Illinois man ran business telling clients how to launch computer attacks: DOJ

His company let customers pay to launch DDoS attacks, the feds say

An Illinois man ran a successful computer takedown service until the feds stepped in. 

The man, Matthew Gatrel, 32, of St. Charles, was found guilty by a federal jury for running websites that "allowed paying users" to launch distributed denial of service, or DDoS, attacks, according to the Department of Justice, U.S. Attorney's Office, Central District of California.

A distributed denial of service attack can bring a computer network to its knees by flooding it with malicious traffic and — in the worst cases — shutting it down.

In this March 30, 2020 file photo, workers at Amazon's fulfillment center in Staten Island, N.Y., gather outside to protest work conditions in the company's warehouse in New York. Amazon fired a worker who staged the walkout to demand greater protect

Amazon Web Services (AWS) was hit by a massive DDoS attack last year and sites like GitHub have also been victims of large-scale attacks.


"In the worst case, the victim organization’s ability to operate is severely crippled," Oliver Tavakoli, CTO at Vectra, a San Jose, California-based AI cybersecurity company, told FOX Business. 

"This is easy to imagine when the victim organization interacts with its customers through websites which are no longer reachable as a result of a DDoS attack," Tavakoli said. 

The man owned and operated two DDoS facilitation websites: and, according to evidence presented at his nine-day trial.

DownThem sold subscriptions allowing customers to launch DDoS attacks while AmpNode provided server hosting for spoofing servers pre-configured with scripts to launch DDoS attacks.

Gatrel offered guidance to customers of both services on the best attack methods to "down" computers, hosting providers, or to bypass DDoS protection services, the DOJ said. 

FILE - This June 19, 2017 file photo shows a person working on a laptop in North Andover, Mass. Many now are working and studying from home to limit the spread of the new coronavirus, one that's testing how productive people can be in a pandemic. It' (AP Photo/Elise Amendola, File / AP Newsroom)


"Gatrel himself often used the DownThem service to demonstrate to prospective customers the power and effectiveness of products, by attacking the customers intended victim and providing proof, via screenshot, that he had severed the victim’s internet connection," the DOJ said.

And DownThem customers could select from different paid subscription plans. 

"The subscription plans varied in cost and offered escalating attack capability, allowing customers to select different attack durations and relative attack power, as well as the ability to launch several simultaneous, or ‘concurrent’ attacks," the DOJ said.

Records from the DownThem service revealed more than 2,000 registered users and more than 200,000 launched attacks, including attacks on homes, schools, universities, municipal and local government websites, and financial institutions worldwide. 

"The main driver for growth in DDoS is extortion," Chris Morales, chief information security officer at Netenrich, a San Jose, California-based resolution intelligence provider, told FOX Business. 

"DDOS serves the same purpose as ransomware but with much less effort and no chance of detection until the moment it occurs," Morales said.


Customers pay for this service because the "technical part of the attack … requires certain infrastructure and expertise to pull off and is similar to the rise of Ransomware-as-a-Service," Vectra’s Tavakoli said. 

Some people paying for this service are gamers "looking to get an edge in competitive games, many of which have real money attached to winning competitions," John Bambenek, principal threat hunter at Netenrich, told FOX Business.