A United States naturalized citizen received the maximum sentence for launching distributed denial of service (DDoS) attacks on multiple media, bloggers, and legal news aggregation websites.
The man, born Kamyar Jahanrakhshan in Iran, changed his name to Andrew Rakhshan when he became a U.S. citizen. In February this year, he pleaded guilty to conspiracy to commit computer fraud, the U.S. Department of Justice reveals.
Rakhshan was sentenced to five years in federal prison and ordered to pay more than $520,000 in restitution. The maximum sentence he could receive was statutorily limited at 60 months incarceration as part of the accepted plea agreement.
He admitted to conspiring to launch a DDoS attack in January 2015, targeting Leagle.com, a legal aggregation site that had published information about Rakhshan’s prior criminal conviction in Canada, and which was hosted by a provider located in Dallas, Texas.
The defendant was arrested in July 2017 and charged the next month. In March 2018, a “federal jury voted to convict Mr. Rakhshan of knowingly causing the transmission of a command to a protected computer, an offense that carried a 10 year maximum prison term,” DoJ explains.
A motion for a new trial was granted in July 2018, and the original indictment was superseded in April 2019, when a conspiracy charge was added. Rakhshan pleaded guilty to the conspiracy charge and received the statutory maximum sentence for his guilty plea (absent the statutory maximum, the sentence would have been higher).
The defendant attacked multiple websites following a similar pattern: he would first contact them requesting the removal of information about his 2013 criminal conviction in Canada, claiming that it was a similarity in name that was ruining his life. Upon refusal, he first offered bribes, then threatened with attacks targeting the website or associated sites.
“In some instances, Mr. Rakhshan threatened to call in bomb threats. Often, after initiating a successful DDoS attack, Mr. Rakhshan would contact the victim, admit to being the convicted person, brag about the successful attack, and threaten additional attacks,” the DoJ reveals.
DDoS services that he purchased from booters such as ItsFluffy and RageBooter flooded websites with traffic, disabling access to resources. Rakhshan launched multiple DDoS attacks against each victim, and most sites gave in to his demands and removed the information.
Rakhshan was also found to have obstructed justice by perjuring himself during a hearing in 2017 and to have lied on multiple occasions.
“Mr. Rakhshan committed offense from at least December 2014 through at least August 2015 while residing in various states in the United States and in Vancouver, Canada,” the DoJ says.
Related: Bayrob Malware Operators Convicted in the U.S.
Related: Ukrainian Man Pleads Guilty to Hacking, Wire Fraud Charges