Man Receives Maximum Sentence for DDoS Attack on Legal News Aggregator

An Iranian-born, U.S. naturalized 40-year-old man who launched multiple international cyber-attacks on media, bloggers, and legal news aggregation websites was sentenced on Monday to five years in federal prison and ordered to pay more than $520,000 in restitution, announced U.S. Attorney for the Northern District of Texas Erin Nealy Cox.

The defendant, born Kamyar Jahanrakhshan, changed his name to Andrew Rakhshan when naturalized as a US citizen. Mr. Rakhshan pleaded guilty in February 2020 to conspiracy to commit computer fraud. The sentencing judge, U.S. District Judge David C. Godbey, accepted the plea agreement which statutorily limited the defendant’s maximum sentence to 60 month incarceration.

According to plea papers, Mr. Rakhshan admitted to conspiring with others to launch a DDoS (distributed denial of service) attack in January 2015 on Leagle.com, a legal aggregation site that had posted publicly available information about his prior criminal conviction in Canada.  Leagle.com’s website was hosted by a provider located in Dallas, Texas.

Upon his arrest in July 2017, at his residence in a suburb of Seattle, Washington, Mr. Rakhshan was detained pending the outcome of the case.

At his original trial in March 2018, a federal jury voted to convict Mr. Rakhshan of knowingly causing the transmission of a command to a protected computer, an offense that carried a 10 year maximum prison term. However, in July 2018, Judge Godbey granted a defense motion for a new trial based on the defense attorneys’ sworn admissions that they were ineffective in representing their client at trial.  In April 2019, the government superseded the original indictment, adding the conspiracy charge. Mr. Rakhshan elected to plead guilty to the conspiracy charge on the morning his re-trial was to begin.  He received the statutory maximum sentence for his guilty plea, although the Judge implied that the sentence would have been higher had there not been a statutory maximum.

Testimony and evidence from the trial established that when attacking each victim, Mr. Rakhshan followed the same pattern.  First he would contact the targeted site and request that the site remove any publically available information about his 2013 criminal conviction in Canada.  Mr. Rakhshan initially claimed that the similarity of his name to the convicted person’s name was ruining his life.  When the websites refused to remove the data, Mr. Rakhshan first offered bribes to compel their compliance, then escalated his conduct through emails and faxes, by threatening to attack the site or associated sites.  In some instances, Mr. Rakhshan threatened to call in bomb threats.  Often, after initiating a successful DDoS attack, Mr. Rakhshan would contact the victim, admit to being the convicted person, brag about the successful attack, and threaten additional attacks.

Mr. Rakhshan purchased services from various booter services, such as ItsFluffy and RageBooter, to deploy the DDoS attack. The services offered by Rakhshan’s coconspirators allowed Mr. Rakhshan to flood the websites with traffic, overwhelming the servers and disabling the sites.  Mr. Rakhshan initiated multiple DDoS attacks against each victim, and most victims removed the data to stop the attacks.

At the sentencing hearing, the Judge also found that Mr. Rakhshan had obstructed justice by perjuring himself during a hearing in 2017.  Mr. Rakhshan lied about possessing 10 email addresses he used to facilitate the offense.  Mr. Rakhshan also lied about illegally returning to Canada after having been deported.  Mr. Rakhshan committed offense from at least December 2014 through at least August 2015 while residing in various states in the United States and in Vancouver, Canada.

The Federal Bureau of Investigation’s Dallas Field Office conducted the investigation with the assistance of the Toronto Police Service and the Australian Federal Police.