Cybercrime , DDoS Protection , Fraud Management & Cybercrime

After Guilty Plea, DDoS Attacker Gets 5-Year Prison Term

Prosecutors Say Andrew Rakhshan Was Responsible for Series of Attacks
After Guilty Plea, DDoS Attacker Gets 5-Year Prison Term

A federal judge has sentenced an Iranian-born, U.S. naturalized citizen to five years in prison for one in a series of distributed denial-of-service attacks over the course of at least five years, according to the Department of Justice.

See Also: ManageEngine’s Guide to Implementing the Essential Eight Maturity Model

Andrew Rakhshan, 40, formerly known as Kamyar Jahanrakhshan, pleaded guilty to one count of conspiracy to commit computer fraud in February. In addition to the jail sentence, he was fined $520,000.

Starting in 2015, Rakhshan conducted a series of DDoS attacks against websites that had posted legal information about his prior conviction for fraud in Canada, according to the Justice Department.

One of the sites that Rakhshan targeted with a DDoS attack, called Leagle.com, is based in Canada but it's servers are housed in Texas. Rahshan’s guilty plea in February was in connection with the attack on this website, prosecutors say.

Rakhshan was originally arrested near Seattle in July 2017, and the case was transferred the U.S. Attorney's Office for the Northern District of Texas. Since his arrest, Rakhshan has remained in federal custody, according to the Justice Department.

Series of Threats

In 2013, Rakhshan was convicted in Canada on fraud charges and later deported to the U.S., according to the federal prosecutors.

Later, in 2015, Rakhshan began contacting several legal, news and other websites to complain that his name was appearing in searches and demanded that his name be removed. At first, he claimed that his name was similar to another convicted person’s name and this was damaging his reputation, prosecutors say.

"When the websites refused to remove the data, Mr. Rakhshan first offered bribes to compel their compliance, then escalated his conduct through emails and faxes, by threatening to attack the site or associated sites," according to the Justice Department. "In some instances, Mr. Rakhshan threatened to call in bomb threats."

Eventually, Rakhshan began targeting websites with DDoS attacks. He used "booster" cybercriminal services such as ItsFluffy and RageBooter to help conduct these attacks and overload the websites' servers with traffic, according to prosecutors.

In emails to Leagle.com, Rakhshan claimed that the DDoS attack was the work of an anonymous hacking group, according to the original FBI criminal complaint in the case.

The criminal complaint noted that one email stated: "We are the anonymous hackers group. This evening we launched a Distributed Denial of Service (DDoS) attack on your website Leagle.com. We did this on behalf of Mr. Andrew Rakhsahn who is being unjustly victimized by you … If you do not remove it immediately, more severe attacks will hit your website in the coming days and weeks, and your users will be deprived of your service. Be wise."

While Rakhshan pleaded guilty to the attack on Leagle.com, the FBI complaint notes that he used similar tactics against other websites, including the Sydney Morning Herald, the Canadian Broadcast Company and Metronews.ca, a news website based in Canada.

In many cases, the sites that Rakhshan targeted with DDoS attacks removed the information in order to stop the attacks. In some cases, Rakhshan would further taunt the websites by calling them back, admitting who he was and what he had been convicted of and threatening to attack again if the information was reposted, according to the Justice Department.


About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the GovInfoSecurity.com media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ddos.inforisktoday.com, you agree to our use of cookies.