of their identities. Similarly, there is the version that the Washburn attacks were just prank attacks on a dormant website that was not doing business.