In March, authorities in Los Angeles and the FBI disabled the powerful Distributed Denial of Service (DDoS) tool that the group, Anonymous Sudan, was using in the attacks.
The DDoS tool was also sold to other criminal groups, according to authorities.
Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, were both charged with one count of conspiracy to damage protected computers. Ahmed Salah was also charged with three counts of damaging protected computers.
If convicted on all charges, Ahmed Salah faces a maximum sentence of life in federal prison, and Alaa Salah faces a maximum of five years.
According to the indictment and criminal complaint unsealed Wednesday, Anonymous Sudan’s DDoS tool was used to launch more than 35,000 DDoS attacks, including at least 70 targeting computers in the greater Los Angeles area.
“Anonymous Sudan sought to maximize havoc and destruction against governments and businesses around the world by perpetrating tens of thousands of cyberattacks,” U.S. Attorney Martin Estrada said in a statement. “This group’s attacks were callous and brazen—the defendants went so far as to attack hospitals providing emergency and urgent care to patients.”
Seizing the DDoS tool disabled the attack platform that allegedly caused widespread damage and disruptions around the world, according to FBI special agent in charge Rebecca Day of the Anchorage field office.
Authorities disabled the tool in March through a court-authorized seizure of its key components. Specifically, the warrants authorized law enforcement to seize servers that launched and controlled the DDoS attacks, servers that relayed attack commands to a broader network of computers, and accounts containing the source code for the DDoS tools used by the group.
Victims of the attacks within the United States include the Justice, State and Defense departments, the FBI, Cedars-Sinai Medical Center in Los Angeles, and government websites for the state of Alabama, according to the U.S. Attorney’s Office.
A February attack closed the emergency department at Cedars-Sinai Medical Center, forcing the hospital to divert patients to other facilities for about eight hours during one incident.
Other victims include major U.S. technology platforms, including Microsoft Corp. and Riot Games Inc., and network service providers. The attacks resulted in reported network outages affecting thousands of customers.
Anonymous Sudan’s attacks have caused more than $10 million in damages to U.S. victims, according to authorities.
