Cybercrime , DDoS Protection , Fraud Management & Cybercrime

DDoS Attacker Receives 15-Year Sentence

Convicted Felon John Gammell Pleaded Guilty to Disruptions, Possessing Firearms
DDoS Attacker Receives 15-Year Sentence
John Kelsey Gammell has been sentenced to 180 months in prison for launching DDoS attacks and illegally possessing firearms. (Photo: Sherburne County Sheriff's Office)

A New Mexico man has been sentenced to serve 15 years in prison for launching distributed denial-of-service attacks against prior employers, business competitors and police, as well as for being a convicted felon in possession of firearms.

See Also: Value Drivers for an ASM Program

John Kelsey Gammell, 55, was sentenced on Thursday by U.S. District Judge Wilhelmina M. Wright in Minnesota. On Jan. 17, Gammell had pleaded guilty to one count of conspiracy to cause intentional damage to a protected computer and two counts of being a felon in possession of a firearm (see DDoS Attacker Targeted Banks, Police, Former Employer).

As an already convicted felon, Gammell had been prohibited from possessing firearms. But in Colorado, where he worked, he admitted to possessing parts that could be used to construct an AR-15 assault rifles, and he also possessed 15 high-capacity magazines and 420 rounds of 5.56 x 45mm full metal jacket rifle ammunition, authorities say. He also admitted to possessing two handguns plus hundreds of rounds of ammunition in New Mexico, where he resided.

DDoS Attack Spree

According to court documents, Gammell went on a DDoS attack spree from July 2015 through March 2017, using cryptocurrency to hire on-demand attacks from sites such as, CStress, Inboot, IPStresser and vDoS (see DDoS for Hire: Israel Arrests Two Suspects).

"Of the seven DDoS-for-hire websites, search warrant results and vDos records indicate Gammell made payments to cStress, and vDos," FBI Special Agent Brian Behm wrote in a complaint against Gammell filed in court on April 14, 2017. "In email communications with several individuals ... Gammell identified cStress, vDos and as his favorite DDoS services to use."

Using these DDoS-on-demand sites, Gammell disrupted "dozens of victims," including his former employer, Washburn Computer Group in Monticello, Minnesota, which suffered more than a year of disruptions, according to his plea agreement.

Other organizations that Gammell targeted with site disruptions included Convergys, Enterprise Rent-A-Car, Hong Kong Exchanges and Clearing, JP Morgan Chase, Verizon Communications, Wells Fargo and in Minnesota, Dakota County Technical College, the state courts' website and the Hennepin County Sheriff's Office in Minneapolis.

Gammell also admitted to attempting to disguise his DDoS activities through a variety of means.

"Gammell took a variety of steps to avoid detection and circumvent his victims' DDoS attack mitigation efforts, such as using IP address anonymization services to mask his identity and location, using cryptocurrency in payment for DDoS-for-hire services, using multiple DDoS-for-hire services at once to amplify his attacks, using spoofed emails to conceal his conduct, and using encryption and drive-cleaning tools to conceal digital evidence of his conduct on his computers," according to his plea agreement.

Stresser/Booter Entrepreneur

Email sent from Gammell to an individual named Derek ( on July 12, 2015, proposing they enter into a business partnership offering subscriptions for monthly DDoS disruptions, to be executed using cStress and vDos services. (Source: Federal complaint against Gammell)

According to court documents, Gammell also planned to offer his own DDoS-on-demand service, to be advertised via Facebook and Craigslist, he told an alleged collaborator via email. Gammell said he planned to procure the actual disruptions via cStress and vDos because they were "the two most reliable and powerful 'stresser' services."

The FBI has continued to issue alerts about so-called stresser/booter services as well as to warn potential users of such sites that they're breaking the law. Such services are often marketed as a way to "stress test" your own website. But law enforcement agencies say the "DDoS on demand" services are widely used by attackers to disrupt websites and extort organizations into paying attackers to restore access. Regardless, using them is illegal, authorities say.

The FBI says such crimes are underreported and encourages any organization that has been targeted to alert authorities (see FBI to DDoS Victims: Please Come Forward).

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.