Minnesota Man Charged With Hiring Hackers to Bring Down Ex-Employer

Federal prosecutors in an ongoing Minnesota case involving cybercrime stated that a local business, and Monticello-based technology firm was a victim of cyber-attack which was instigated by a former worker.

The former worker who was also a state resident employed hackers-for-hire to sabotage the website of Monticello.

According to the FBI, this case is in relation to the growing form of cybercrime as professional hackers are contracted to ramp up attacks on individuals, businesses and other personal digital devices connected to the web.

Prosecutors of this case stated that 46-year-old John Kelsey Gammell paid hackers to bring down Washburn Computer Group, a Monticello business where he previously worked, by inflicting “distributed denial of service” (DDoS) attacks on them.

The DDoS attacks swamped a network with data, denied legitimate users access, and also knocking web services offline.

Gammell is also accused of making monthly payments between July 2015 and September 2016 of an amount of $19.99 to $199.99 to destroy web networks connected to the Minnesota Judicial Branch, Hennepin County, and several banks.

Point-of-sale system repair company Washburn, told prosecutors that Gammell’s attacks cost it about $15,000.

“As a society that is increasingly reliant on network-connected devices, these types of cyber-attacks pose a serious threat to individuals, businesses, and even our nation’s critical infrastructure,” Gregory Brooker, Acting U.S. Attorney in Minneapolis said, talking generally about the new form of crime.

Over $11 million was lost by victims of DDoS attacks last year, according to the FBI’s Internet Crime Complaint Center and speaking on this issue, said FBI Supervisory special agent Michael Krause, who leads the FBI’s cyber squad in Minneapolis, stated that:

“We have a growing trend where the sophistication of the dark web and the sophistication of certain professional hackers to provide resources is allowing individuals — and not just experienced individuals — to conduct hacks and conduct DDoS.”

According to a criminal complaint in 2015, Gammell anxiously wrote to the company talking about his success in achieving a “DDoS mitigation” program to bring down an unnamed network for at least two days.

“We will do much business,” Gammell allegedly wrote. “Thank you for your outstanding product.”

According to an FBI agent’s sworn affidavit, Gammell contacted seven sites offering DDoS-for-hire services and paid monthly fees to three of them to carry out web attacks from July 2015 to September 2016.

When Gammell appeared in a Minneapolis courtroom last week, he confirmed that he ignored a plea offer that would have solved all his charges and concluded his prison sentence at a mandatory 15 to 17 years.

Rachel Paulose, Gammell’s attorney, argued her client didn’t personally cause the damage to Washburn. She continued by asking a federal magistrate to throw out evidence the FBI obtained from an unnamed researcher stating that, data could have also been obtained by hacking.

“The government has failed to charge a single one of those ‘cyber hitmen’ services, named and evidently well known to the government,” Paulose stated.

“Instead the government’s neglect has allowed the professional cyber hitmen for hire to skip off merrily into the night.”

The Washburn attacks were “essentially a prank on a dormant site not doing business,” she added.

Assistant U.S. Attorney Timothy Rank then replied saying “Even if Mr. Gammell thinks it’s a prank, it’s a criminal prank.”

According to Minnesota IT Services, the administrators of the state’s computer systems stated that the state network field an average of over 3 million attempted cyber-attacks daily. The officials stated that the state hasn’t been hit with any major attack equal to the 2012 South Carolina breach that exposed personal data for 3.7 million residents, costing the state $20 million.

In an attack in June 2016, the Minnesota Judicial Branch’s website was unavailable for 10 days, prompting local officials because so many government services have at least some connection to the web.

“A lot of people think it’s just a nuisance,” stated Minnesota’s chief information security officer, Chris Buse.

“But it’s not. If you look at what government does basic critical services if those services don’t continue, people can literally die,” he added.

Although hackers are able to seize over hundreds of millions of unsecured devices worldwide to flood networks in a single DDoS attack, security professionals are trying to stay ahead of the threat.

“In our environment, it’s pretty clear now that every organization needs some sophisticated and expensive tools to mitigate these DDoS attacks,” Buse stated.