An electronics technician pleaded guilty on Wednesday to orchestrating distributed denial of service (DDoS) attacks on a former employer and other organizations – and to unlawfully possessing a firearm as a former felon.
From July 2015 through around March 2017, according to a plea agreement, John Kelsey Gammell, of New Mexico, USA, conducted or coordinated DDoS attacks against the websites of companies he used to work for, businesses that declined to hire him, and organizations that competed with his soldering training business, as well as law enforcement agencies and courts.
The affidavit filed by FBI Special Agent Brian Behm in the case against Gammell recounts a series of DDoS attacks against Washburn Computer Group, a computer services biz based in Monticello, Minnesota, that were conducted intermittently from July 2015 through September 2016.
Behm said the source of the attacks could not be determined because the traffic was routed through a US-based VPN that didn't retain logs.
But email messages received by Washburn from yahoo.com and gmail.com webmail accounts during this time were not so obscure. They contained the name of a former employee, and appeared to taunt Washburn management about "ongoing IT issues" – a reference to the string of DDoS assaults on its systems.
Subpoenas later served to Google and Yahoo led the Feds back to Gammell. It was almost too easy to snare him.
Washburn did not respond to a request for comment, but an electronics website makes reference to a soldering demonstration at Washburn Computer Group by John Gammell, certified IPC trainer. The associated video has since been removed from YouTube.
Behm's affidavit – filed in a St Paul, Minnesota, district court – states that Gammell left Washburn about three years ago, on good terms, to start his own soldering company, but became embroiled in a financial dispute with his former employer in July 2014 over training for Washburn personnel.
In his plea agreement, Gammell acknowledges purchasing subscriptions for "DDoS-for-hire" services, including VDoS, CStress, Inboot, Booter.xyz, and IPStresser.
Such companies generally characterize their services as legal because website stress testing can be done with the consent of the site owner. It appears, however, they don't put much effort into preventing abuse.
The FBI's case against Gammell was aided by an unnamed internet security researcher who provided the agency with logs from VDoS from April through July 2016. In that data, the FBI found account and email address associated with Gammell.
Behm said that one of Gammell's VDoS account names as "AnonCunnilingus," and that Gammell claimed to be a member of hacktivist group Anonymous.
In an email message sent to VDoS as product feedback, Gammell identifies himself as "Mr. Cunnilingus," and thanks the data-cannon biz for its "outstanding product." The message concludes, "We Are Anonymous USA."
The affidavit also describes Gammell's effort to recruit others through Craigslist, Facebook, and Twitter to help start a DDoS-for-hire business.
Gemmell in his plea acknowledged directing attacks against a long list of organizations other than Washburn, including:
Minnesota State Courts, Dakota County Technical College, Minneapolis Community and Technical College, Hennepin County, Hennepin County Sheriff's Office, Aerotek, Analog Technologies, Apex Tool Group, Blackfox, Business Electronics Soldering Technologies, C.R. England, Central Portfolio Control, Convergys, Dimation, dmDickason Personnel Services, EPTAC Corporation, Employer Solutions Group, Entegee, Enterprise Rent-A-Car, Halko Products, Industrial Insite, IPC, I-Tech Staffing Services, JP Morgan Chase, Kit Pack Co., Landmark Real Estate and Investment, Mesilla Valley Transportation, Mesilla Valley Training Institute, PeopleReady, Precision, PMG Services, Production Automation Corp., QuiBids.com, STI Electronics, UTC Aerospace Systems, Verion Training Systems, Verizon Communications, VMC Consulting, and Wells Fargo.
In addition, Gemmell admits to unlawfully possessing weapons following his prior felony conviction.
Gammell will be sentenced at a later date. His plea agreement indicates that if he is determined to be an armed career-criminal, he faces a minimum sentence of 180 months, or 15 years in prison. The court however has some sentencing discretion.
In any event, Gammell might want to consider a more likely pseudonym. ®