Case 1:16-cr-10305-FDS Document 28 Filed 10/19/16 Page 1 of 14

UNITED STATES DISTRICT COURT
DISTRICT OF MASSACHUSETTS
Crim. No.

{0305

UNITED STATES OF AMERICA

18U.S.C. §371 (Conspiracy)
V.

MARTIN GOTTESFELD,

18 U.S.C. §§ 1030(a)(5)(A), 2 (Intentional
Damage to a Protected Computer)
18 U.S.C. §§ 981(a)(1)(C), 982(a)(2)(B),
I030(i), and 28 U.S.C. § 2461 - Forfeiture
Allegations

Defendant

INDICTMENT

The Grand Jury charges:
BACKGROUND

1.

At all times relevant to this Indictment, MARTIN GOTTESFELD lived in

Somerville, Massachusetts, and worked in the information technology field.
2.

GOTTESFELD was concerned about what he believed were abuses at facilities -

which he called "the troubled teen industry" - that treat children and teens with serious emotional,

psychological, and medical problems. GOTTESFELD initially used web sites and social media
tools to bring attention to his cause.
Utah Treatment Facility
3.

GOTTESFELD first focused his attention on a residential treatment center in Utah

for adolescents with emotional and behavioral issues (the "Utah Treatment Center"). He created
a website and Twitter, Facebook, and YouTube accounts through which he advocated its
shutdown.

 Case Document 28 Filed 10/19/16 Page 2 of 14

4. In November 2013, the Utah Treatment Center was the target of a Distributed
Denial of Service attack.

5. DDOS attacks direct an enormous amount of network traf?c at the target computer
server, with the intent to overwhelm that server and disrupt online services. Successful DDOS
attacks can take a website or network of?ine for the duration of the attack, which can range from
an hour to days or even weeks.

6. The DDOS attack disrupted the Utah Treatment Center?s website intermittently
over several months.

7. In March 2014, an Idaho record management company (the ?Record Management
Company?) that managed patient records for the Utah Treatment Center, was also the target of a
DDOS attack.

8. On March 24, 2014, GOTTESFELD tweeted at the Record Management Company:
?Website troubles? Drop [the Utah Treatment Center] or we NEVER stop.?

9. The attack disrupted, for more than a month, the web portal that the Records
Management Company used to communicate with its clients. The Records Management Company
spent approximately $24,000 to respond to, and mitigate the damage from, the attack.

Patient A

10. In early 2014, GOTTESFELD began to focus on the highly publicized case of a
teenager (?Patient who was receiving medical treatment in Massachusetts. The press reported
that a Massachusetts state court judge had placed Patient A in the custody of the Massachusetts
Department of Children and Families because of concerns that her parents were interfering with

her treatment.

Case Document 28 Filed 10/19/16 Page 3 of 14

11. The issue of Patient A?s custody and medical care became a national media story,
with religious and political organizations and others asserting that the case was an example of
government interference with parental rights.

12. Patient A?s case attracted interest because he viewed it as similar
to situations he was concerned about at the Utah Treatment Center, including one involving an
extended family member.

13. News stories reported that Patient A had been treated at Boston Children?s Hospital
(?Children?s Hospital?) in 2013, and that in January 2014, she was transferred to the Wayside
Youth and Family Support Network (?Wayside?), a Framingham, Massachusetts residential
treatment facility.

14. Children?s Hospital is a not-for-pro?t, comprehensive center for pediatric health
care and is one of the largest pediatric medical centers in the United States. In addition to providing
clinical care, Children?s Hospital conducts interdisciplinary research into childhood illnesses and
disease and maintains the largest training program for pediatricians and pediatric subspecialists in
the United States.

15. Wayside provides a range of mental health counseling and family support services
to children, young adults, and families in Massachusetts. Wayside provides day
treatment and residential services at its Framingham campus and receives referrals from state
agencies, including the Massachusetts Department of Children and Families.

16. News stories reported that while Patient A was at Wayside, Children?s Hospital
continued to oversee Patient A?s outpatient care on a temporary basis, at the request of the

Department of Children and Families, until new providers could be located.

Case Document 28 Filed 10/19/16 Page 4 of 14

THE CONSPIRACY

17. In an effort to punish Wayside and Children?s Hospital for their role in the treatment
of Patient A and to pressure these institutions to end their involvement in that treatment,
GOTTESFELD and others with whom he communicated on-line (?the conspirators?) launched
disruptive attacks on the computer networks of Wayside and Children?s Hospital.

18. attacks disrupted the networks of both victim institutions and
were particularly disruptive to Children?s Hospital.

Wayside

19. On March 23, 2014, GOTTESFELD and an unindicted co-conspirator 
exchanged a series of Twitter direct messages discussing attacking the computer networks of
institutions involved in Patent A?s treatment. GOTTESFELD suggested that the ?rst target be
Wayside.

20. remotely surveyed Wayside?s website and reported to GOTTESFELD that it
would be easy to attack.

21. On March 25, 2014, the press reported that the state court judge had granted
permanent custody over Patient A to the Massachusetts Department of Children and Families.

22. That day, GOTTESFELD issued a series of public Twitter messages, which
included the hashtag #Anonymous, calling for attacks on the Wayside network. The conspirators
launched a DDOS attack against Wayside that day. The attack lasted for more than a week,
crippled Wayside?s website during that time, and caused it to spend more than $18,000 on response

and mitigation efforts.

Case Document 28 Filed 10/19/16 Page 5 of 14

Children?s Hospital

23. On March 23, 2014, GOTTESFELD posted a YouTube video calling, in the name
of the hacking organization Anonymous, for action against Children?s Hospital in response to its
treatment of Patient A. The video, which was narrated by a computer-generated voice, stated that
Anonymous ?will punish all those held accountable and will not relent until [Patient is free.?

24. The YouTube video also stated: ?To The Boston Children?s Hospital?why do you
employ people that clearly do not put patients ?rst? We demand that you terminate [physician]
from her employment or you too shall feel the full unbridled wrath of Anonymous. Test us and
you shall fail.? The physician named in the video had been identi?ed in press reports as being
involved in Patient A?s treatment.

25. The YouTube video that GOTTESFELD posted directed viewers to a posting on
the website pastebin.com that contained the information about the Children?s Hospital?s server
necessary to initiate a DDOS attack against that server.

26. On April 19, 2014, GOTTESFELD and the conspirators initiated a DDOS attack
against the Children?s Hospital server, located in Massachusetts, that was identi?ed in the
pastebin.com posting. The DDOS attack, which directed hostile traf?c at the Hospital?s network
for at least seven days, disrupted that network and took the Hospital?s website out of service. The
attack also disrupted the Hospital?s day-to-day operations as well as the research being done at the
Hospital.

27. In an effort to ensure the attack did not compromise patient information, the
Hospital decided to shut down the portions of its network that communicated with the intemet and
its e-mail servers. This effort successfully prevented the attackers from accessing any patient

records or other internal Hospital information.

Case Document 28 Filed 10/19/16 Page 6 of 14

28. This shutdown of the Children?s Hospital?s website, external intemet portal, and e-
mail servers, however, impacted the entire Hospital community and particularly the ability of
physicians outside of the Hospital to obtain medical records and of patients to communicate with
physicians. It also disrupted an important fundraising period for the Hospital by disabling the
Hospital?s fundraising portal.

29. Responding to, and mitigating, the damage from this DDOS attack cost Children?s
Hospital more than $300,000. Children?s Hospital also lost more than an estimated $300,000 in

donations because the DDOS attack disabled the Hospital?s ?indraising portal.

Case Document 28 Filed 10/19/16 Page 7 of 14

COUNT ONE
Conspiracy
(18 U.S.C. 371)

30. The Grand Jury realleges and incorporates by reference the allegations in
Paragraphs 1-29 of this Indictment, and ?irther charges that:

31. From approximately January 2014 through April 2014, in the District of
Massachusetts and elsewhere, the defendant,

MARTIN GOTTESFELD,
and others, conspired to knowingly cause the transmission of a program, information, code, and
command, and as a result of such conduct, to intentionally cause damage, without authorization,
to protected computers belonging to Wayside and Children?s Hospital, thereby causing the
potential modi?cation and impairment of the medical examination, diagnosis, treatment, and care
of one or more individuals, and further causing loss to one or more persons of at least $5,000 in
aggregated value during one year, in violation of 18 U.S.C. 1030(a)(5)(A) and 1030(c)(4)(B).
OVERT ACTS

32. In March 2014, GOTTESFELD and U0 1 sent each other a series of Twitter direct
messages in which they discussed the ?troubled teen industry,? Patient A, and possible targets of
attacks. GOTTESFELD suggested that they attack Wayside?s network. GOTTESFELD
communicated using the Twitter handle @Stoploganriver, while communicated using the
Twitter handle @Digitaghost. Approximately 284 direct messages between GOTTESFELD and
were recovered from one of laptop computers. Among the Twitter direct

messages were the following, each of which was an overt act in furtherance of the conspiracy, sent

on our about the date listed below:

Case Document 28 Filed 10/19/16 Page 8 of 14

a. Mar 22, 2014 4:00 AM EST @Stoploganriver: ?I?ve done the previous
d0xes on our site. I have two other volunteers, one is a vet, the other rook.
I?m a programmer, network eng., 

b. Mar 22, 2014 4:04 AM EST @Stoploganriver: ?there are 1000+ of these
?schools,? here. Hacking every single one of them, isn?t an option. I
wanted to show how it could be done. . 

c. Mar 22, 2014 4:06 AM EST @Stoploganriver: ?YourAnonCentral walked
away because we d0xed a woman. I guess that?s a pet pieve [sic] of theirs.
We d0x everyone, we don?t care.?

d. Mar 22, 2014 3:32 PM EST @Digitaghost: ?The longer [Patient A?s] case
gets drug out the bigger it will get.?

e. Mar 22, 2014 3:33 PM EST @Digitaghost: I?m here for the duration. I?m
just saying.?

f. Mar 22, 2014 3:33 PM EST @Stoploganriver: ?Yep, and I somehow
doubt Tuesday will be the end.?

g. Mar 22, 2014 3:35 PM EST @Stoploganriver: I want to keep my nose
clean too.?

h. Mar 22, 2014 3:35 PM EST @Digitaghost: ?Understood.?

i. Mar 22, 2014 3:35 PM EST @Stoploganriver: ?so far I haven't been
sued/arrested. I've been pretty careful. If they do, it's not the end of the
world though. I'm prepared.?

j. Mar 22, 2014 11:59 PM EST @Digitaghost: ?By the way I have big guns
for support. Quite a few oldfags want in on this if we strike them.?

k. Mar 23, 2014 12:00 AM EST @Stoploganriver: ?awesome. Let's hope the
judge releases her though and they are willing to go after [the Utah
Treatment Facility].?

1. Mar 23, 2014 12:01 AM EST @Digitaghost: ?Agreed.?

m. Mar 23, 2014 12:42 AM EST @Stoploganriver: ?yep. Best case, wayside
decides she?s too hot a potato discharges her forcing the state to do
something better, at least for now.?

n. Mar 23,2014 12:44 AM EST @Digitaghost: ?Exactly.?

Case Document 28 Filed 10/19/16 Page 9 of 14

aa.

bb.

CC.

Mar 23, 2014 12:45 AM EST @Digitaghost: ?We should make her hotter
than she already is.?

Mar 23, 2014 12:49 AM EST @Digitaghost: was also thinking of
attacking one target to show them we are not fucking around.?

Mar 23, 2014 12:50 AM EST @Digitaghost: ?S3xy wants to have some
anons do it but she?s English and asleep right now.?

Mar 23, 2014 12:51 AM EST @Digitaghost: It would require some
thought on who #Target first anyway. Vuln scans blah blah blah.?

Mar 23, 2014 12:51 AM EST @Stoploganriver: let me run it by the
family reps ?rst. I suggest Wayside.?

Mar 23, 2014 12:51 AM EST @Digitaghost: ?Okay.?

Mar 23, 2014 12:51 AM EST @Digitaghost: can probably get
something cooking by tomorrow.?

Mar 23, 2014 12:51 AM EST @Digitaghost: ?Need to see how sturdy
their pipes are.?

Mar 23, 2014 12:52 AM EST @Digitaghost: ?And to either deface or


Mar 23, 2014 12:52 AM EST @Stoploganriver: please start checking
it out, I?m waiting to hear back from [co-conspirator]. I bet they will want
to wait for Tuesday though.?

Mar 23, 2014 12:54 AM EST @Digitaghost: ?Okay. I'm thinking the same
thing. It will give me more time to organize anyway. Nest attack method.
etc. etc.?

Mar 23, 2014 12:54 AM EST @Digitaghost: ?Best*?

Mar 23, 2014 12:58 AM EST @Digitaghost: ?This fucking site looks like
one of your brainwashing schools.?

Mar 23, 2014 12:59 AM EST @Stoploganriver: ?It is basically one of
those schools, from what we can tell. That's how I was able to bring in
#ShutLoganRiver?

Mar 23, 2014 12:59 AM EST @Stoploganriver: ?that put this in our
of?cial purview.?

Case Document 28 Filed 10/19/16 Page March 23, 2014, GOTTESFELD posted a YouTube video calling for action

against Children?s Hospital, in response to its treatment of Patient A, and providing targeting

Mar 23, 2014 12:59 AM EST @Digitaghost: 
Mar 23, 2014 1:00 AM EST @Digitaghost: ?Framingham, MA right??

Mar 23, 2014 1:02 AM EST @Digitaghost: ?Apache servers left
unlatched. Lolololololololol. Fucking #OpSony all over again.?

Mar 23, 2014 1:03 AM EST @Digitaghost: ?Unpatched*?
Mar 23, 2014 1:04 AM EST @Digitaghost: ?We can tear that shit up.?

Mar 23, 2014 1:15 AM EST @Stoploganriver: ?well, I?m sorry to be
disturbing you like this, but I'm VERY happy to have the help.?

information for the Hospital?s server.

34. On or about March 25, 2014, the conspirators initiated a DDOS attack against

Wayside.

35. On or about April 20, 2014, GOTTESFELD and the conspirators initiated a DDOS

attack against Children?s Hospital.

Allin violation of 18 U.S.C. 371.

10

Case Document 28 Filed 10/19/16 Page 11 of 14

COUNT TWO
Intentional Damage to a Protected Computer
(18 U.S.C. 1030(a)(5)(A))
36. The Grand Jury realleges and incorporates by reference the allegations in
Paragraphs 1-29 and 32-35 of this Indictment, and timber charges that:
37. On or about April 20, 2014, in the District of Massachusetts and elsewhere, the
defendant,
MARTIN GOTTESFELD,
did knowingly cause and aid and abet the transmission of a program, information, code, and
command, and as a result of such conduct, intentionally caused damage, without authorization, to
a protected computer within the District of Massachusetts, belonging to Children?s Hospital, and
the offense caused the potential modi?cation and impairment of the medical examination,
diagnosis, treatment, and care of one or more individuals, and ?irther caused loss to one or more

persons of at least $5,000 in aggregated value during one year.

All in violation of 18 U.S.C. 1030(a)(5)(A), 1030(c)(4)(B), 2.

ll

Case Document 28 Filed 10/19/16 Page 12 of 14

CONSPIRACY FORFEITURE ALLEGATION
(18 U.S.C. 981(a)(1)(C) and 28 U.S.C. 2461)

38. Upon conviction of the offense in violation of Title 18, United States Code, Section
371, set forth in Count One of this Indictment,
MARTIN GOTTESFELD,
defendant herein, shall forfeit to the United States, pursuant to Title 18, United States Code,
Section 981(a)(1)(C) and Title 28, United States Code, Section 2461(c), any property, real or
personal, which constitutes or is derived from proceeds traceable to such offense.
39. If any of the property described in Paragraph 38 above, as a result of any act or
omission of the defendant:
cannot be located upon the exercise of due diligence;
has been transferred or sold to, or deposited with, a third party;
has been placed beyond the jurisdiction of the Court;
has been substantially diminished in value; or

has been commingled with other property which cannot be divided
without dif?culty;

it is the intention of the United States, pursuant to Title 28, United States Code, Section 2461(c),
incorporating Title 21, United States Code, Section 853(p), to seek forfeiture of any other property
of the defendant up to the value of the property described in Paragraph 38 above.

All pursuant to Title 18, United States Code, Section 981(a)(1)(C) and Title 28, United

States Code, Section 2461(0).

12

Case Document 28 Filed 10/19/16 Page 13 of 14

INTENTIONAL DAMAGE TO A PROTECTED COMPUTER FORFEITURE
ALLEGATION
(18 U.S.C. 982(a)(2)(B) and 18 U.S.C. 1030(i))
40. Upon conviction of the offense in violation of 18 U.S.C. 1030(a), set forth in
Count Two of this Indictment,
MARTIN GOTTESFELD,
defendant herein, shall forfeit to the United States: any property constituting, or derived from,
proceeds obtained, directly or indirectly, as the result of such offense, pursuant to 18 U.S.C.
and defendant?s interest in any personal property that was used or intended to
be used to commit or to facilitate the commission of such violation; and any property, real or
personal, constituting or derived from, any proceeds that the defendant obtained, directly or
indirectly, as a result of such offense, pursuant to 18 U.S.C. 1030(i).
41. If any of the property described in Paragraph 40 above, as being forfeitable pursuant
to 18 U.S.C. 982(a)(2)(B) and 1030(i), as a result of any act or omission of the defendant:
cannot be located upon the exercise of due diligence;
has been transferred or sold to, or deposited with, a third party;
(0) has been placed beyond the jurisdiction of the Court;

has been substantially diminished in value; or

has been commingled with other property which cannot be divided
without dif?culty;

it is the intention of the United States, pursuant to 18 U.S.C. 982(b)(1) and 1030(i)(2), both
incorporating 21 U.S.C. 853(p), to seek forfeiture of any other property of the defendant up to
the value of the property described in Paragraph 40 above.

All pursuant to 18 U.S.C. 982 and 1030.

13

Case Document 28 Filed 10/19/16 Page 14 of 14

A TRUE BILL,

721% MW

Foreperso The Grand] ry

    
    

(7)

Am Boo

David]. 
Assistant United States Attorneys KW 



DISTRICT OF MASSACHUSETTS October 19, 2016

14