Virtual Event Today: Cloud & Data Security Summit - Join Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Man Sentenced to 5 Years in Prison for DDoS Attacks

A United States naturalized citizen received the maximum sentence for launching distributed denial of service (DDoS) attacks on multiple media, bloggers, and legal news aggregation websites.

A United States naturalized citizen received the maximum sentence for launching distributed denial of service (DDoS) attacks on multiple media, bloggers, and legal news aggregation websites.

The man, born Kamyar Jahanrakhshan in Iran, changed his name to Andrew Rakhshan when he became a U.S. citizen. In February this year, he pleaded guilty to conspiracy to commit computer fraud, the U.S. Department of Justice reveals.

Rakhshan was sentenced to five years in federal prison and ordered to pay more than $520,000 in restitution. The maximum sentence he could receive was statutorily limited at 60 months incarceration as part of the accepted plea agreement.

He admitted to conspiring to launch a DDoS attack in January 2015, targeting Leagle.com, a legal aggregation site that had published information about Rakhshan’s prior criminal conviction in Canada, and which was hosted by a provider located in Dallas, Texas.

The defendant was arrested in July 2017 and charged the next month. In March 2018, a “federal jury voted to convict Mr. Rakhshan of knowingly causing the transmission of a command to a protected computer, an offense that carried a 10 year maximum prison term,” DoJ explains.

A motion for a new trial was granted in July 2018, and the original indictment was superseded in April 2019, when a conspiracy charge was added. Rakhshan pleaded guilty to the conspiracy charge and received the statutory maximum sentence for his guilty plea (absent the statutory maximum, the sentence would have been higher).

Advertisement. Scroll to continue reading.

The defendant attacked multiple websites following a similar pattern: he would first contact them requesting the removal of information about his 2013 criminal conviction in Canada, claiming that it was a similarity in name that was ruining his life. Upon refusal, he first offered bribes, then threatened with attacks targeting the website or associated sites.

“In some instances, Mr. Rakhshan threatened to call in bomb threats. Often, after initiating a successful DDoS attack, Mr. Rakhshan would contact the victim, admit to being the convicted person, brag about the successful attack, and threaten additional attacks,” the DoJ reveals.

DDoS services that he purchased from booters such as ItsFluffy and RageBooter flooded websites with traffic, disabling access to resources. Rakhshan launched multiple DDoS attacks against each victim, and most sites gave in to his demands and removed the information.

Rakhshan was also found to have obstructed justice by perjuring himself during a hearing in 2017 and to have lied on multiple occasions.

“Mr. Rakhshan committed offense from at least December 2014 through at least August 2015 while residing in various states in the United States and in Vancouver, Canada,” the DoJ says.

Related: Bayrob Malware Operators Convicted in the U.S.

Related: Ukrainian Man Pleads Guilty to Hacking, Wire Fraud Charges

Related: Neverquest Trojan Operator Pleads Guilty

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Jazz has named Sean Robinson, Rickie Goyal, Danielle Guetta, Shani Nago, and Lior Magram as VPs and Michael Calev as COO.

AJ Shipley has been appointed Chief Product Officer at CrowdStrike.

Brinqa has named Ron Dovich as Chief AI and Automation Officer, David Allen as CTO, Steve Biagioni as CFO, and James Walta as VP of Product.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.