Two British and German citizens were indicted for launching dynamic denial of service attacks

Oct 4, 2008 11:03 GMT  ·  By

Lee Graham Walker from England and Axel Gembe from Germany were indicted by a Los Angeles Grand Jury for conspiracy and damaging a computer system intentionally. The indictment is the result of what the FBI codenamed Operation Cyberslam, “the first successful investigation of a large-scale distributed denial of service attack (DDoS) used for a commercial purpose in the United States.”

The two men are accused of receiving money from the owner of Orbit Communications, a home satellite systems retailer, in exchange for launching DDoS attacks against the websites of competing companies. The targeted online businesses were Miami-based Rapid Satellite and Los Angeles-based Weaknees. The incident occurred back in 2003, when Saad Echouafni, aka Jay R. Echouafni, CEO of Orbit Communications, contracted the two European hackers with the help of Paul Garret Ashley, founder and owner of hosting company Creative Internet Techniques (CIT), also known as FooNet.

Axel “Ago” Gembe is the creator of the first version of the Agobot, an IRC-based computer worm written in C/C++ and Assembler. Upon infecting a computer, the Agobot worm creates a drone (bot) that turns the computer into a zombie. This bot connects to a predefined IRC server and accepts commands from the attacker. Amongst its features are execution of programs, port scanning, launching “syn” based and HttpFlood DDoS attacks using the bandwidth of the infected computer, packet sniffing, key logging and others.

Gembe used his malware creation to infect computers worldwide and to create an impressive botnet, which he maintained and controlled with the help of Lee Graham “SorCe” Walker. Axel Gembe was also responsible for the source code leak of the popular Half-Life 2 game in 2003.

According to the IRC logs that the FBI gathered, all the money paid for the attacks launched against Rapid Satellite and Weaknees was transferred through PayPal. Echouafni was paying Ashley, who was paying Walker, who was sharing some of the money with Gembe. The attacks disrupted Weaknees' online business for at least two weeks, and caused both hosting services of Weaknees and Rapid Satellite to drop them as clients. The financial losses of the two companies are estimated to amount between $200,000 and $1 million.

Paul Garret Ashley was the first to be convicted as a co-conspirator and he has already served a two-year prison sentence. His involvement in this case was possibly caused by the desire to sign Rapid Satellite and Weaknees as clients for the hosting services offered by his company. Saad Echouafni is believed to have fled the country, and is still on the FBI wanted list. Since he is Moroccan, the FBI points to Morocco as his possible whereabouts, but it also warns that he “should be considered armed and dangerous.”