A federal jury today convicted Martin Gottesfeld, 32, on one count of conspiracy to damage protected computers and one count of damaging protected computers for distributed denial-of-service attacks that disrupted the entire Longwood Medical Area and a Framingham residential youth treatment program.
Gottesfeld was allegedly upset with the role of Children's Hospital and Wayside Youth and Family Support Network for their role in the Justina Pelletier case.
The US Attorney's office in Boston reports Gottesfeld face up to 10 years in prison on the damaging-protected-computers charge and up to five years on the conspiracy charge at his sentencing, which was scheduled for Nov. 14..
According to the US Attorney's office:
On March 25, 2014, Gottesfeld conducted a distributed denial of service – or DDOS – attack against Wayside Youth and Family Support Network, a nonprofit, Framingham-based residential treatment facility that provides a range of mental health counseling and family support services to children, young adults, and families in Massachusetts. The attack crippled Wayside’s network for more than a week and caused the facility to spend $18,000 on response and mitigation efforts.
Following the attack on Wayside’s computer network, Gottesfeld launched a massive DDOS attack against the computer network of the Boston Children’s Hospital. He customized malicious software that he installed on 40,000 network routers that he was then able to control from his home computer. After spending more than a week preparing his methods, on April 19, 2014, he unleashed a DDOS attack that directed so much hostile traffic at the Children’s Hospital computer network that he not only knocked Boston Children’s Hospital off the internet, but knocked several other hospitals in the Longwood Medical Area off the internet as well.
Gottesfeld identified himself as a member of the hacking group Anonymous, and launched the attacks on behalf of Anonymous, demanding change in the way the Boston Children’s Hospital was handling a teenage patient (discharged months earlier), who was the subject of a custody battle between her parents and the Commonwealth of Massachusetts.
The attack flooded 65,000 IP addresses used by Boston Children’s Hospital and several other area hospitals with junk data intended to make those computers unavailable for legitimate communications. The attack disrupted the Children’s Hospital network for at least two weeks, interrupting access to internet services used by Boston Children’s Hospital staff to treat patients. The attack disrupted the hospital’s day-to-day operations, as well as its research capabilities. The attack cost the hospital more than $300,000 and caused an additional estimated $300,000 loss in donations, as the attack disabled the hospital’s fundraising portal.
By the time investigators arrived at Gottesfeld's house with a warrant in 2016, authorities say, he had already fled. But his escape plans were foiled when the engine on his boat failed off the coast of Cuba and he and his wife were rescued by a passing cruise ship.