Man rescued by Disney cruise ship charged with hacking Boston Children’s Hospital

Disney might bring to mind a warm and fuzzy happy ending, but such was not the case for a 31-year-old man who sent out a distress call from his boat, was rescued by a Disney cruise ship near Cuba, and then arrested in Miami for his alleged involvement with an Anonymous cyberattack against Boston Children’s Hospital.

After Martin Gottesfeld and his wife pulled a ghost and vanished, relatives and his employer reported them missing. The FBI had been investigating him since October 2014, when the agency searched his house for evidence linking him to a cyberattack on the hospital. According to the DOJ press release, a few days ago, FBI “counterparts in the Bahamas” contacted Boston’s FBI to report that Gottesfeld was not a registered guest on the Disney cruise ship which rescued him at sea.

The case is linked to Justina Pelletier’s custody case, which garnered national attention in 2013 and 2014. She went to the Boston Children’s Hospital for the flu, having previously been diagnosed with mitochondrial disorder. But the hospital disagreed with that diagnosis and instead claimed her pain and symptoms were a result of mental illness. Fourteen months after the Department of Children and Families took custody of Pelletier, she said, “I feel like a prisoner.”

In March 2014, Gottesfeld tweeted a link to a Pastebin post doxing the judge and doctor, as well as demanding for the hospital to fire the doctor or “feel the full unbridled wrath of Anonymous.” A link to the same dox was included in the description for an #OpJustina video. Reuters reported that in 2014 he admitted to posting the video, but denied taking part in the attack.

A cyberattack was launched against the hospital server listed in the same Pastebin post about a month later. At the time, cybersecurity experts told the Boston Globe that there was “no direct evidence linking Anonymous to the attacks,” but it “bore the hallmarks” of an attack by Anonymous.

According to the Massachusetts U.S. Attorney, Gottesfeld allegedly posted the YouTube video claiming “Anonymous ‘will punish all those held accountable and will not relent until [Patient A] is free.’ The YouTube video directed viewers to a posting on the website pastebin.com that contained the information about the hospital’s server necessary to initiate an attack against that server.”

The DOJ claims the attack continued “for at least seven days,” disrupting the hospital’s network and day-to-day operations, taking down the hospital’s website and disrupting research being conducted at the hospital.

The press release added:

The hospital had to re-allocate its resources in a significant way to ensure that patient care was not affected during this period. In an effort to ensure the attack did not compromise patient information, the hospital decided to shut down the portions of its network that communicated with the Internet and its e-mail servers. This effort successfully prevented the attackers from accessing any patient records or other internal hospital information. Responding to, and mitigating, the damage from this attack cost the hospital more than $300,000.

If convicted of conspiracy, he could face up to five years in jail, a $250,000 fine and restitution, and three years of supervised release.