Connect with us

Hi, what are you looking for?



Man Sentenced to 5 Years in Prison for DDoS Attacks

A United States naturalized citizen received the maximum sentence for launching distributed denial of service (DDoS) attacks on multiple media, bloggers, and legal news aggregation websites.

A United States naturalized citizen received the maximum sentence for launching distributed denial of service (DDoS) attacks on multiple media, bloggers, and legal news aggregation websites.

The man, born Kamyar Jahanrakhshan in Iran, changed his name to Andrew Rakhshan when he became a U.S. citizen. In February this year, he pleaded guilty to conspiracy to commit computer fraud, the U.S. Department of Justice reveals.

Rakhshan was sentenced to five years in federal prison and ordered to pay more than $520,000 in restitution. The maximum sentence he could receive was statutorily limited at 60 months incarceration as part of the accepted plea agreement.

He admitted to conspiring to launch a DDoS attack in January 2015, targeting, a legal aggregation site that had published information about Rakhshan’s prior criminal conviction in Canada, and which was hosted by a provider located in Dallas, Texas.

The defendant was arrested in July 2017 and charged the next month. In March 2018, a “federal jury voted to convict Mr. Rakhshan of knowingly causing the transmission of a command to a protected computer, an offense that carried a 10 year maximum prison term,” DoJ explains.

A motion for a new trial was granted in July 2018, and the original indictment was superseded in April 2019, when a conspiracy charge was added. Rakhshan pleaded guilty to the conspiracy charge and received the statutory maximum sentence for his guilty plea (absent the statutory maximum, the sentence would have been higher).

The defendant attacked multiple websites following a similar pattern: he would first contact them requesting the removal of information about his 2013 criminal conviction in Canada, claiming that it was a similarity in name that was ruining his life. Upon refusal, he first offered bribes, then threatened with attacks targeting the website or associated sites.

Advertisement. Scroll to continue reading.

“In some instances, Mr. Rakhshan threatened to call in bomb threats. Often, after initiating a successful DDoS attack, Mr. Rakhshan would contact the victim, admit to being the convicted person, brag about the successful attack, and threaten additional attacks,” the DoJ reveals.

DDoS services that he purchased from booters such as ItsFluffy and RageBooter flooded websites with traffic, disabling access to resources. Rakhshan launched multiple DDoS attacks against each victim, and most sites gave in to his demands and removed the information.

Rakhshan was also found to have obstructed justice by perjuring himself during a hearing in 2017 and to have lied on multiple occasions.

“Mr. Rakhshan committed offense from at least December 2014 through at least August 2015 while residing in various states in the United States and in Vancouver, Canada,” the DoJ says.

Related: Bayrob Malware Operators Convicted in the U.S.

Related: Ukrainian Man Pleads Guilty to Hacking, Wire Fraud Charges

Related: Neverquest Trojan Operator Pleads Guilty

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...