October 08, 2017 10:47 PM
Federal prosecutors in Minnesota are charging a man with launching cyberattacks on companies and government agencies in the Twin Cities.
John Gammell is accused of using a so-called "hacker for hire" service, which could take down a government website for less than $50.
Investigators say one of his targets was Hennepin County.
In June 2016, in the middle of the night, an information technology professional detected a security breach within Hennepin County's website. A cyberattack had overwhelmed the site with web traffic and forced it to shut down.
"It wasn't a very noticeable disruption. I think our website was done for 45 seconds," said Jerry Driessen, the county's head of IT.
Driessen said most everyday users probably didn't notice the hack, but the successful takedown – which lasted for less than a minute – meant someone's malicious code penetrated several layers of security.
At county headquarters, even a brief outage will alarm its team of 500-plus IT professionals who work around the clock to try and stop cyberattacks.
In this case, it was a DDoS (Distributed Denial of Service) attack – designed to jam and disrupt servers.
"It's not a matter of if you're going to have a cyber security event, as we call them, it's a matter of when," Drissen said.
Gammell, the man investigators said is responsible, once lived and worked in the Twin Cities and is now one of the first people to face charges in federal court in Minnesota for causing "intentional damage to a protected computer."
In addition to Hennepin County, he's also accused of launching a litany of attacks on the Minnesota Judicial Branch, a technical college, banks and businesses where he once worked.
Washburn Computer Group in Monticello claimed to have lost $15,000 from an attack perpetrated by its former employee.
"It's really easy for anyone to do it," said Jonathan Wrolstad, a cybersecurity expert with the University of Minnesota's Technological Leadership Institute.
Wrolstad said sophisticated hackers -- likely overseas -- sell time for average people to borrow their network of infected computers.
"It's almost like you're renting time. It's like a timeshare where you will buy an hour or two of a botnet's time to perform this attack," he said. "You are actually purchasing a service so someone will do it for you."
The more money spent, the more disruption you can cause.
Federal investigators said Gammell did just that – spending as little as $19.99 in an attempt to cause digital havoc. According to court records, his motive for many of the attacks appears to be revenge.
"Nowadays, protest organizations or different groups will take their activism online, and we call them hacktivists," Wrolstad said. "And what they will do is target organizations or groups that they find offensive or controversial."
Driessen, at Hennepin County, said only one or two attacks a year will be successful, but that hackers and those who hire them are constantly trying.
"It would blow the minds of most people how often that happens," he said. "We are talking about thousands of times a day ... there are attempts to get inside the network."
Gammell remains in custody. His next court hearing is in November. DDoS attacks are considered low-level hacks because they simply overwhelm a network and shut it down, rather than infiltrate and steal data.
But prosecutors still take DDoS attacks seriously since in this day and age a serious internet disruption can cripple an organization.
Updated: October 08, 2017 10:47 PM
Created: October 08, 2017 07:24 PM
Copyright 2017 - KSTP-TV, LLC A Hubbard Broadcasting Company