‘Hacker-for-Hire’ Pleads Guilty to Minnesota State Agency Attacks

A New Mexico man used a "hacker-for-hire" website to wage cyberattacks against a slew of ex-employers and state agencies.

by Stephen Montemayor, Star Tribune / January 19, 2018

(TNS) — A New Mexico man who used “hacker-for-hire” services to wage cyberattacks against a slew of ex-employers and state agencies pleaded guilty this week to federal conspiracy and weapons charges in one of the first cases of its kind in Minnesota.

John Kelsey Gammell, 55, has been in custody since his arrest last April in Colorado. His guilty plea on Wednesday staves off what would have been one of the country’s first federal trials on hacking conspiracy charges.

In a St. Paul federal courtroom Wednesday, Gammell admitted to engaging in a “campaign of distributed denial of service (DDoS) attacks” against at least three dozen websites between at least 2015 and 2017. Victims included former employers, banks, and agencies like the Hennepin County Sheriff’s Office, the Minnesota Judicial Branch and technical colleges in Dakota County and Minneapolis.

“Unfortunately, crime on the internet has become an everyday reality across the United States,” said Richard Thornton, special agent in charge of the FBI’s Minneapolis division, in a statement after Gammell’s plea. “Cybercriminals looking to turn a buck or with an axe to grind mistakenly see the internet as fertile ground for anonymous criminal activity.”

An attorney for Gammell declined to comment on the case. U.S. District Court Judge Wilhelmina Wright has not yet scheduled a sentencing hearing for Gammell, who recently lived with his parents in New Mexico before seeking temporary work in Denver, according to court documents.

According to his plea agreement, Gammell used programs from his own computers and also paid several “DDoS-for-hire” services to try to disrupt websites in Minnesota and elsewhere by flooding them with large amounts of web traffic.

Gammell targeted former employers, business competitors, companies that declined to hire him and websites for law enforcement, financial institutions and court branches. According to court filings, Gammell caused more than $5,000 in damage while using “IP address anonymization services” to mask his location and paid for the “hacker-for-hire” services using cryptocurrency that can be difficult to trace.

Authorities might not have caught Gammell without the taunting e-mails he allegedly sent after attacks, and records of his dealings with an Israeli “hacker-for-hire” service whose files were handed off to the FBI by an unnamed web security researcher.

Late Wednesday, U.S. Attorney Greg Brooker said that federal prosecutors in Minnesota will continue to prioritize targeting “cybercriminals that pose a substantial threat to private businesses, public entities and critical infrastructure.”

Gammell, who has a past conviction for being a felon in possession of a firearm, could also be looking at a signficant prison sentence if Wright finds that his case warrants “armed career criminal” designation. FBI agents in Colorado found parts used to build AR-15 assault rifles and 420 rounds of “full metal jacket rifle ammunition” during a search of Gammell’s car last year. Agents also found handguns and “hundreds of rounds” of ammo after searches of the New Mexico home of Gammell’s parents and a nearby storage unit that belonged to Gammell.

©2018 the Star Tribune (Minneapolis) Distributed by Tribune Content Agency, LLC.

NEW ON THE PODCAST

Tech Startups Can Help Revitalize Both Ends of Your Ballot