DDoS Protection , Governance & Risk Management , Incident & Breach Response

DDoS Suspect Arrested After Rescue at Sea

Disney Cruise Ship Saves Man, Wife, Allegedly Fleeing U.S.
DDoS Suspect Arrested After Rescue at Sea

An alleged hacktivist suspected of launching a distributed denial of service attack on a children's hospital has been charged and arrested after he and his wife were rescued at sea by a Disney cruise ship off the coast of Cuba.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

In a Feb. 17 statement, the Department of Justice said a Somerville, Mass., man, Martin Gottesfeld, 31, was charged with one count of conspiracy for his role in orchestrating "a disruptive computer attack on a local Boston hospital's network." He was arrested in Miami after allegedly having fled Massachusetts and being found in a small boat off the coast of Cuba.

Gottesfeld and his wife made a distress call after their boat ran into trouble. A nearby Disney Cruise Ship responded to the distress call and rescued the couple, DOJ says.

In the statement, DOJ says Gottesfeld had been aware of a federal investigation since October 2014, when the FBI searched his home in relation to a computer attack on the hospital network.

"This case is unusual, as we don't often see headlines that hackers in healthcare cyberattacks have been arrested," says privacy attorney Adam Greene of law firm Davis Wright Tremaine. "This is largely due to so many cyberattacks originating from outside of the U.S., making it much more difficult to investigate and prosecute the crimes. If the alleged hacker had made it outside of the U.S., then an arrest and prosecution would be far less likely."

Wellness Check

Federal authorities in the statement say that last week, the Somerville Police Department conducted a wellness check at Gottesfeld's apartment after receiving calls from his employer and from relatives concerned about his whereabouts. Gottesfeld allegedly had not been to work, nor had he or his wife had any contact with family members, in several weeks. The police found no one home at his apartment.

Then the FBI in Boston on Feb. 16 was notified by their counterparts in the Bahamas that Gottesfeld and his wife were not registered guests on the Disney ship, but rather had been picked up by the cruise ship near Cuba, following a distress call. Gottesfeld was arrested when the cruise ship returned to its Miami port on Feb. 17.

Attack on Children's Hospital

The DOJ statement does not name the Boston hospital that Gottesfeld allegedly attacked, and a DOJ spokeswoman declined to identify the hospital because "it is a victim."

However, in a statement to Information Security Media Group, Boston Children's Hospital says it is "grateful to the FBI and the U.S. Attorney's office for investigating the cyber-attack launched on the hospital in April 2014 and for apprehending the hacker who led the attack and holding him accountable." In addition, the hospital thanked "our employees who assisted the FBI throughout its investigation and who helped build the comprehensive systems and procedures that were able to thwart the attack and protect confidential information. We are pleased that these measures have since been adopted throughout the Longwood hospital and research community" in Boston.

The DOJ statement notes that an affidavit unsealed in U.S. District Court in Boston on Feb. 17 says the attack in April 2014, "disrupted the hospital's network for approximately a week, was launched in the name of hacking group Anonymous in an effort to affect the hospital's handling of a teenage patient 'Patient A,' who was the subject of a high-profile custody battle between her parents and the Commonwealth of Massachusetts.

According to the complaint affidavit, the attack on the Massachusetts hospital was one of two attacks that Gottesfeld and others allegedly orchestrated.

Back on April 25, 2014, Children's Hospital of Boston confirmed that the hospital's public website had been undergoing cyber-attacks for nearly a week, which made some online services, such as patient appointment scheduling, sporadically inaccessible. At the time, Boston Children's in a statement said its website had been "the target of multiple attacks designed to bring down the site by overwhelming its capacity."

The hacktivist group Anonymous has been suspected of launching the attacks against the hospital in retaliation of the hospital's involvement in an ongoing child custody case that had drawn national attention. That case involves two Connecticut parents who have lost custody of their teenage daughter, Justina Pelletier, to the state of Massachusetts over allegations by the hospital that the parents medically abused the girl.

You Tube Video

DOJ says that on March 23, 2014, Gottesfeld allegedly posted a YouTube video calling, "in the name of Anonymous, for action against the local hospital in response to its treatment of Patient A." The video, which was narrated by a computer-generated voice, stated that Anonymous "will punish all those held accountable and will not relent until [Patient A] is free," the statement says. "The YouTube video directed viewers to a posting on the website pastebin.com that contained the information about the hospital's server necessary to initiate an attack against that server," DOJ says.

Then, on April 19, 2014, the conspirators allegedly initiated an attack against the hospital server identified in the pastebin.com posting. That attack directed hostile traffic at the hospital's network for at least seven days, disrupted that network, and took the hospital's website out of service. The attack also disrupted the hospital's day-to-day operations, as well as the research being done at the hospital, DOJ says.

The hospital had to reallocate its resources in a significant way to ensure that patient care was not affected during this period, law enforcement say. "In an effort to ensure the attack did not compromise patient information, the hospital decided to shut down the portions of its network that communicated with the Internet and its e-mail servers," the DOJ statement says. "This effort successfully prevented the attackers from accessing any patient records or other internal hospital information. Responding to and mitigating the damage from this attack cost the hospital more than $300,000."

The Department of Justice did not immediately respond to Information Security Media Group's request for comment.

The charge of conspiracy provides for a sentence of no greater than five years in prison, three years of supervised release, a fine of $250,000 and restitution, the DOJ notes in its statement.

Getting Caught

The arrest of Gottesfeld for his alleged role in the cyberattack against the hospital is noteworthy for a few reasons, but especially for the circumstances of his capture.

"Whether a hacker gets caught depends on a variety of factors, including their initial location and their overall sophistication," says privacy attorney Kirk Nahra of law firm Wiley Rein LLP. "This guy apparently got 'caught,' in terms of being identified as a suspect, then really got caught trying to [allegedly] escape."

Had Gottesfeld successfully fled the U.S. and escaped to another country, such as Cuba, circumstances would have been more complicated, Nahra says. "Once he gets away, particularly to a foreign country, it becomes like any other crime, where the ability to prosecute depends on factors not having too much to do with the original crime," he says.

"This is an 'unusual' case only because of the storybook circumstances of the capture," Nahra says. Other than that, the case is also "maybe different at some level because it was targeted for a specific reason, rather than primarily to get information," he says.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.