On Wednesday, the US Department of Justice (DoJ) said John Kelsey Gammell has pleaded guilty in a St. Paul, Minnesota court to directing DDoS attacks against former employers, business competitors, companies that refused to hire him and websites for law enforcement and courts, among others.
From July 2015 through to March last year, the man engaged in a series of DDoS attacks in the US.
Gammell not only set up the DDoS attacks, which launch traffic in such volumes that online services are disrupted, on his own computers but also paid DDoS-for-hire services to hammer victims further.
According to prosecutors, Gammell used DDoS-for-hire services including VDoS, CStress, Inboot, Booter.xyz and IPStresser.
SecureList research suggests that the cost of DDoS-for-hire services continues to slide. For a basic attack lasting a few seconds, the cost may be as little as €5 ($6). For heavier campaigns with network capacities of over 125Gbps, the cost can go up to €90 ($110).
An hour-long attack may be as little as $20 and can cost victims dearly in lost business revenue as well as reputation. Some cyberattackers also blackmail their victims for payment and use DDoS attacks as leverage.
Victims included the Washburn Computer Group, the Minnesota State Courts, Dakota County Technical College, Minneapolis Community and Technical College, the Hennepin County Sheriff's Office.
In order to avoid detection, Gammell attempted to use VPNs, paid in cryptocurrency for the DDoS services, used spoofed emails, and paid for multiple DDoS services at the same time to "amplify his attacks."
The man also encrypted and cleaned his PC drives to destroy evidence.
Gammell pleaded guilty to one count of conspiracy to commit intentional damage to a protected computer and two counts of being a felon-in-possession of a firearm before District Judge Wilhelmina Wright.
In July, a British teenager was charged with supplying malware used in DDoS attacks against the websites of T-Mobile, EE, Vodafone, O2, BBC, BT, Amazon, Netflix, Virgin Media and the National Crime Agency (NCA). The 18-year-old also ran an online helpdesk and gave cyberattackers additional attack tools.