Two European men have been indicted for allegedly orchestrating cyberattacks against two Web sites, a continuation of the first successful U.S. investigation ever into distributed denial-of-service attacks, according to the U.S. Department of Justice.
One of the men, Axel Gembe, 25, of Germany, is believed to be the programmer behind Agobot, a well-known malicious software program used to create a botnet or network of compromised PCs.
Gembe and 24-year-old Lee Graham Walker of Bleys Bolton, England, were indicted Thursday by a grand jury in Los Angeles, California, on one count of conspiracy and one count of intentionally damaging a computer system.
The two men were allegedly hired by Jay R. Echouafni, owner of Orbit Communication, a Massachusetts-based company that sold home satellite systems, to carry out DDOS attacks. Those attacks were directed at the public Web sites of two of Orbit’s competitors, Rapid Satellite of Miami, Florida, and Weaknees of Los Angeles.
The attacks halted Weaknees’ business for two weeks in October 2003, causing the company $200,000 in losses, the DOJ said. Weaknees sold digital video recorders online. Rapid Satellite, which sold home satellite television systems, was also damaged.
Echouafni remains at large. Another man, Paul Ashley, who prosecutors describe as one of the Echouafni’s associates, has already completed a two-year prison sentence for his role in the conspiracy.
Walker is accused of helping maintain Gembe’s botnet. According to the indictment, the two used IRC (Internet relay chat) to discuss ways to make the code behind the botnet more powerful and damaging to Web sites.
During a DDOS attack, computers infected with the botnet code are directed to send overwhelming amounts of data traffic to the targeted Web site, which usually causes the site to become unavailable.
In this case, computers in the botnet sent “syn” data packets to both Web sites. Syn packets initiate communication between two computers, but can be configured with false information.
Syn packets sent in an overwhelming data stream jams up the receiving server. Gembe’s botnet could also direct large amounts HTTP traffic toward a Web site, which has the same damaging effect.