August 4, 2018 at
Back in 2014, a hacktivist by the name of Martin Gottesfeld launched a DDoS attack at the Boston Children’s Hospital, as well as another healthcare facility. Gottesfeld, who was a biotech professional, living in Somerville, Mass. will now face 15 years in a federal prison after being convicted in the US District Court this Wednesday. The charges against him include conspiracy and intentionally damaging hospital computers. The sentencing for his acts is slated for November 14.
Usually, conspiracy charges would provide a sentence of around 5 years of imprisonment, as well as restitution, and a $250,000 fine. However, due to the fact that Gottesfeld damaged protected computers, his sentence was increased for 10 additional years, and he received a fine of $250,000
The targets of Gottesfeld’s attack were two facilities – Boston Children’s Hospital, as well as Wayside Youth and Family Support Network. After becoming aware of a controversial child custody case, Gottesfeld decided that the best way to point the attention of the nation towards these institutions was to launch a DDoS attack and hurt their systems. Following the attack, the Children’s Hospital had at least two week-long problems with their network.
The case that inspired Gottesfeld to take action involved two parents from Connecticut who had lost custody of their daughter. The custody of the teenage girl, Justina Pelletier, instead went to the Commonwealth of Massachusetts. This was possible due to allegations that the parents abused the daughter in a medical way.
Gottesfeld decided that the case did not receive enough attention, and has launched an attack, claiming that it was done in the name of Anonymous, a notorious hacktivist group. In addition to attacking the hospital, he also attacked Wayside, which is a treatment facility where the daughter was transferred in the meanwhile. According to the court, Gottesfeld continuously claimed that he acted solely for the purpose of saving the young girl’s life, believing that she was endangered.
Consequences of the attack
According to the prosecutors, the attack against the hospital included a malware that Gottesfeld managed to install on over 40,000 routers after taking control of them from his home. He was preparing for the attack for around a week, and then finally launched an attack on April 19, 2014. The attack was so powerful and severe that it did not affect the children’s hospital, but also multiple other hospitals too, all in the Longwood Medical Area.
Over 65,000 IP addresses that the hospitals were using were hit by a massive wave of junk data, which made computers completely unavailable. The Children’s Hospital network was out of commission for at least two weeks, which has made it extremely difficult for staff to treat their patients. Additionally, the hospital’s research capabilities were damaged as well, and over $300,000 worth of damage was done to the hospital’s systems. Not only that, but it was estimated that the hospital lost an additional $300,000 in donations after its fundraising portal got shut down as well.
As for Wayside, its network went down as well and stayed that way for over a week. Additionally, the facility had to pay $18,000 to deal with the consequences.
It has been nearly half a year since the authorities caught up with Gottesfeld, and in October 2014, his home was searched by the federal law enforcement officials. The officials found and recovered computers, hard drives, as well as servers used in the attack. However, Gottesfeld was not charged with anything at this time.
He was, however, arrested in February 2016. His arrest was followed by an odd turn of events, and he was found in a small boat near the coast of Cuba. After the boat ran into trouble, he and his wife were forced to make a distress call and were picked up by a Disney cruise ship who happened to be nearby. Following the rescue, Gottesfeld was arrested as soon as the ship reached Miami.
Activism or hacktivism?
This entire event has brought a lot of attention to legal issues surrounding the cybercrimes, and especially those involving hacktivism. The tensions between activism protected by the First Amendment and federal criminal law were high in this case since Gottesfeld called on his right to express displeasure with the policies of an organization.
Eventually, it was decided that activism becomes hacktivism once the activity crosses the line, and officially breaks the federal law. Despite the fact that free speech is taken very seriously by the federal law enforcement agencies, Gottesfeld has shown clear intent to cause damage to multiple facilities, and that was what decided his fate.
A former FBI agent, and a partner at Lewis Brisbois, Jay Kramer, has stated that Gottesfeld would have made a much better impression by using the tools of older generations. If he had decided to go for rallies, boycotts, and alike, things could have gone differently for him. The modern times, however, make it much easier to cause damage from a chair, than to make an old-school type of effort.
There are many other cybercrimes like this one, that have yet to be solved, and while this one involved conspiracy and inflicting intentional damage, others may be even more serious. Acts of destruction or violence are a known occurrence in the world of hacktivism, and many such attacks are even labeled domestic terrorism.