Hey, there! Log in / Register

Somerville man convicted of unleashing army of network routers to take down Children's Hospital, Framingham agency

A federal jury today convicted Martin Gottesfeld, 32, on one count of conspiracy to damage protected computers and one count of damaging protected computers for distributed denial-of-service attacks that disrupted the entire Longwood Medical Area and a Framingham residential youth treatment program.

Gottesfeld was allegedly upset with the role of Children's Hospital and Wayside Youth and Family Support Network for their role in the Justina Pelletier case.

The US Attorney's office in Boston reports Gottesfeld face up to 10 years in prison on the damaging-protected-computers charge and up to five years on the conspiracy charge at his sentencing, which was scheduled for Nov. 14..

According to the US Attorney's office:

On March 25, 2014, Gottesfeld conducted a distributed denial of service – or DDOS – attack against Wayside Youth and Family Support Network, a nonprofit, Framingham-based residential treatment facility that provides a range of mental health counseling and family support services to children, young adults, and families in Massachusetts. The attack crippled Wayside’s network for more than a week and caused the facility to spend $18,000 on response and mitigation efforts.

Following the attack on Wayside’s computer network, Gottesfeld launched a massive DDOS attack against the computer network of the Boston Children’s Hospital. He customized malicious software that he installed on 40,000 network routers that he was then able to control from his home computer. After spending more than a week preparing his methods, on April 19, 2014, he unleashed a DDOS attack that directed so much hostile traffic at the Children’s Hospital computer network that he not only knocked Boston Children’s Hospital off the internet, but knocked several other hospitals in the Longwood Medical Area off the internet as well.

Gottesfeld identified himself as a member of the hacking group Anonymous, and launched the attacks on behalf of Anonymous, demanding change in the way the Boston Children’s Hospital was handling a teenage patient (discharged months earlier), who was the subject of a custody battle between her parents and the Commonwealth of Massachusetts.

The attack flooded 65,000 IP addresses used by Boston Children’s Hospital and several other area hospitals with junk data intended to make those computers unavailable for legitimate communications. The attack disrupted the Children’s Hospital network for at least two weeks, interrupting access to internet services used by Boston Children’s Hospital staff to treat patients. The attack disrupted the hospital’s day-to-day operations, as well as its research capabilities. The attack cost the hospital more than $300,000 and caused an additional estimated $300,000 loss in donations, as the attack disabled the hospital’s fundraising portal.

By the time investigators arrived at Gottesfeld's house with a warrant in 2016, authorities say, he had already fled. But his escape plans were foiled when the engine on his boat failed off the coast of Cuba and he and his wife were rescued by a passing cruise ship.

Free tagging: 


Grand juries issue indictments. Convictions result from the trial that follows the indictment, a trial which features a regular (or "petit") jury,

Voting closed 28


Voting closed 11

It seems to me that the prosecution is insufficiently imaginative. They say that he took control of 40,000 routers and intsalled malicious software on them. There would appear to be grounds for 40,000 charges of something-or-other. I wouldn’t be too harsh with the punishment, however; 1 day and $100 for each offense should be sufficient.

Voting closed 6

$40k and 109.6 years?

Voting closed 17

a couple of zeros.

Voting closed 16

In the dollar amount? I did not miss any zeros. The 'k' I put there after the $40 is short for kilo, or thousand.

And 40,000 days = 109.58 years.

Voting closed 10

Shouldn't 40,000 separate counts x $100 per count = $4,000,000?

Voting closed 13

you're right. ;-)

I was using $1. Oops.

Voting closed 8

No doubt it's safer to just get the hacking convictions, but he knew how much danger he was putting patients in. Children.

Voting closed 35

Yes, but if patients are dying because your EMR goes down, the hospital needs to have redundancies and backup workflows in place until systems are back online. This kid is a shit head, but it should never get to that point. This isn't quite as cut and dry as hacking planes out of the sky.

That said, great work by those who traced him down.

Voting closed 24

He's immature and lacking thought about the implications of his actions, but he's certainly an adult and a shithead one at that.

Voting closed 18

Used to claim he was on speed dial with Zuckerberg as they were high school buddies at Phillips Exeter. Was prone to telling many other outlandish stories as well....

Voting closed 15

It's much simpler and less traceable to use a botnet for this on the dark web.

Voting closed 15

as an IT guy if this is really correct.40,000 seems like an awful lot of routers for a small campus with 15,000 or so employees. The network I support is 10X bigger and has nowhere near that number of routers. They may have that many computers....

Voting closed 19

40K routers anywhere in the internet.

Voting closed 15

This pompous ass put kids’ (and adults’) lives in danger by crashing systems that control amongst other things monitors, code systems and life support apparatus. Throw the book at him.

Voting closed 9