A 34-year old man has been sentenced to more than 10 years in prison, after being found guilty of launching a massive denial-of-service attack against Boston Children’s Hospital.
The sentencing of Martin Gottesfeld, from Somerville, Massachusetts, comes almost three years after he attempted to escape to Cuba – a plan that failed after his speedboat broke down in the choppy sea, and he was picked up by a Disney cruise liner.
Gottesfeld’s troubles began when he heard about the case of Connecticut teenager Justina Pelletier, who was admitted to Boston Children’s Hospital in 2013. The hospital and Pelletier’s parents disagreed about how she should be treated, and eventually she was removed from her parents’ custody.
The case received widespread attention in the media and online, as the teenage girl’s parents argued that she had been “medically kidnapped”.
Publicity about the case spurred an internet campaign under the banner of #FreeJustina, and Gottesfeld, in the name of the Anonymous hacking collective, posted a YouTube video in March 2014 calling for action against the hospital.
That video, in turn, shared links to a Pastebin account – doxing the home address and phone numbers of a judge and doctor involved in Pelletier’s case, and making a clear threat:
“This will be your first and final warning. Failure to comply will result in retaliation which you will not be able to withstand. Free Justina and return her home to her family. The voice of the people will be heard.”
Gottesfeld linked to the information from his Twitter account, where he frequently posted about the #FreeJustina campaign.
At the same time, Gottesfeld launched a distributed denial-of-service (DDoS) attack against Wayside Youth & Family Support Network, a facility offering children mental health counselling. Pelletier was a resident of the facility having been by then discharged from hospital, but still not released into the care of her parents.
The following month Gottesfeld launched another DDoS attack, this time crippling the systems of Boston Children’s Hospital. Prosecutors claimed that the attack knocked the hospital’s internet systems offline for two weeks, disrupting fundraising campaigns and communication between patients and medical staff.
Perhaps unsurprisingly, FBI investigators were able to link Gottesfeld to the YouTube account. For his part, Gottesfeld claims he deliberately didn’t bother covering his tracks as he didn’t believe he had done anything wrong.
In the early morning of October 1, 2014, FBI investigators searched Gottesfeld’s home, seizing computer equipment.
As the investigation into the DDoS attacks proceeded over the coming months, Gottesfeld realised the seriousness of the case against him – and in February 2016 fled with his wife Dana to Miami. Their plan? To buy a boat off Craigslist, and sail it to Cuba where they would be beyond the reach of US authorities.
The couple purchased a speedboat for US $5000, abandoned their car, and immediately set off across the ocean for what they believed to be the sanctuary of Cuba. But after hours of battling rough waves, their boat broke down. They were stranded, with no boats or land in sight. And they had told no-one of their plan.
Attempts to restart the boat failed, and eventually Gottesfeld admitted defeat – putting a distress call out on the radio which was thankfully heard by “The Disney Wonder”, an 11-deck cruise ship carrying hundreds of tourists.
In terrible weather conditions, Martin and Dana Gottesfeld were brought safely onboard where they were held in a cabin, with guards stationed outside.
Authorities in the Bahamas contacted the FBI office in Boston, and when the cruise ship returned to the US mainland, Gottesfeld and his wife were arrested and handcuffed.
The hacker’s dream of escape to Cuba was in tatters.
On Thursday, Gottesfeld was sentenced to 121 months in prison, and ordered to pay nearly US $443,000 in restitution.
“Make no mistake, your crime was contemptible, invidious and loathsome,” said US District Judge Nathaniel Gorton.
To reads more about the case, and Gottesfeld’s background, I strongly recommend reading this article in Rolling Stone.
There’s no doubt that Gottesfeld did many foolish things, but when you read more about the case (Check out this excellent article in Rolling Stone which explores his background) you can’t help but conclude that he had ultimately good intentions that were catastrophically misdirected.
A prison sentence of over 10 years for the DDoS attacks that Martin Gottesfeld perpetrated feels very harsh to me.
Gottesfeld says he plans to appeal his sentence. I can’t condone what he did, but I wish him well for the future.