Case 1:15-cr-00067-RDM Document 31

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 1 of 82
IN THE UNITED STATES DISTRICT COURT

FOR THE DISTRICT OF COLUMBIA
UNITED STATES OF AMERICA,
Plaintiff,
v.
MIR ISLAM
Defendant.
)
)
)
)
)
)
)
)
)
Crim. No. 15-cr-67 (RDM)

UNDER SEAL
DEFENDANTS MEMORANDUM IN AID OF SENTENCING

Defendant Mir (Josh) Islam stands before the Court to be sentenced pursuant to his guilty
plea to a three-count information. As explained below, Mr. Islam has matured immensely during
his 34 months of incarceration and has taken great strides to atone for his behavior and overcome
the mental health issues that contributed to it. Accordingly, it is respectfully submitted that a
sentence of time served and 36 months of supervised release would represent a sentence that is
sufficient, but not greater than necessary to meet the purposes of sentencing reflected in 18 U.S.C.
3353(a). Such a sentence would be longer than many if not most sentences in similar cases, and
would adequately punish conduct by an immature and mentally-ill teenager who, by the
governments own admission, has earned a departure from the applicable guidelines range.
LEGAL STANDARD
The fundamental requirement of federal sentencing is that it result in a sentence sufficient,
but not greater than necessary, to comply with the purposes set forth in 18 U.S.C. 3553(a)(2). In
accomplishing that task, the sentencing court must consider: (1) the nature and circumstances of
the offense; (2) the history and characteristics of the defendant; (3) the need for the sentence
imposed to reflect the seriousness of the offense, to provide just punishment for the offense, to
afford adequate deterrence to criminal conduct, to protect the public from further crimes of the
defendant, and to provide the defendant with needed correctional treatment; (4) the kinds of
sentences available; (5) the Sentencing Guidelines and related Sentencing Commission policy
statements; (6) the need to avoid unwarranted sentencing disparities; and (7) the need to provide
restitution to any victims of the offense. These requirements reflect the uniform and constant
federal judicial tradition of considering every convicted person as an individual and every case as
a unique study in the human failings that sometimes mitigate, sometimes magnify, the crime and
the punishment to ensue. Gall v. United States, 552 U.S. 38, 52 (2007) (quotation omitted).
ANALYSIS
I.
Further Imprisonment Is Not Necessary to Meet the Goals of Sentencing Under Section
3553(a)
A. Sentencing Guidelines and Sentencing Commission Policy Statements
As a matter of administration and to secure nationwide consistency, the Sentencing
Guidelines should be the starting point and the initial benchmark for determining the defendants
sentence. Gall, 552 U.S. at 49. In the ordinary case, the Commissions recommendation of a
sentencing range will reflect a rough approximation of sentences that might achieve 3553(a)s
objectives. Kimbrough v. United States, 552 U.S. 85, 89-90 (2007) (quoting Rita v. United States,
551 U.S. 338, 447 (2007)).
Here, the Sentencing Commissions guidelines and policy statements strongly support the
defense recommendation of time served, which with good time credits amounts to an effective
sentence of 37 months. Both parties and the PSR agree that the correct guidelines range is 41 to 51
months. But the government has also filed a motion pursuant to USSG 5K1.1, recognizing that
Islam provided substantial assistance to authorities. Thus, the governments request for a sentence
in the middle of the guidelines range conflicts with the policy statements stating that courts should
2
make an appropriate reduction from the guidelines range based on a list of factors related to the
defendants cooperation. USSG 5K1.1(a) (emphasis added); see also id. at 5K1.1 (describing
purpose of provision as allowing a court to depart from the guidelines) (emphasis added).
According to data compiled by the Sentencing Commission, the average downward departure for
5K1.1 motions is 52.6 percent from the bottom of the original guideline rangeover five times
the reduction requested by Islam. U.S. Sentencing Commission, 2014 Sourcebook of Federal
Sentencing Statistics, at Appendix A, Table A-1. Thus, by any measure, the less than ten percent
departure from the guidelines range requested by the defense is an appropriate reduction that
furthers the policies underlying the guidelines and rewards defendants for the often life-threatening
assistance they provide to the government.
B. Nature and Circumstances of the Offense
The government rightfully characterizes the offenses in this case as serious.
They
encompass three basic crimes: (i) doxing, or the posting of personally-identifying information
such as dates of birth, social security numbers, and fraudulently-obtained credit reports online;
(ii) swatting, or the harassing of individuals through false reports to 911 of emergency situations
with the intention of causing a dangerous invasion of the persons homes by heavily-armed police;
and (iii) the severe and intrusive harassment of A.R.T., an individual with whom Islam became
infatuated, including a swatting incident that resulted in the closure of her university. These
crimes exploit the increasingly digital nature of peoples lives to invade their privacy and subject
them to harassment and even the risk of violence. Swatting in particular is a reprehensible act
that endangers the lives of both police and innocent victims and wastes scarce public resources. As
reflected in the undisputed guidelines range of 41-51 months, these crimes deserve of a period of
incarceration.
Without minimizing the serious nature of these crimes, however, there are factors for each
offense that are mitigating to a certain degree or place the offense in a necessary broader context.
With regard to the doxing offenses, for example, the webpage created by Islam and his coconspirators, The Secret Files, was only online and accessible online for three short periods of 8,
20, and 20 days each,1 and there is no evidence that any of the information was used by members
of the public. PSR 21-27. Moreover, although Islam and his co-conspirators indisputably broke
the law by posing as third-parties to obtain credit reports and then posting the reports online, the
general practice of doxing public figures is not actually illegal if the information is obtained
legally. See Ex. 1 (Christine Pelisek, Doxxing: Its Like Hacking, But Legal, THE DAILY BEAST
(March 13, 2013)) (reporting on the Secret Files website created by Islam and his co-conspirators,
describing it as a classic case of doxxing and stating that [i]n many cases, its not even illegal).
This veneer of legality, especially as perceived by the immature minds of the teenage coconspirators, should be taken into account. Finally, the co-conspirators motivations reveal a
misguided but public-minded spirit and desire for attention not uncommon among teenagers. For
example, in one of their most notorious hacks, Islam and his co-conspirators temporarily disabled
4chan.com, a popular image-sharing website where users regularly traded jailbait photos of
young girls, because Islam thought everyone on 4chan was a child molester. Ex. 2 (Mat Honan,
Cosmo, the Hacker God Who Fell to Earth, WIRED (September 11, 2012)) (quoting E.T., a coconspirator known as, Cosmo the God). Similarly, in a farewell statement on their Exposed
website, the co-conspirators quoted extensively from the farewell message of another prominent
group of hackers, Lulz Security, issued in 2011 on George Orwells birthday:
Although the second and third of the periods ended with a law enforcement request to take the site
offline, the first period ended voluntarily and was accompanied by a farewell message.
4
While we are responsible for everything that The Lulz Boat is, we are not tied to
this identity permanently. Behind this jolly visage of rainbows and top hats, we are
people. People with a preference for music, a preference for food; we have varying
taste in clothes and television, we are just like you. Even Hitler and Osama Bin
Laden had these unique variations and style, and isnt that interesting to know?
The mediocre painter turned supervillain liked cats more than we did.
Again, behind the mask, behind the insanity and mayhem, we truly believe in the
AntiSec movement. We believe in it so strongly that we brought it back, much to
the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that
the movement manifests itself into a revolution that can continue on without us.
The support weve gathered for it in such a short space of time is truly
overwhelming, and not to mention humbling. Please dont stop. Together, united,
we can stomp down our common oppressors and imbue ourselves with the power
and freedom we deserve.
So with those last thoughts, its time to say bon voyage. Our planned 50 day cruise
has expired, and we must now sail into the distance, leaving behind - we hope inspiration, fear, denial, happiness, approval, disapproval, mockery,
embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we
had a microscopic impact on someone, somewhere. Anywhere.
Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we
head for the horizon.
Ex. 3 (Jason Mick, LulzSec Departs, Fires Parting Shot 812,000 User Accounts Leaked, Daily
Tech (June 26, 2011) (words copied by Islams group in italics); see also PSR, 23 (quoting Islams
farewell message). Like the LulzSec hackers, Islam and his co-conspirators broke the law and
must be punished. However, the fact that they were teenagers reflecting an immature yet principled
mindset common in the hacker community softens the edges in the governments portrayal, and
should be taken into consideration.
Similarly, although Islam and his co-conspirators repeated swatting of celebrities and
public officials was extremely traumatic and dangerous for their victims, there are additional
circumstances that also help to put this crime in context. Specifically, in the online gaming
communities in which Islam and his coconspirators practically lived and breathed, swatting was an
unfortunately common tactic used by competitive gamers to harass their opponents during or after
online matches. See Ex. 2 (Mat Honan, Cosmo, the Hacker God Who Fell to Earth, WIRED
(September 11, 2012)); see also Real SWAT Team Raid Shooting Gamer Live on Twitch,
YOUTUBE, available at https://www.youtube.com/watch?v=Dzav_Fjlz1M (last accessed July 7,
2016);
10
Streamers
Get
Swatted
Live,
YOUTUBE,
available
at
https://www.youtube.com/watch?v=TiW-BVPCbZk (last accessed July 7, 2016).

Indeed, a member of the charged conspiracy here nonchalantly reported being subjected to
both doxing and swatting on multiple occasions as a result of his online gaming activities:
[E.T.]s name and address his documents, or dox as hackers know them
have long been published online. And its meant hes been a target for both
vengeance and lulz just, you know, because hes Cosmo the God and one of the
more notorious social engineers around.
Someone also swatted my house, he tells me, smiling. It happens a lot to me.
Well, the SWAT team was only once at my house, but lots of time with the local
police department. Swatting is a vicious prank where a hacker uses an internet
call system to report a hostage situation, which scrambles local law enforcement to
the victims doorstep.
Through AOL, you can use AT&T Relay to call the SWAT. Its for handicapped
people. You have to sign up, but its easy to sign up. You just instant message the
username AT&T Relay and then 911. They ask whats your location, the
emergency. Thats what they did to me. Thats what they did to my school too,
because theres less ways of getting caught.
[E.T.] shrugs at this, like its all perfectly normal stuff for a teenage boy. And the
thing is, in 2012, it is perfectly normal for a bored teenage boy on the edge of
delinquency. Instead of egging cars and swinging bats at mailboxes, hes breaking
into e-mail accounts.
Id. Again, this does not excuse or condone the use of swatting by E.T. and Islam, which wasted
public resources and exposed their victims to dangerous and traumatizing encounters with heavilyarmed police. However, it does help explain how doxing and swatting came to be viewed as
normal by teenagers immersed in this new online world, and thus why it was seen by Islam and
his co-conspirators in their immaturity as an acceptable prank to make political statements or

garner attention for their website.2
Finally, the government rightfully describes Islams cyberstalking of A.R.T., which
subjected her to emotional distress, anxiety, and fear for her safety, as extremely serious. However,
it is significant that at the time, Islam was suffering from untreated obsessive-compulsive disorder
(OCD), which fueled his obsession for A.R.T. and drove him to try to contact her through any and
all means. As asserted in his sole objection to the PSR, Islam never intended to harm A.R.T. in any
way, and certainly did not attempt to intimidate her, as the government suggests. Gov. Mem. at
13. Moreover, Islam believed at the time that he had communicated and developed a relationship
with A.R.T. through weeks of online conversations, causing him extreme confusion and anxiety by
her refusal to interact with him in the non-virtual world. A.R.T. denied ever communicating with
Islam, and told authorities she has little to no online life. If that is true,3 then it is highly likely that
Islams other co-conspirators pretended to be A.R.T. specifically to toy with him, knowing he had
a fragile mental state at the time. Indeed, one of Islams co-conspirators reported to the FBI that he
believed that to be the case because these associates liked to mess or fool around with Islam.4
Thus, while in no way excusing his conduct, Islams obsession with A.R.T. and harassing attempts
In addition to being perceived as a normal prank by Islam and his coconspirators at the time, it
is also noteworthy that swatting, like doxing, was not a violation of federal law in all circumstances.
See, e.g., Ex. 5 (Press Release, Office of Representative Katherine Clark, Clark bill aims to combat
dangerous swatting hoaxes (Nov. 18, 2015) (While federal law prohibits using the
telecommunications system to falsely report a bomb threat hoax or a terrorist attack, falsely
reporting other emergency situations is not currently prohibited.)).
2
A document produced in discovery suggests that the FBI agents who interviewed A.R.T. believed
she may have been untruthful about her internet usage and history, but does not elaborate on the
reasons for this conclusion.
4
This information was reported in an email to undersigned counsel by AUSA Weiss. The email
noted that the government has not found any evidence substantiating this speculation by Islams
co-conspirator, however.
7
to communicate with her and her friends was at least in part a reaction to the confusing disconnect
between the real world and what he experienced online, as exacerbated by his untreated obsessivecompulsive disorder.
C. History and Characteristics of the Defendant
Islams history and characteristics before and after his incarceration include several strongly
mitigating factors supporting the recommended sentence. Specifically, Islams youth and mental
health problems before his arrest, and his subsequent maturation, educational progress, and
successful mental health treatment, show that he is a profoundly changed individual who would be
extremely unlikely to return to criminal conduct.
1. Background
Islam was born in Bangladesh on June 24, 1994. His family emigrated to the United States
in 2000 and settled in Bronx, New York. After a fairly normal childhood, Islam developed several
mental health problems in adolescence, including bipolar disorder, chronic depression, obsessive
compulsive disorder (OCD), and attention deficit and hyperactivity disorder (ADHD). None of
these conditions were treated. Around the same time, Islam began immersing himself in online
gaming, chatting, and other activities. These activities functioned as an addiction, both soothing
and exacerbating his mood and attention disorders. As a result, Islam dropped out of high school
and began spending 15-18 hours a day online without interruption or parental intervention.
It was during this period, while he was still a minor, that Islam became involved in the
carding activities that led to his arrest in the Southern District of New York shortly after his 18th
birthday. According to the New York PSR, these activities began in 2009, when Islam was just 14
or 15 years old. For Islam and the other teenagers he met online, the Internet was a powerful and
seductive playground that allowed them to purchase food and electronics with stolen credit card
numbers before they were even old enough to drive, as well as chase fame and attention through
8
celebrity-related doxing and hacks. According to Islam, at the time he viewed these activities as
adolescent pranks, and it was difficult to connect the thrill he received from his virtual activities to
any real-world consequences. That was so even after he was arrested the day after his 18th birthday,
since he was spared the lessons of prison when he was granted pretrial release. This helps explain
why, even while cooperating with the government in his pending case, Islam conspired with his
friends to create the doxing and swatting website.
All that changed when Islams release was revoked and he was forced to experience the
reality of life in prison for the first time. Islam spent the life-changing, formative years that many
young people spend in college in Queens Detention Facility. There he experienced enormous
hardship and was subjected to unusually harsh and punitive conditions, with lifelong affects. For
example, upon his remand into custody, Islam was placed into a unit where he had to share one
toilet and sink with twenty-five other inmates, not to mention insects and vermin. A restless sleeper,
Islam requested to be placed on a bottom bunk for safety reasons. Prison officials ignored this
request, and in 2013 Islam fell off of the top bunk and suffered a herniated disc and nerve damage
in his legs and right arm, causing him chronic pain to this day. PSR 134. On another occasion,
Islam was provided vitamins by correctional staff contaminated by mold. Id. The vitamins caused
damage to the cartilage in his wrists and knees, pain in his clavicle, and discoloration on his skin,
and exacerbated his chronic pain.
These experiences served as a wake-up call and set Islam on the path hes on today. The
change in Islam is evidenced in his educational and emotional progress. After dropping out of
school, Islam earned his GED in December 2013 while incarcerated, PSR 144, and in August
2014 successfully graduated from a twelve-week program through the Focus Forward Project, PSR
145. In a letter to the court, Naomi Chakofsky-Lewy, Coordinator of the Focus Forward Project,
eloquently describes the contributions Islam made to the class and his personal growth and maturity
as a result of his participation in the program. Ex. 7. After working with him for twelve weeks,
Ms. Chakofsky-Lewy describes Islam as an intelligent, caring, supportive man with tremendous
gratitude toward those who have helped him, and expressed her strong belief that Mirs
experiences have made him a wiser, more self-aware, more thoughtful person, and that he will
continue to apply the lessons hes learned for the rest of his life. Id.
Obtaining treatment for his mental health issues played an indispensable role in this
turnaround. As noted in the PSR, Islam now takes Celexa (antidepressant); Depakote (treatment
for bipolar disorder); Wellbutrin (antidepressant); and Effexor (antidepressant). PSR 136. This
has allowed him to experience a level of mental stability he lacked growing up, and freed him of
the compulsive need to seek stimulations through addictions like the Internet and obsessive
romantic attachments. He has also matured in his outlook on life. As he wrote in his letter to the
court, Islam is grateful for his arrest, and credits the government with saving his life. Ex. 8. This
perspective is incredibly mature and shows the tremendous strides Islam has made.
2. Sentencing Implications
This brief discussion of Islams history and characteristics includes several factors noted by
sentencing courts as mitigating factors justifying a downward departure or variance:
(a) Youth
The Supreme Court has cited youth as an important mitigating factor on multiple occasions.
See Gall, 552 U.S. at 58 (Immaturity at the time of the offense conduct is not an inconsequential
consideration.While age does not excuse behavior, a sentencing court should account for age
when inquiring into the conduct of a defendant.) (quoting sentencing court). This is so even for
defendants like Islam, who, having just turned 18, was not technically a minor at the time of these
offenses. See id. (stating that [r]ecent studies on the development of the human brain conclude
10
that human brain development may not become complete until the age of twenty-five, and noting
that the recent [National Institute of Health] report confirms that there is no bold line demarcating
at what age a person reaches full maturity.). As the Supreme Court has explained, [t]he relevance
of youth as a mitigating factor derives from the fact that the signature qualities of youth are
transient; as individuals mature, the impetuousness and recklessness that may dominate in younger
years can subside. Roper v. Simmons, 543 U.S. 551 (2005). Moreover, courts have also
recognized that young or first-time offenders are good candidates for lower sentences based on their
lowered risk of recidivism, as established in Sentencing Commission studies. See, e.g., United
States v. Ross, 557 F.3d 237 (5th Cir. 2009); United States v. Prisel, 316 F. Appx 377 (6th Cir.
2008); United States v. Cabrera, 567 F. Supp. 2d 271 (D. Mass. 2008) (citing studies).
(b) Mental health issues
A history of mental health issues is also an important mitigating factor, for two main
reasons. First, courts recognize that a defendant should be judged less harshly when his criminal
conduct was spurred in part by a mental health condition.5 Second, diagnosis and treatment of a
defendants mental health problems is one of the strongest factors that reduces the risk of
See, e.g., United States v. Ferguson, 942 F. Supp. 2d 1186, 1194 (M.D. Ala. 2013) (noting that
diminished capacity is relevant to 3553(a) factors as well as 5K 2.13 departure and varying
down to sentence of probation where defendant suffered from schizoaffective disorder, PTSD, and
neurocognitive limitations); United States v. Pallowick, 364 F. Supp. 2d 923 (E.D. Wis. 2005)
(imposing sentence of 46 months where defendant was convicted of six armed bank robberies and
Guidelines were 70-87 months because defendants major depressive disorder and anxiety disorder
played major role); United States v. Lighthall, 389 F.3d 791 (8th Cir. 2004) (affirming downward
departure where college student with obsessive compulsive disorder obsessively collected child
pornography); United States v. Ruklick, 919 F.2d 95, 97, 99 (8th Cir. 1990) (affirming downward
departure where defendant suffered from schizophrenic affective disorder that predated drug abuse
and impaired his judgment); United States v. Garcia, 497 F.3d 964 (9th Cir. 2007) (affirming
district courts discretion to consider defendants alleged diminished mental capacity due to drug
addiction); United States v. Menyweather, 431 F.3d 692, 698 (9th Cir. 2005) (affirming 8-level
departure and probationary sentence in embezzlement case in part due to defendants post-traumatic
stress disorder (PTSD)).
11
recidivism.6 Here, all of Islams crimes occurred while his depression, bipolar disorder, OCD, and
ADHD were undiagnosed and untreated.
This undoubtedly contributed significantly to his
impulsive and obsessive behavior toward A.R.T. and other addictive online activities. Having been
treated for the first time in prison, Islam has experienced enormous progress in his mood stability,
and reports feeling like a different person with no psychological connection to the overweight,
depressed, and obsessed individual he was at the age of eighteen. Ex. 8. This strongly weighs in
favor of the recommended sentence.
(c) Lack of prior experience with incarceration
Although the government emphasizes as an aggravating factor that the instant offenses were
committed while Islam was facing charges in his New York case, at that time Islam was a first-time
offender with no prior experience being incarcerated. As many courts have recognized, time in
prison has greater significance for those imprisoned for the first time, and thus, that a lesser prison
term is sufficient to deter a defendant who has never been subject to prior lengthy incarceration.
See, e.g., United State v. Baker, 445 F.3d 987 (7th Cir. 2006) (affirming downward variance to 78
months from 108 months justified in part by judges finding that prison would mean more to the
defendant than one who has been imprisoned before, which resonated with the goal of just
punishment in 3553(a)(2)(A) and adequate deterrence in Section 3553(a)(2)(B)); United States
v. Cull, 446 F. Supp. 2d 961 (E.D. Wis. 2006) (non-guideline sentence of 2 months in jail and 4
See, e.g., United States v. Ross, 557 F.3d 237 (5 Cir. 2009) (reversing sua sponte increase of
original below-guideline sentence where original sentence was based on defendants lack of
criminal history, strong family support, and youth as mitigating factors, and a psychiatrist who had
evaluated the defendant had testified that he had a low likelihood of recidivism); United States v.
Prisel, 2008 WL 4899451 (6th Cir. 2008) (affirming sentence of one day of imprisonment with
three years of supervised release, despite guidelines range of 27-33 months, where district court
cited the defendants age and his mental and emotional condition, and psychiatric testimony
indicated that his risk of recidivism was low).
12
months home confinement, where advisory range was 10-14 months for marijuana offense by
defendant who had never been confined, was sufficient to impress on him the seriousness of his
crime and deter him from re-offending).7
(d) Harsh conditions of confinement
Similarly, where a defendant has spent the pretrial period of incarceration under unusually
harsh conditions, courts recognize that a shorter period of post-sentencing incarceration is
appropriate, both as a matter of justice and deterrence. See, e.g., United States v. Pressley, 345 F.3d
1205 (11th Cir. 2003); United States v. Carty, 263 F.3d 191 (2d Cir. 2001); United States v. Ortiz,
2007 WL4208842 (D. N.J. Nov. 27, 2007); United States v. Mateo, 299 F. Supp. 2d 201 (S.D.N.Y.
2004); United States v. Rodriguez, 214 F. Supp. 2d 1239 (M.D. Ala. 2002); United States v. Bakeas,
987 F. Supp. 44, 50 (D. Mass. 1997). Here, Islams incarceration included 4 months of protective
solitary confinement, and resulted in injuries that will continue to affect him for years, if not for the
rest of his life, including a herniated disc, nerve damage, and damaged cartilage in his wrists and
knees.
In light of the harshness of this period of confinement, additional confinement is
unnecessary both as a matter of punishment and to deter Islam from future crimes, since his own
body will long provide him with painful reminders of this period his life.
See also United States v. Collington, 461 F.3d 805 (6th Cir. 2006) (affirming sixty-month
downward variance where defendant had only been incarcerated for seven months prior to his
crime, despite being in Criminal History Category IV); United States v. Newhouse, 919 F.Supp. 2d
955 (N.D. Iowa 2013) (varying down from career offender range to a ninety-six month sentence
where defendants only two prior convictions resulted in probationary sentences); United States v.
Moreland, 568 F. Supp. 2d 674 (S.D. W. Va. 2008) (rejecting career offender Guideline range of
30 years to life to impose statutory minimum 120 months for a defendant whose remote and nonviolent predicate convictions were cumulatively penalized by less than six months in jail); United
States v. Qualls, 373 F. Supp. 2d 873, 877 (E.D. Wis. 2005).
13
(e) Education and rehabilitation

Courts recognize that efforts by a defendant to educate and rehabilitate himself after an
arrest are relevant considerations in mitigation during sentencing, because a courts duty is always
to sentence the defendant as he stands before the court on the day of sentencing. United States v.
Bryson, 229 F.3d 425, 426 (2d Cir. 2000). See also Pepper v. United States, 131 S. Ct. 1229,
1242 (affirming resentencing based on up-to-date picture of [defendants] history and
characteristics). Here, Mr. Islams arrest helped him escape the fog of his former life, where he
was a high school dropout spending 15-18 hours a day on the internet gaming, chatting, and
hacking, spurring him to grow into a mature young man who obtained his GED, addressed his
psychiatric issues, and successfully graduated from the Focus Forward Project. Exs. 7, 8.
(f) Cooperation and its long-term consequences
Finally, above and beyond the sentencing benefit defendants are entitled to receive under
5K1.1, courts recognize that a history of substantial assistance by a defendant is a relevant
sentencing characteristic both because it reflects a turn away from criminal activity by the
defendant, and because it often carries risks to the defendants safety that will persist long after his
sentence has been completed. Here, Islam has cooperated substantially in two cases, demonstrating
his complete rejection of his criminal past and subjecting him to double the risk of future retaliation.
This ongoing risk, and the rejection of criminal associations it reflects, should be considered as a
mitigating personal characteristic justifying a substantial downward variance.
D. The Need to Reflect the Seriousness of the Offense, to Promote Respect for the Law,
and to Provide Just Punishment for the Offense
The guidelines range in this case41 to 51 months for the lowest criminal history
categoryadequately reflects the seriousness of the offenses in this case, promotes respect for the
law, and provides for just punishment. In seeking a sentence of time served, Islam is asking only
14
for a small departure from this range of four months in recognition of cooperation the government
has deemed substantial enough to merit the filing of a 5K1.1 motion. The government, on the
other hand, asserts that the guidelines understate the seriousness of Islams offenses to such a degree
that the Court should take the extraordinary step of giving a mid-range guidelines sentence in a case
involving a 5K1.1 motion.
To support this argument, the government describes what the
guidelines range would be in a series of alternative scenarios, such as if Islam had been prosecuted
serially in Arizona and the District rather than together, or if he had been sentenced to sixty days or
more in New York, or if the time he has spent in prison were not to be credited to this case.
But even granting the government the benefit of all of the alternative scenarios it proposes,
its recommended sentence is still too high as measured by the average sentence reductions in cases
involving a 5K1.1 motion. The maximum range discussed by the government would have
occurred had Islam (i) been sentenced to more than 60 days in New York, resulting in a criminal
history category of II; (ii) sentenced in this case, with a guidelines range of 30-37 months based on
a level 18 and criminal history category of II; and then (iii) sentenced in Arizona, with a guidelines
range of 37-46 months, based on a level 19 and a criminal history category of III. Under this
scenario, Islams combined sentencing range for the instant offenses, if sentenced consecutively,
would be 67-83 months. Applying the average sentencing reduction in 5K1.1 cases of 52.6 % to
the bottom range of this figure results in a sentence of 32 months. Since under this scenario, Islam
would have 60 fewer days of credit in this case than he actually received, his total effective sentence
would be 34 months in this casealmost exactly time-served, and less than time-served after
factoring in Islams credits for good time. Accordingly, even under the governments argument,
time served is an appropriate sentence once Islams substantial cooperation is taken into account.
15
More fundamentally, however, there is no reason to indulge the government in its

multiplicity of hypothetical guidelines calculations under alternative factual scenarios, since each
of those scenarios ignores several equally pertinent factors cutting against the government. For
example, a sentence for Islam of 60 days in New Yorkan arbitrary number picked to increase
Islams hypothetical criminal history scorewould have exceeded the sentences of other
defendants in the New York case, many of which received probationary sentences. Islams sentence
was thus not as extraordinarily light and charitable [a] sentence as the governments argument
makes it sound.8 Moreover, the great reduction in Islams sentence reflected the high value the
government received from Islams cooperation, as perceived by the trial court and probation.
Having received those benefits, the government cannot simply wish that the trial court viewed them
as less valuable. Finally, the governments guidelines math depends on layering simultaneous
criminal conduct committed before Islam had any criminal convictions in order to increase Islams
criminal history category for each offense; but as explained above, courts regularly vary downward
when a defendant has not spent time in prison prior to committing an offense, since in such cases
the criminal history category score overstates the defendants exposure to the criminal justice
system and the deterring effects of prison. Thus, it is unlikely that there would have been any
practical effect of prosecuting Islam serially in two jurisdictions as opposed to one, since any
pragmatic sentencing judge would have treated like facts the same.
In addition to ignoring these countervailing factors, the governments argument forgets its
own recommendation of a similarly dramatic departure from the guidelines in another high profile
hacking case prosecuted by the same New York office. In United States v. Monsegur, 11-cr-666
Of course, the sentence also included 36 months of supervised release, which subjects Islam to
the possibility of further incarceration should a violation of his conditions be proven by a mere
preponderance of the evidence.
16
(LAP) (S.D.N.Y. 2014), the defendant was a key leader of the Lulz Security hacking groupthe
same group whose farewell message was copied by Islams group on their Secret Files website.
Ex. 3. Like Islam, Monsegur initially violated his release conditions and was remanded back into
custody. Ex. 6 at 7. He was released seven months later to continue cooperating, and eventually
earned a 5K1.1 motion from the government. In the motion, the government recommended that
Monsegur be sentenced to time served, which reflected a departure of 252 monthsalmost twice
Islams departure, and approximately 97% off his guidelines range of 259-317 months. Notably,
this range was itself lowered by the transfer and simultaneous resolution of four other cases against
Monsegur from other district courts, the very practice the government cited as an aggravating factor
in its memorandum here.
In light of Monsegurs equally extraordinarily light and charitable sentence, Govt Mem.
at 21, which was obtained at the governments request, the governments assertion that [s]uch a
dramatic departure was never contemplated by the government when negotiating the plea
agreement in this case, id., rings hollow. Indeed, unlike Monsegur, an older hacker with deeper
connections to the hacking world and many opportunities to earn a successful legal living, Islam
was a teenager struggling alone in his room with several mental health conditions when he
committed the carding offenses in the New York prosecution. Nothing in the guidelines range
agreed upon by the parties and probation understates the seriousness of his offenses, and there is no
reason that the 5K1.1 motion he earned should be rendered a nullity by the mid-range guidelines
sentence requested by the government.
E. The Need to Afford Adequate Deterrence and to Protect the Public
The government asserts without citation that [s]watting and doxing are both increasingly
common offenses, that must be severely punished to put [w]ould be offenderson notice that
[they] will be treated with the severity they deserve. Govt Mem. at 23. Happily, the opposite
17
is actually true. Since Islams arrest, the Federal Communications Commission (FCC) issued two
rulings allowing telecommunication companies to refuse to relay 911 communications by
unregistered users, which was the way the vast majority of swatting perpetrators hid their identities.
See Ex. 4 (Order of Acting Chief, Consumer and Governmental Affairs Bureau, Federal
Communications Commission (June 10, 2015), CG Docket Nos. 12-38, 03-123). According to
testimony submitted to the FCC by Sprint, as a result of this simple policy change, swatting calls
made using IP Relay service were completely eliminated. Id. (emphasis added) (citing Sprint
Corporation, Request for Extension of Interim Waiver, CG Docket Nos. 12-38, 03-123 (filed Apr.
30, 2015) (Sprint Waiver Extension Request)). Sprint, the company that was used by Islam and his
co-conspirators in this case, described this policy change as the absolute solution to the swatting
problem. Id. (quoting Sprint Waiver Extension Request).
Moreover, even if the swatting problem were not substantially resolved, there is no reason
to believe that requiring Islam to serve 41 months rather than time served (i.e., effectively 37
months) would deter any would-be criminal contemplating doxing or swatting. While many believe
that lengthier sentences have a greater deterrent effect, the empirical research shows this to be
untrue. Three National Academy of Science panels . . . reached that conclusion, as has every major
survey of the evidence. Michael Tonry, Purposes and Functions of Sentencing, 34 CRIME AND
JUSTICE: A REVIEW OF RESEARCH 28-29 (2006). That is because most potential criminals are not
generally aware of penalties for their prospective crimes, do not believe they will be apprehended
and convicted, and simply do not consider sentencing consequences in the manner one might expect
of rational decision makers. Id. Indeed, in one of the best studies of specific deterrence, which
involved federal white collar defendants in the pre-Guidelines era, no difference in deterrence was
found even between probation and imprisonment. See David Weisburd et. al., Specific Deterrence
18
in a Sample of Offenders Convicted of White-Collar Crimes, 33 CRIMINOLOGY 587 (1995). These

conclusions are especially applicable to the group most likely to commit doxing or swatting
teenage first-time offenderswho already have low rates of recidivism.
Moreover, the requirement that sentences reflect the publics need for protection must take
cooperation into account if it is to ensure that limited prison resources are spent on those doing the
most harm to the public. In other words, criminals do not just need to be deterred, they need to be
encouraged to dismantle criminal conspiracies. A mid-range guidelines sentence in a case where a
defendant provided substantial assistance, as the government requests, would leave would-be
cooperators with little incentive to take on the lifelong risks associated with cooperation.
F.
The Need to Avoid Unwarranted Sentencing Disparities

Section 3553(a) directs courts to consider the need to avoid unwarranted sentencing
disparities. The government asserts in a footnote that it is unaware of any individuals sentenced
for conduct similar to Islams, particularly given the unusual sentence he received for that
conviction. Govt Mem. at 24 n.1. But in two recent cases involving multiple incidents of
swatting, the defendants received far less time that Islam has already served. See United States v.
Tollis, No. 15-cr-00110 (D. Conn. 2015) (1 year and 1 day in prison for numerous swatting incidents
in 2014 affecting schools and universities); James Eli Shiffer, Canadian teen sentenced after
swatting, doxxing across North America, STAR TRIBUNE (July 25, 2015), available at
http://www.startribune.com/canadian-teen-sentenced-after-swatting-doxxing-across-northamerica/318537651/ (last accessed July 8, 2016) (15 months in prison for multiple incidents of
doxing, swatting, and cyberstalking). And in a third case, a federal defendant received a 41-month
sentencethe amount sought by the government herewithout the benefit of a 5K1.1 motion and
19
the concomitant risks to a defendants safety. See United States v. Morgenstern, No. 15-cr-00217
(D. Minn. 2015).9
Similarly, most of the hackers received less time than Islam is requesting in the Lulz
Security case discussed above, including: Cody Kretsinger (1 year imprisonment, 1 year home
detention); Raynaldo Rivera (1 year and 1 day imprisonment, 13 months home detention); Matthew
Flannery (15 months home detention); and the ringleader and chief cooperator, Hector Xavier
Monsegur (7 months). See United States v. Monsegur, 11-cr-666 (LAP) (S.D.N.Y. 2014). Nor was
Islams sentence in the New York case unusual, since several defendants received sentences of
time served or probation in the case (including Christian Cangeopol (3 years probation); Sean
Harper (time served); Joshua Hicks (2 years probation); Michael Hogue (5 years probation); and
Peter Ketchum (2 years probation)), and pretrial services had recommended time served in the PSR.
G. The Kinds of Sentences Available
Finally, 3553(a) requires the Court to creatively consider the kinds of sentences
available. The consideration includes choices such as prison versus a halfway house or probation,
as well as where educational or vocational training, medical care, or other correctional treatment
can be provided in the most effective manner. 3553(a)(2)(D). See also United States v. Martin,
363 F.3d 25, 49-50 & n.39 (1st Cir. 2004); United States v. Derbes, 369 F.3d 579, 581-83 (1st Cir.
2004); United States v. Gee, 226 F.3d 885, 902 (7th Cir. 2000); United States v. Ryder, 414 F.3d
908, 920 (8th Cir. 2005). As noted in the PSR, Islam could benefit from vocational or educational
training and mental health treatment, and could best access those services while on supervised
release. In addition, community service is an underutilized tool that serves the public interest while
In one other federal case where the defendants received more time (60 months), the facts were
especially egregious: the defendants committed over 250 swattings resulting in at least two
injuries and losses of between $120,000 and $250,000. See United States v. Rosoff, No. 3:07-cr00196 (N.D. Tex. 2008). And even in that case, one defendant received a 30-month sentence.
20
allowing the defendant to learn vocation-related skills in a job-like environment. According to a

2005 report by U.S. Probation and Pretrial Services, community service sentences offer a flexible,
personalized, and humane sanction, a way for the offender to repay or restore the community, and
are a win-win proposition for everyone involved. Probation and Pretrial Services Division of
the Administrative Office of the U.S. Courts, COMMUNITY SERVICE SENTENCES (2005). As noted
in the report, community service addresses the traditional sentencing goals of punishment,
reparation, restitution, and rehabilitation . . . It restricts offenders personal liberty . . . allows
offenders to atone or make the victim whole in a constructive way [and] may be regarded as . . .
a form of symbolic restitution when the community is the victim. Rather than impose more
unproductive time in jail, as the government requests, the defense respectfully submits that these
other kinds of sentences better achieve the statutory sentencing goals of 3553(a)(2).
II. Recommended Sentence
There is a uniform and constant federal judicial tradition of considering every convicted
person as an individual and every case as a unique study in the human failings that sometimes
mitigate, sometimes magnify, the crime and the punishment to ensue. Gall, 552 U.S. at 52
(quotation omitted). As explained above, despite the undisputed seriousness of these offenses, there
are several mitigating characteristics in this case that help explain why, at the age of 18, Islam did
not fully appreciate the traumatic impact his behavior had on A.R.T. and his doxing and swatting
victims, and why, having been exposed to unusually harsh prison conditions and received effective
mental health treatment, he has changed. Accordingly, the defense respectfully recommends a
sentence of time served (effectively 37 months with good time credits) which is more than many
defendants received for similar conduct, and represents a less than 10% downward departure for a
defendant who provided substantial assistance to the government and earned a 5K1.1 motion.
21
III. Conclusion
For the foregoing reasons, Defendant Mir Islam prays that the Court will sentence him to
time served followed by 36 months of supervised release, with the condition that he complete
vocational training and continue receiving mental health treatment.
Respectfully submitted,
July 8, 2016
By: /s/ Matthew J. Peed
..
Matthew J. Peed (D.C. Bar No. 503328)

CLINTON BROOK & PEED
1455 Pennsylvania Ave. N.W., Suite 400
Washington, DC 20004
(202) 621-1828 (tel)
(202) 204-6320 (fax)
Attorney for Defendant Mir Islam
Certificate of Service
I, Matthew J. Peed, hereby certify that on July 8, 2016, I caused a true and correct copy of
Defendants Memorandum in Aid of Sentencing and accompanying exhibits to be served upon the
attorney for the United States, Assistant United States Attorney Corbin Weiss, via electronic mail
to: corbin.weiss@usdoj.gov.
/s/ Matthew J. Peed
22
EXHIBIT 1
POLITICS
ENTERTAINMENT
WORLD
U.S. NEWS
TECH + HEALTH
BEASTSTYLE
VIDEO
GET OUT OF TOWN
READ THIS. list

1 Youve Been Doxxed!
CHRISTINE PELISEK
2 FBI Just Crushed Hillarys Email Excuses

BETSY WOODRUFF, ALEXA CORSE
3 Chasing the Smart Car: Are We Close?

ARE YOU NEW CAR SMART?
ECRIMES
CHRISTINE
PELISEK
03.13.13 4:45 AM ET
Doxxing: Its Like Hacking, But Legal
4 Realism vs. Exploitation in OITNB
Hillary, Beyonc, Ashton: they all got doxxed this week. Christine Pelisek on the
cyber pranksters who post stars private info for all to seeand why thats o en
perfectly legal.
5 Ciara: Future Might Kill Russell Wilson
MichelleObamassupposedsocialsecuritynumberwasposted.SowasBeyoncs
purportedaddress.AndAshtonKutchersphonenumber,too.Thelistgoeson:JoeBiden,
DonaldTrump,HillaryRodham,BritneySpears,MelGibson,andAttorneyGeneralEric
Holderwerealltargetedintheinformationdump.
Inwhatmusthavebeenaparticularlygallingnoteforlawenforcementofficials,the
cyberattackalsosussedouttheallegedcreditreportofLAPDchiefCharlieBeck.Allof
thesedetailsandmorewerepostedtothemysteriouswebsiteTheSecretFiles,whichasof
Wednesdayafternoonwasbackonlineaftergoingdarkthedaybefore.
Butthiswasntahackattack,policeandcybersecurityexpertssay.Itwasaclassiccaseof
doxxing,theactofobtainingandpostingprivateinformationaboutapersonby
scouringtheInternet.Anditssurprisinglyeasytodo.Inmanycases,itsnotevenillegal.
Youcanpostitaslongasthereisnothingnefariousaboutit,saysLAPDcybercrimes
detectiveAndrewKleinick.Theyarepublicfiguresandthatkindofthinghappens.Its
notright,[but]Iknowofnocrime.
Theexception,saysKleinick,occurswheninformationobtainedthroughdoxxingisused
tothreatensomeone,stealsomeonesidentity,orinfiltrateprivateemails.Thatwasthe
casewith36yearoldChristopherChaney,whothreemonthsagowassentencedto10
yearsinprisonafterhackingintotheemailaccountsofactressesScarlettJohanssonand
MilaKunis.
SAMANTHA ALLEN
AMY ZIMMERMAN

Itsstillunclearwhosaccountableforthe
TheSecretFilesstunt.LAPDofficerBruce
Borihanhsaysthedepartmentis
partneringwiththeFBItofindoutmore
informationanddeterminewhether
criminalchargesapply.Theyarelooking
atthesourcingofit,Borihanhsays,and
ifitwasobtainedthroughillegalmeans.
Otherwise,itisinformationthatwasput
POLITICS
ENTERTAINMENT
outtherebefore.
WORLD
U.S. NEWS
TECH + HEALTH
BEASTSTYLE
VIDEO
GET OUT OF TOWN
ThisisntthefirsttimetheLAPDhasbeendoxxed.In2011,agroupaffiliatedwiththe
onlinehackersAnonymousclaimedresponsibilityforpostingpersonalinformationof
morethan40officers,includingtheirhomeaddresses,campaigncontributions,property
records,andnamesoffamilymembersaftertheyclaimedtheLAPDoppressedthemby
shuttingdowntheOccupyL.A.Movement.
Butitdoesnttakeamasterhackertopulloffsuchafeat.Expertssaythatdoxxinghas
becomealmostcommonplacewhenitcomestomajorcelebrities.Afterall,findinga
personsaddressorphonenumberiseasytodobysearchingtheweborpayingsmallfees
toonlinesearchproviders.Foranextrafee,plentyofsearchengineswillalsohandout
phonenumbersandaddressesofnextdoorneighborsaswellassomecriminal
backgroundinformation.
CreditreportsandsocialsecuritynumbersarealsoobtainableontheWeb,thoughthey
arehardertotrackdownandthisiswherethecaseofTheSecretFilesmayhaveveered
intocriminalhackingterritory.OnTuesday,thenationsthreebiggestcreditreport
agenciessaidthattheperpetratorhadinputconsiderableamountsofinformation,
includingsocialsecuritynumbers,toimpersonatethefamousvictimsandcomeaway
withtheircreditreports,whichwouldbeillegal.DuetotheconnectiontoObamaand
Clinton,theSecretServiceisreportedlylookingintothemess.
Chaneyimpersonatedhisvictims,too,scouringcelebritymagazinesandwebsitesfor
cluestostarsemailpasswords.Afterclearingcommonsecurityhurdlesmothers
maidenname,favoritepetsnamehewasabletoinfiltratetheGoogle,Apple,andYahoo
emailaccountsofJohanssonandKunis,leakingseveralnudephotos.Infact,duringa
fourmonthperiod,hecrackedthepasswordsofcloseto50celebritiesaccounts.
Hepledguiltytoninefelony
ADVERTISING
countsincludingidentity
theft,wiretapping,and
unauthorizedaccessand
damagetoaprotected
Replay
computer.
"Thereisnosuchthingas
completecybersecurity,"says
inReadinventedbyTeads
JohnVillasenor,aUCLA
professorandnonresidentseniorfellowattheBrookingsInstitution."Asthenumberof

devicesandservicescontinuestoincrease,personalinformationisstoredonmoreand
moresystems.Notallofthosesystemsaresufficientlysecure,whichmeansthatwe're
likelytoseemoreofthesesortsofdatacompromisesinthecomingyears."
TheSecretFilesboretheInternetsuffix.su,originallyassignedtotheSovietUnion.The
frontpageofthesitefeaturedacreepypictureofazombielikegirlwholookslikesheis
askingviewerstobequiet.MusicfromtheShowtimeseriesDexterplaysinthe
backgroundnearthegirlspictureiswritten:IfyoubelievethatGodmakesmiracles,
youhavetowonderifSatanhasafewuphissleeve.
POLITICS
ENTERTAINMENT
WORLD
U.S. NEWS
TECH + HEALTH
BEASTSTYLE
Beforeitwentoffline,thewebsitehadmorethan147,000visitors.
VIDEO
GET OUT OF TOWN
Kleinick,thecybercrimesexpert,saysthelinebetweenlegaldoxxingandcriminalactivity
isfairlyclear.Youcannotuseittomakefinancialgains,hesaid.Youcantsay,Iam
TomCruisesendmemoneyforthisorthat.Youcantimpersonatesomeone.Icanpost
TomCruisesbirthdatebecauseitispublicinformation.Iftheinformationwastaken
illegallyorifitwasstolen,thenitwouldbesomethingwewouldhandle.
Kleinickhimselfsayshebecameavictimofcyberintrusionafterapersonhewas
investigatingpostedsomeofhisprivateinformationontheWeb.Still,hesaysthatwhile
plentyofpeoplehaveincurredthewrathofthesepeskycyberseekers,itistechnicallynot
areportablecrime.
Ifitisjustpostingpersonalinformationwedonttakeareport,becauseitisnotillegal.
Sorry,Ashton.
PROMOTED STORIES
U.S. Betrayed: The Real

Reason Britain Le The
European Union
What Donald Trump Has

Been Hiding About His
Wife Melania
JawDropping Fortunes
Of America's Richest
Pastors
Ten Behaviors of Sexually

Healthy Men
THE SOVEREIGN
INVESTOR
UBERHAVOC
VIRALMOZO
Actor John Turturro

Shows his Brooklyn
Neighborhood for rag &
The Bride Had No Idea

They Were Filming When
This Happened
How To Fix Your Fatigue

And Get More Energy
15 Bewitched Secrets
Kept Hidden From Fans
GUNDRY MD
TREND CHASER
RAG & BONE OFFICIAL |

DESIGNER CLOTHING,
SHOES & ACCESSORIES
SHAREDABLE
HEALTH CENTRAL
Recommendedby
EXHIBIT 2
25%
34%
35%
54%
50%
50%
44%
45%
49%
44%
40%
54%
50%
35%
14%
20%
15%
15%
29%
34%
29%
MATHONAN GEAR 09.11.12 6:00AM
COSMOISHUGE 6 f 7 220 p m ,
f B, f J 26.
b, b m m , -
mm p m m, pp,
&, PP, , fx, , Mf j 15
.
16 x M, m v p .
m f m- FB
f. bf , b
f v m m f pb
f. v b .
; f m pp f m.
p, ( f p ), m p m f m f
. p, m f
vm f , Q, .v, .v,
f m f p. bp p,
j 4 f,
p p M M Bmb
mb . f b b -
q p M, p mp m 500,000
mb . m f , p
p b. f v--pf f m, pp, , PP, B
B, B.m, v.m (: m, , Xbx) m. j
p mb fm &, p, -Mb .
b , M pp, f F, v m. f b .
v m m q.
, , m . B bf m, *.
m m b , j . p. ,
f, v f. B m , m pv
.
m m b pp, f -
q mv pp m mm b
m . m m, p m mp,
p b, m , j m
.
f pp f b mm
v j m, m Pb. m
m, m b m f
vb. m, f B m f
f.
* : B m, m
m.
m qm m v m.
m pm, b p, fm
. f p b b. , v x
f. p f J b. m fm v
B f f ; f, f p f
v pp .
m v p m, p x
. m v. p f.
v j f B. p
mp, b f m xm
fq v. B vv f ,
m.
ADVERTISING
, m. , m.
. v .
m b, b f .
b pv - mp, mb,
p f m , v f q p
. bf, b f m p
bm . f m. .
p.
! , , b 2011. m
bmb m . v f ,
ff m m. ff
. .
m m m, x m
v b pb . m b f b
v j, , b m f
m .
m m , m, m. pp m.
, m m , b f m
SUBSCRIBE
p pm. v p
m p , mb
fm vm p.
, & . f pp
pp. v p, b p. j m
m & 911. ,
m. m. m ,
b f .
m , pf m ff f b.
, 2012, pf m f b b
f q. f b mbx,
b -m .
m v m. p Xbx, p
mpv. , ff m-m,
ff m. v v mp ,
m p pp P . b m
mf. q m ff--f
pm, b. v f.
Xbx m b m. m m
v mp m F , , F1988.
Bf Mf bf p , p- fm
v ( j m ) q m
f xp f f.
v p m m
fx . bm m.
fx , . , SUBSCRIBE
m? , [], v m -m, ,
p 12345, . f f
. f v p- fm,
j q f m m f ,
f , xp .
m . fx, pv
m -m , v m
p .
m fx fm
p . B - mm.
f f fx , b pv. B ,
m . b m . m
f f [ p].
f j v fm.m
mb. , j , p, b, v m
f .
m m, m b m
, f m v. ( m
v v p.) m f p
ff, b v v. . j m m.
SUBSCRIBE
m f m f f fm: ,
B.m, BB, PP, pp ff v
, pp mb, m.
- q p
. fm b f
. M m v b- m v
m p m.
M, m m v v p b f
, . f bmb , v
b.
pm mp . B
f b. b, m .
mb, q.
m m m, b. x m,
SUBSCRIBE
f f pp m b j m. f
J , p v p ,
f mb p P P. F
fm b m b pp -p ,
mv b . pp . m
jb mp pv b
.
f F.m b f m F
mpp f pp f P. ( m
.m.) m b fm
F p, , b mp
. V ,
. B.
P, f , . B v . b f
f f f
.. Pp J b f f v p
m m. MBB.m, b- m b
p fm, j m. p mm.
mb pp m
.. vm, , . pp,
pp [ f] f pv, m.
, m.
p b 4. J v 4
m, m xp. B m
mv : . m ff. f
4 f, v f m, v
.
v j 4 b v mp F
pv 4 v. (, .m
F m.)
F v , m
m m bf mp.
SUBSCRIBE
F M P x fm p
j . B : P -p
mm . v-pf P
. B b b P p
mb &, m v f :
m, & mb v p.
. ,
&. f P p, bp mm,
. p, j
mb. . .
mb f b ,
v m b , b p b b .
b mb f b
m f , f xmp, $3.80, pb v v
fv b b v.
P mb, m mp
& m v.
F & f [P] p mb V.
, m? J
M P. , f f ?
J v f . p
mb f ?
v V mb, f.
m x m f, b
P . Fm, b p
f mb m m b, b
f x m V fm &. V , x . SUBSCRIBE
v m p. m
b , v M, p mb j v f m .
P b , p m
bp f p pp m. p
p , v p . Fm,
p mb -v p p .
v q p, f
mb, v p m.
, m p m b
v, m p m, P. v
-f , f -v
p, vf -f-b m. j
m m p m , , b
m p m.
p f pb. pp
v m fx f x
v p f pp f B m v pf
. f m f p
m f
v, 2-p vf v b b p.
v b f m mpm
m m. f v pv f
b.
m, b bp
f P F m m .
b 4 p .
m m, b v 4 ff vm, .
xm pf, b m
f 2012.
SUBSCRIBE
P F, m mp m f f b
f v .
b f fm , x fm
v v, mb,
. f, b mp
pp m p b pm.
mm b p ff b m f
mp b- m.
f m fx mp.
[ fx mp] F mp
mp. Fm b f , [pp]
b.
m b mf b v fx P
. B m. j b
.
v mp fx . p , m m
. m fm fx m v ff
b. m p f m? m, m,
b, f f. j b
p.
. m mp p b
mp, f m f . m
p p f. f p f p j
f, v m f b f
m. m f m, m
p f m m q
.
m mm v pv pp
SUBSCRIBE
. F xmp, f pp q p f,
pv f . m m pp m b
b q. .
p m mpmp ,
m. M pp f f v b . B
m mp .
m f q b mp vv mp v
f , m vp f PP.
f PP v f fm f .
, f f m
b , b . fm , ,
b b p f . M f,
m PP , f b m.
m xp x .
v b . m v b
.m f fm Fm.m.
vf pb b
m fm q
v mb, v , fm
fm Fm.
PP, v v f f pm m.
fm m mp PP .
fm f. m p mb,
V mb. ,
b j . f .
p, PP.m, M PP .
p mb . p
V mb, [] p. ,
p f vf p f b
mb. j b mb m -.
x, pmp p.
SUBSCRIBE
b p m v PP p .
f PP, mp .
PP f mm, j ,
mp b p f p
b .
bq f b ,
p mb , PP p
b vf b .
m p p v pm. ff
v B P pm m
f b P . p m ff
f m f - b
p bf. m P Jv
, p x .
m m, .
bm m , .
p p bm p .
m. m b m m
m m . p v
j . m p b
, ff.
m p pp M
mp, pp f m mb
p b, F m
SUBSCRIBE
FB . , xp m f P
f pp v mpm v m
p.
M P bf [ ], m m.
m b . & p m.
j m , b . J
, b
m P? P fm v
v & bf. m m f
f, b mp f .
F xmp, f m
b m m. m b
mp fm m v M pp, m
b f . , b, , m ff.
q f p m .
m mf bf . m
m v Pb, m. Pb m m
b pf . Fm m f
m, , , m
mv f .
SUBSCRIBE
m m b f fm
mp. , mp b xp
. , m m m
v m.
p f m ,
v v--p -pp f m p
. F p , f
f f f.
m m , fm p b.
m.
. .
b fm v p b p
f , p b b b q.
m , v b pv . f
fm , q p v p.
m f , f, p p
pp p, V P f M Mb v
mp fm v m. pbm mm,
f , b p pb
v p-b p .
f m m f, PP
p. F m, m.
m f v m m .
m f . B b
. mf j p
, m f f p pb, bf
, m .
bv, .
B , v, v .
SUBSCRIBE
VIEWCOMMENTS
NEXTADVISOR
j-pp 6% b m
EXHIBIT 3
7/8/2016
Home
DailyTech - LulzSec "Departs",

Fires Parting
-- 812,000
User Accounts
Leaked45 of 82
Case 1:15-cr-00067-RDM
Document
31 Shot
Filed
07/08/16
Page
Auto
Gadgets
Hardware
Internet
IT
Science
Software
Blogs
Polls
SearchDailyTech
SubmitNews
Internet
LulzSec"Departs",FiresPartingShot
812,000UserAccountsLeaked
JasonMick(Blog)June26,20112:30AM
Print
New
53comment(s)lastbyjust4U..onJul2at12:57AM
Groupsaystheywillcontinueoperations
underthename"AntiSec",butare
retiringtheirmoniker
LulzSecisgonefornow.Thegroupon
Sundaymorningat12:01a.m.announcedits
surprisedepartureviaapressrelease.But
theyaren'treallygoinganywhere,and
theydidn't"leave"theirmonikerwithouta
partingshottheypostedtheresultsoftheir
latesthackingcampaignstoThePirateBayina
modestarchive.
I.ByeByeBirdie
LulzSechasbeenatitfor50daysnow,hacking
theplanet.They'vehacked[1][2][3]Sony
Corp.(TYO:6758).They'veDDoSedtheCIA.
They'vehackedtheU.S.Senateandthe
Arizonastatepolice.
EAwasthelatestvictimofLulzSec.Inthegroup's
farewellhackitaired550,000users'informationvia
torrent.(Source:EA)
Butafteralltheirfun,theysaytheirbidding
adieutotheLulzSecmonikerfornow.On
theanniversaryofGeorgeOrwell'sbirthday,
theywrite:
Friendsaroundtheglobe,
WeareLulzSecurity,andthisisour
finalrelease,astodaymarkssomething
meaningfultous.50daysago,weset
sailwithourhumbleshiponanuneasy
andbrutalocean:theInternet.Thehate
machine,thelovemachine,themachine
poweredbymanymachines.Weareall
partofit,helpingitgrow,andhelpingit
growonus.
Thegroupalsograbbed200,000accountsfroma
popularhackerforum.
Forthepast50dayswe'vebeen
disruptingandexposingcorporations,
governments,oftenthegeneral
populationitself,andquitepossibly
everythinginbetween,justbecausewe
could.Alltoselflesslyentertainothers
vanity,fame,recognition,allofthese
thingsareshadowedbyourdesirefor
thatwhichwealllove.Theraw,
uninterrupted,chaoticthrillof
entertainmentandanarchy.It'swhat
weallcrave,eventheseeminglylifeless
politiciansandemotionless,middle
agedselftitledfailures.Youarenotfailures.Youhavenotblownaway.Youcanget
whatyouwantandyouareworthhavingit,believeinyourself.
WhileweareresponsibleforeverythingthatTheLulzBoatis,wearenottiedtothis
identitypermanently.Behindthisjollyvisageofrainbowsandtophats,weare
people.Peoplewithapreferenceformusic,apreferenceforfoodwehavevarying
http://www.dailytech.com/LulzSec+Departs+Fires+Parting+Shot++812000+User+Accounts+Leaked/article22006.htm
1/3
7/8/2016

Fires Parting
-- 812,000
User Accounts
Leaked46 of 82
Document
31 Shot
Filed
07/08/16
Page
tasteinclothesandtelevision,wearejustlikeyou.EvenHitlerandOsamaBin
Ladenhadtheseuniquevariationsandstyle,andisn'tthatinterestingtoknow?The
mediocrepainterturnedsupervillainlikedcatsmorethanwedid.
Again,behindthemask,behindtheinsanityandmayhem,wetrulybelieveinthe
AntiSecmovement.Webelieveinitsostronglythatwebroughtitback,muchtothe
dismayofthoselookingformoreanarchiclulz.Wehope,wish,evenbeg,thatthe
movementmanifestsitselfintoarevolutionthatcancontinueonwithoutus.The
supportwe'vegatheredforitinsuchashortspaceoftimeistrulyoverwhelming,
andnottomentionhumbling.Pleasedon'tstop.Together,united,wecanstomp
downourcommonoppressorsandimbueourselveswiththepowerandfreedomwe
deserve.
Sowiththoselastthoughts,it'stimetosaybonvoyage.Ourplanned50daycruise
hasexpired,andwemustnowsailintothedistance,leavingbehindwehope
inspiration,fear,denial,happiness,approval,disapproval,mockery,embarrassment,
thoughtfulness,jealousy,hate,evenlove.Ifanything,wehopewehada
microscopicimpactonsomeone,somewhere.Anywhere.
Thankyouforsailingwithus.Thebreezeisfreshandthesunissetting,sonowwe
headforthehorizon.
Letitflow...
LulzSecurityourcrewofsixwishesyouahappy2011,andashoutouttoallofourbattlefleet
membersandsupportersacrosstheglobe
ThespeechbringstomindthefamouscomedianJohhnyCarson'sfarewellwordsin1992onhis
latenightshow:
Icanonlytellyouthatithasbeenanhonorandaprivilegetocomeintoyourhomes
alltheseyearsandentertainyou.AndIhopewhenIfindsomethingthatIwantto
doandIthinkyouwouldlikeandcomebackthatyou'llbeasgraciousininvitingme
intoyourhomeasyouhavebeen.Ibidyouaveryheartfeltgoodnight.
OfcourseJohnnyCarsonwentaboutspreading"lulz"inquiteadifferentfashion.Andhehacked
farlesspeople.
II.750,000MorePeopleExposed
Thepartingshotwasno"PentagonPapers",butitdidhaveabitofsomethingforeveryone.
LeadingthewayareinternalmappingsofAT&TInc.(T)andAOLInc.'s(AOL)servers.Thegroup
alsopostedafileentitled"Officenetworksofcorporations.txt".ThehackbringstomindAdrian
Lamo'swatchdogsideInsideAOL.com,fromthe1990s.
ButwhereMr.Lamoneverexposedasignificantclassofusers,LulzSectakesjoyinengagingin
thatactivityaswell.Theirbiggestpostwasleakedinfoof550kusersofElectronicArts,Inc.'s
(ERTS)cartoonyFPSgameBattlefieldHeroes.Atpresstimewehavenotyetobtainedthefull
archive,sowe'reunabletoascertainwhatdetailswereleaked.
EAappearstoconfirmthebreach,writing:
BattlefieldHeroesisOffline
Wearecurrentlyinvestigatinganapparentsecuritybreachrelatedtoourfreetoplay
BattlefieldHeroesfranchise.Weareworkingtoidentifywhichaccountswereaffectedand
willtakeallprecautionstoensurethoseplayersarenotifiedasquicklyaspossible.We
apologizeforanyinconvenienceandhopetohavethegamebackonlineshortly.
Italsopostedaccountinformationon50k"random"gameforumusers.
Thehackersalsoturnedontheirfellownovicebrethren,publishingrecordsontheusersof
Hackforums.net(theyappeartohaveobtainedthisdataviathetriedandtruemethodofSQL
injectionsomewhatembarrassingforaselfproclaimed"hacking"site).Intotal200kaccounts
werereportedlycompromisedonthesite(that'salotofhackers!).
Theforumwrites:
Allub3randl33tmustdoapasswordresettotheiremail.Usecontactformifyoudonot
getyourpasswordemailresetordonothaveaccesstotheemailonfile.
Thenthere's12kNorthAtlanticTreatyOrganizationebookcenterusernamesandpasswords
(somebodywillhavefunreading).NATOmoreorlessalreadyconfirmedthisbreachtobe
authentic,postingonFriday:
ProbabledatabreachfromaNATOrelatedwebsite
PolicedealingwithdigitalcrimeshavenotifiedNATOofaprobabledatabreachfrom
aNATOrelatedwebsiteoperatedbyanexternalcompany.NATOseBookshopisa
separateserviceforthepublicforthereleaseofNATOinformationanddoesnot
containanyclassifieddata.Accesstothesitehasbeenblockedandsubscribershave
beennotified.
Thegroupalsopostedanimagefileentitled"navy.milowned.png",whichwe'lldebriefyouon
shortly.
Andthenthere's29emailsandpasswords[PasteBin]atP.I.LimitedofDublin.It'salways
embarrassingwhensecurityprofessionalswindupinthesereleases.
2/3
7/8/2016

Fires Parting
-- 812,000
User Accounts
Leaked47 of 82
Document
31 Shot
Filed
07/08/16
Page
Roundingofftherelease,there'sapostdetailinganapparentvulnerability[PasteBin]ofanFBI
webpropertyinvolvingtheopensourcecontentmanagementsystemPlone.Andthere'sacool
2,454IPaddresses[PasteBin]thatarelistedapparentlyusing"root"or"admin"astheirpassword
forthecorrespondingadministrator/superuseraccountname.Ouch.
III.WhytheSuddenExit?
Thesuddendeparturemadeusinitiallywonderiftheawaitedpoliceaxefinallyfelluponthe
audaciouscrew.Howeverasofearlythismorning,oneofthegroup'sringleaders,"Sabu",was
stillhappilyposting.
Hewrites:
Nobodyisleaving.we'reworkingonthe#antisecmovement.
Ifyoureadthestatementyourquestionswillbeanswered.There'sonlybeenone
arrestRyan,andheisn'tpartoflulzsec.
Nooneisdisappearing.findusall@#antisec
Accordingtothegroup,they'renotceasingtheiractivitiesthey'rejustdroppingthe"lulz"and
gettingseriousabouttheircampaignof"cyberwar"againsttheworld'srulingpowers.Andthose
powersstillappearsashelplessasevertocapturebrainsbehindthegroup.
Thatsaid,there'sonemajoroutstandingquestionwhathappenedtoTopiary.Thehacker,
allegedlyacorememberofAnonymous,fellsilentlastweek.HislastTwitterpostwasdatedJune
17.Soit'spossibletherecouldbesomethingmoretothisstorythoughfornowit'sjustan
interestingobservation.
Meanwhile,another812,000+userswillwakeupSundaymorningandgroan.They'veyetagain
beenthevictimofpoorITmanagementandtheeverbolderpresenceofAnonymousandits
affiliatesLulzSecandAntiSec.
3/3
EXHIBIT 4

Federal Communications Commission
DA 15-680
Before the
Washington, D.C. 20554
In the Matter of
Misuse of Internet Protocol (IP) Relay Service
Telecommunications Relay Services and Speechto-Speech Services for Individuals with Hearing
and Speech Disabilities
)
)
)
)
)
)
)
)
CG Docket No. 12-38

CG Docket No. 03-123
ORDER
Adopted: June 10, 2015
Released: June 10, 2015
By the Acting Chief, Consumer and Governmental Affairs Bureau:

1.
By this Order, the Consumer and Governmental Affairs Bureau (Bureau) extends the
previously granted waiver of the requirement that providers of Internet Protocol Relay (IP Relay) service
handle 911 calls initiated by callers who have been registered but not verified by an IP Relay provider.
We conclude that the waiver extension is necessary to prevent the resumption of a harmful practice while
the Commission considers how to address this issue on a permanent basis. Therefore, this waiver, which
expired on April 29, 2015, is extended retroactively to April 29, 2015, and will remain in effect until such
time as the Commission resolves whether to adopt a permanent prohibition against the handling of 911
calls from callers whose registration information has not been verified prior to placement of the call.
2.
Background. IP Relay service is a form of text-based telecommunications relay service
(TRS) that permits an individual with a hearing or speech disability to communicate in text using an
Internet-Protocol enabled device via the Internet, rather than using a text telephone (TTY) and the public
switched telephone network.1 As the Bureau has previously recounted,2 the Commission has taken
numerous measures since the inception of IP Relay service to combat the misuse of this service, in
response to concerns that individuals who are not deaf, hard-of-hearing, deaf-blind, and who do not have
speech disabilities were using the anonymity of IP Relay service3 to engage in fraudulent activities, such
47 C.F.R. 64.601(a)(17); see also Provision of Improved TRS and Speech-to-Speech Services for Individuals with
Hearing and Speech Disabilities, CC Docket No. 98-67, Declaratory Ruling and Second Further Notice of Proposed
Rulemaking, 17 FCC Rcd 7779 (2002) (IP Relay Declaratory Ruling) (recognizing IP Relay as a form of TRS). In
an IP Relay call, the communication between the person who is deaf, hard-of-hearing, deaf-blind, or who has a
speech disability and the provider s communication assistant (CA) is conveyed in text via an Internet connection,
and communication between the CA and the hearing party is conveyed verbally over the public switched telephone
network.
2
See Misuse Of Internet Protocol (IP) Relay Service; Telecommunications Relay Services And Speech-To-Speech
Services For Individuals With Hearing And Speech Disabilities, CG Docket Nos. 12-38, 03-123, Order, 29 FCC Rcd
4807, 4808-09, 2-4 (CGB 2014) (IP Relay Swatting Order).
3
Because a CA handling IP Relay calls receives only text-based communications over the Internet and cannot see
the caller, fraudsters tend to use the anonymity of this form of relay to hide their identity, as well as the fact that they
are calling from a location outside the United States.

DA 15-680
as calling merchants and placing orders using fake, stolen, or otherwise invalid credit cards.4 Most
relevant to this Order, in 2008, among other actions, the Commission directed IP Relay providers to
register users and use a reasonable means of verifying their registration and eligibility information.5 At
the same time, the Commission also adopted a policy requiring IP Relay providers, to the extent
technically feasible, to allow new users to make and receive calls immediately upon supplying their
registration information, even if the provider had not yet completed verification of registration
information.6 However, in the 2012 IP Relay Misuse Order, in order to curb the continued abuse of IP
Relay service, the Commission terminated that policy and prohibited providers from temporarily
authorizing IP Relay users to make non-emergency calls prior to the provider verifying the users
registration information.7 Instead, the IP Relay Misuse Order required IP Relay providers to verify new
IP Relay registrants before handling non-emergency IP Relay calls made by the registrant.8 However, the
Commission continued to require IP Relay providers to handle emergency calls to 911 placed by users
who submitted registration information, pending its verification, to ensure that 911 calls placed by such
individuals could reach their destination.9
3.
In the 2014 IP Relay Swatting Order, the Bureau sua sponte granted an interim waiver of
the requirement that IP Relay providers handle 911 calls placed by users who have been registered but not
yet verified by an IP Relay provider.10 The Bureau granted this waiver after receiving information from
Sprint, an IP Relay provider, about an increase of unverified registrants using IP Relay service to hide
their identities in order to place calls to 911, in an attempt to trick Public Safety Answering Points
(PSAPs) into dispatching emergency services based on false reports of emergency situations, a practice
known as swatting.11 Sprint explained that these callers provide very little information to the PSAP and
hang up quickly, but not before the need to dispatch emergency personnel has been triggered, potentially
causing alarm and even danger for the targeted residents and emergency service personnel and wasting
the limited resources of emergency responders.12 Sprint noted that, in its experience, calls to 911 from
unregistered users are not legitimate and urged the Commission to permit IP Relay providers to block
such calls.13 Based on this information, the Bureau concluded there was good cause to waive for one year
4
See, e.g., Telecommunications Relay Services and Speech-to-Speech Services for Individuals with Hearing and
Speech Disabilities; E911 Requirements for IP-Enabled Service Providers, CG Docket No. 03-123, WC Docket No.
05-196, Report and Order and Further Notice of Proposed Rulemaking, 23 FCC Rcd 11591 (2008) (iTRS Numbering
Order I); Telecommunications Relay Services and Speech-to-Speech Services for Individuals with Hearing and
Speech Disabilities; E911 Requirements for IP-Enabled Service Providers, CG Docket Nos. 03-123, 98-57, WC
Docket No. 05-196, Second Report and Order and Order on Reconsideration, 24 FCC Rcd 791 (2008) (iTRS
Numbering Order II); Misuse of Internet Protocol (IP) Relay Service; Telecommunications Relay Services for
Individuals with Hearing and Speech Disabilities, CG Docket Nos. 12-38, 03-123, First Report and Order, 27 FCC
Rcd 7866 (2012) (IP Relay Misuse Order).
5
iTRS Numbering Order II, 24 FCC Rcd at 809, 38.
Id. at 803, 25. The Commission adopted this policy in response to comments by a coalition of consumer groups
concerned that eligible IP Relay users would be cut off from service during the transition to a new ten-digit
numbering system for IP Relay service and the new registration system. See IP Relay Swatting Order, 29 FCC Rcd
at 4808, 3 (citing iTRS Numbering Order II, 24 FCC Rcd at 803, 25).
7
IP Relay Misuse Order, 27 FCC Rcd at 7871-73, 11-13.
Id. at 7872, 13.
Id., 13 & n.53.
10
IP Relay Swatting Order, 29 FCC Rcd at 4807, 1.
11
Id. at 4809, 5. This mischief has been referred to as swatting because these calls at times have required the
dispatch of police special weapons and tactical teams (SWAT teams). Id.
12
Id.
13
Id. at 4809-10, 5.

DA 15-680
the requirement that IP Relay providers allow newly registered users to place emergency 911 calls
immediately, before completing the verification of such individuals.14
4.
The waiver granted in the IP Relay Swatting Order expired on April 29, 2015.15 On April
30, 2015, Sprint filed a request that the waiver be extended until the Commission addresses this matter
on a permanent basis.16
5.
Discussion. Generally, the Commissions rules may be waived for good cause shown.17
The Bureau determines that the public interest will be served and good cause exists to extend the waiver
until such time as the Commission resolves whether to adopt a permanent prohibition against the handling
of 911 calls initiated by individuals who have been registered but not verified by an IP Relay provider.
Specifically, we find that it is very likely that the use of IP Relay service to engage in swatting would
resume if the waiver is not extended. Sprint informs the Commission that, during the time the waiver was
in effect and Sprint was not handling 911 calls by unverified registrants, swatting calls made using IP
Relay service were completely eliminated.18 As a result, the waiver also eliminated the threats to safety
of life and property and waste of law enforcement resources caused by such calls.19 For these reasons,
Sprint believes that the waiver has proven to be the correct decision and the absolute solution to the
swatting problem, and that the public is clearly safer today with the waiver in effect.20 Additionally,
Sprint maintains that, based on its experience, it cannot imagine any circumstance in which [an
unverified] user of IP Relay services, in a true emergency situation, would suddenly adopt a new way of
calling 911.21 Sprint concludes that a failure to extend the waiver will result in a rash of new swatting
calls and urges the Commission to extend the current waiver until the Commission has an opportunity
to address this matter on a permanent basis.22
6.
Given the danger to the public and first responders posed by spoofed 911 calls via IP
Relay service, the evident efficacy of the waiver in eliminating such calls, and the likelihood that such
calls would resume absent a waiver extension, we find that the public interest will be served and good
cause exists to extend the waiver granted in the IP Relay Swatting Order. Additionally, for the reasons
14
Id. at 4809-10, 5-6.
15
Id. at 4807, 1 (stating that the waiver granted in the Order will remain in effect for one year).
16
Sprint Corporation, Request for Extension of Interim Waiver, CG Docket Nos. 12-38, 03-123 (filed Apr. 30,
2015) (Sprint Waiver Extension Request). Although Sprint was remiss in filing its Waiver Extension Request after
the original waiver had expired, the Bureau finds that the strong public interest need to prevent swatting weighs in
favor of applying the effective date of the waiver extension retroactively to the expiration date of the original
waiver. Nevertheless, the Bureau cautions Sprint that the late filing of a waiver request, which deprives the Bureau
and the Commission of a reasonable amount of time to consider and act on the extension request prior to the
expiration of the waiver, disregards the Commissions processes and can undermine the public interest.
17
47 C.F.R 1.3. See, e.g., Local Number Portability Porting Interval and Validation Requirements; Telephone
Number Portability; Embarq Petition for Waiver of Deadline, WC Docket No. 07-244, CC Docket No. 95-116,
Order, 23 FCC Rcd 2425, 2427, 5-7 (2008); see also Northeast Cellular Tel. Co. v. FCC, 897 F.2d 1164 (D.C.
Cir. 1990).
18
Sprint Waiver Extension Request at 4.
19
Id. (stating that the waiver has reduced threats to safety of life and property and that rather than focusing
energy and resources investigating swatting incidents, these resources are being properly allocated to protect and
serve the public); see also IP Relay Swatting Order, 29 FCC Rcd at 4809, 5 (noting that swatting calls have the
potential to cause alarm and even danger for the targeted residents and emergency service personnel, in addition to
wasting the limited resources of emergency responders).
20
Sprint Waiver Extension Request at 4.
21
Id. at 2.
22
Id. at 4.

DA 15-680
identified in the IP Relay Swatting Order and supported by Sprint in its waiver extension request, we find
that the facts before the Commission continue to indicate that it is unlikely that a user who has not been
verified, and for whom IP Relay is therefore not the users customary way of making telephone calls, will
seek to use IP Relay service for legitimate calls to 911.23 Accordingly, the waiver extension will apply
retroactively to April 29, 2015, and will remain in effect until such time as the Commission resolves
whether to adopt a permanent prohibition against the handling of 911 calls from callers whose registration
information has not yet been verified. The Bureau takes this action because of the potential and
immediate dangers associated with allowing the guest user policy for 911 calls to come back into effect
while the Commission proceeds with a rulemaking proceeding on this and other issues addressing the
provision of IP Relay service. We emphasize, however, that notwithstanding the extension of this waiver
with respect to placement of calls by unverified users, a provider must continue to ensure that registered,
verified IP Relay users can place 911 calls through IP Relay service in accordance with the TRS rules.24
7.
Accordingly, IT IS ORDERED, pursuant to the authority contained in sections 1, 4(i),
4(j), 5, and 225 of the Communications Act of 1934, as amended, 47 U.S.C. 151, 154(i), 154(j), 155,
225, and sections 0.141, 0.361, and 1.3 of the Commissions rules, 47 C.F.R. 0.141, 0.361, 1.3, that the
waiver of the requirement that IP Relay providers must handle 911 calls initiated by registered users
pending their verification IS EXTENDED as provided herein.
8.
IT IS FURTHER ORDERED that the extended waiver of the requirement that IP Relay
providers handle 911 calls initiated by registered users pending their verification SHALL BE
EFFECTIVE as of April 29, 2015, and SHALL REMAIN IN EFFECT until the effective date of a
Commission order addressing whether to adopt a permanent prohibition against the handling of 911 calls
initiated by unverified users.
9.
To request materials in accessible formats (such as Braille, large print, electronic files, or
audio format), send an e-mail to fcc504@fcc.gov or call the Consumer and Governmental Affairs Bureau
at (202) 418-0530 (voice) or (202) 418-0432 (TTY). This Order may be downloaded from
<http://www.fcc.gov/encyclopedia/telecommunications-relay-services-trs>.
FEDERAL COMMUNICATIONS COMMISSION
Alison Kutler
Acting Chief
Consumer and Governmental Affairs Bureau
23
See IP Relay Swatting Order, 29 FCC Rcd at 4810, 6 (noting that a survey conducted by the Commissions
former Emergency Access Advisory Committee (EAAC) in 2011 revealed that the overwhelming majority of relay
consumers, including consumers of IP Relay [service], typically utilize the communication technologies that they
routinely use when placing emergency calls and that it is far less likely that a newly registered IP Relay user who
has not yet been verified will use this service to place a legitimate 911 call during the guest period in an emergency,
when they need to think fast to obtain swift 911 assistance).
24
See 47 C.F.R. 64.605(b).
EXHIBIT 5
7/8/2016
Clark bill aims to combat dangerous

swatting hoaxes
Releases
- Congresswoman
Katherine
Clark
Document
31- Press
Filed
07/08/16
Page
54 of
82
PRESS RELEASES
Share
Print
HomeNewsPress Releases
Nov182015
Clark bill aims to combat

dangerous swatting hoaxes
Clark bill aims to combat dangerous swatting hoaxes
Washington, D.C. Today, Congresswoman Katherine Clark (D-MA)
and Congressman Patrick Meehan (R-PA) introduced the Interstate
Swatting Hoax Act of 2015, legislation to combat attacks known as
swatting. Swatting is dened as the intentional misleading of
emergency responders in order to provoke a S.W.A.T. team response.
In recent years, swatting has become a widely used tool for online
harassers to attackjournalists, academics, domestic violence
survivors, and celebrities. Perpetratorslocate victims private
information online and use technology to conceal their identity as they
contact emergency responders. Inone recentswatting attack, a 10
year old became the unintended victim of swatting when an armed
S.W.A.T. team raided his home after an anonymous call falsely
reported there was a shooter inside.
While federal law prohibits using the telecommunications system to
falsely report a bomb threat hoax or a terrorist attack, falsely reporting
other emergency situations is not currently prohibited. The Interstate
Swatting Hoax Act would close this loophole by prohibiting the use of
the interstate telecommunications system to knowingly transmit false
information with the intent to cause an emergency law enforcement
response.
Recently reported cases included astring of swatting attacksin the
MetroWest region of Massachusetts. Several cases of bogus calls to
police departments in Framingham and Ashland were all reported
within a six month period. Similar incidents have been reported in
http://katherineclark.house.gov/index.cfm/press-releases?ID=F71DAD9F-18E6-4B66-8B11-384911DE591B
Delaware and Chester Counties in Pennsylvania.
1/4
7/8/2016
Clark bill aims to combat dangerous

swatting hoaxes
Releases
- Congresswoman
Katherine
Clark
Document
31- Press
Filed
07/08/16
Page
55 of
82
Perpetrators of these hoaxes purposefully use our emergency
responders to harm their victims, said Clark. These false reports are
dangerous and costly, and have resulted in serious injury to victims and
law enforcement. It is time to update our laws to appropriately address
this crime.
Our law enforcement personnel are already struggling to protect our

communities with limited resources, said Meehan. The wave of
swatting incidents are costing our police departments time and tax
dollars. Swatting cases divert attention from serious situations that
require the attention of highly trained personnel and puts innocent
civilians at risk. This legislation updates federal statute and makes it
clear that swatting is no joke.
The FBI estimates 400 swatting attacks occur every year. Some
attacks, however, have been reported to cost local law enforcement
agencies as much as $100,000. The most serious cost of these
attacks is the danger they pose to emergency responders, innocent
victims, and their families. Swatting attacks have resulted in injury to
law enforcement ofcers, heart attacks, and serious injury to victims.
Clark has championed combatting severe online threats and abuse,
whichdisproportionately affects women and girls. Clark
successfully garnered the U.S. Houses backing toinstruct the
Department of Justiceto investigate severe online threats, and to use
existing laws to prosecute these crimes. Clark introduced
thePrioritizing Online Threats Enforcement Actto ensure that
federal law enforcement has the resources they need to enforce laws
regarding the use of the internet to perpetuate severe threats.
Meehan, a former U.S. Attorney and local prosecutor, has worked
extensively on criminal justice issues during his tenure in Congress.
Meehan chaired the Homeland Security Committees cybersecurity
subcommittee in the 113th Congress and led the effort to enact the rst
signicant cybersecurity legislation in a decade. Hes examined closely
the use of communications networks to disrupt the operations of law
enforcement and other rst responders.
The Interstate Swatting Hoax Act of 2015 has received the support of:
the National District Attorneys Association, the Association of
Prosecuting Attorneys, the National Network to End Domestic
Violence, the National Coalition Against Domestic Violence, the Cyber
Civil Rights Initiative, the Womens Media Center, Hollaback!, the Black
Womens Health Imperative, the SPARK Movement, Women, Action &
the Media, the WMC Speech Project, the National Center for Victims of
Crime, the FBI Agents Association, the Federal Law Enforcement
Ofcers Association, and the Major County Sheriffs Association.
Full text of the Interstate Swatting Hoax Act of 2015 can be foundhere.
Permalink:http://katherineclark.house.gov/index.cfm/2015/11/clarkbill-aims-to-combat-dangerous-swatting-hoaxes
http://katherineclark.house.gov/index.cfm/press-releases?ID=F71DAD9F-18E6-4B66-8B11-384911DE591B
2/4
EXHIBIT 6
Case
Case1:15-cr-00067-RDM
1:11-cr-00666-LAP Document 31
30 Filed 07/08/16
05/23/14 Page 57
1 ofof20
82
UNITED STATES DISTRICT COURT

SOUTHERN DISTRICT OF NEW YORK
------------------------------------x
:
UNITED STATES OF AMERICA
:
-v:
HECTOR XAVIER MONSEGUR,
a/k/a Sabu,
:
11 Cr. 666 (LAP)
Defendant.
:
------------------------------------x
GOVERNMENTS NOTICE OF INTENT TO MOVE PURSUANT TO

SECTION 5K1.1(A)(1)-(5) OF THE SENTENCING GUIDELINES
AND PURSUANT TO TITLE 18, UNITED STATES CODE, SECTION 3553(e)
PREET BHARARA
United States Attorney for the
Southern District of New York
Attorney for the United States
of America
JAMES J. PASTORE, JR.
Assistant United States Attorney
- Of Counsel
Case
30 Filed 07/08/16
05/23/14 Page 58
2 ofof20
82
UNITED STATES DISTRICT COURT

SOUTHERN DISTRICT OF NEW YORK
------------------------------------x
:
UNITED STATES OF AMERICA
:
-v:
HECTOR XAVIER MONSEGUR,
a/k/a Sabu,
:
11 Cr. 666 (LAP)
Defendant.
:
------------------------------------x
Preliminary Statement
The Government respectfully submits this memorandum in connection with the
sentencing of defendant Hector Xavier Monsegur, a/k/a Sabu (the defendant or
Monsegur), which is currently scheduled for May 27, 2014 at 11:00 a.m. In its Presentence
Report (PSR), the United States Probation Office (Probation) correctly calculates that the
defendants United States Sentencing Guidelines (U.S.S.G. or Guidelines) range is 259 to
317 months imprisonment. Probation recommends a sentence of time served. As set forth in
more detail below, Monsegur was an extremely valuable and productive cooperator. Assuming
that the defendant continues to comply with the terms of his cooperation agreement, and
commits no additional crimes before sentencing, the Government intends to move at sentencing,
pursuant to Section 5K1.1 of the United States Sentencing Guidelines (Guidelines or
U.S.S.G.) and Section 3553(e) of Title 18, United States Code, that the Court sentence the
defendant in light of the factors set forth in Section 5K1.1(a)(1)-(5) of the Guidelines, and
without regard to the otherwise applicable mandatory minimum sentence in this case.
Case
30 Filed 07/08/16
05/23/14 Page 59
3 ofof20
82
Statement of Facts
I.
Monsegurs Involvement with Anonymous, LulzSec, and Major Cyber Intrusions

Throughout 2011, hackers affiliated with the Anonymous movement targeted hundreds
of computer systems around the world, hacking, disabling and at times exfiltrating data from
those systems. Victims included news media outlets, government agencies and contractors, and
private entities. In approximately May 2011, Monsegur and five other members of Anonymous
formed Lulz Security, an elite hacking collective or crew commonly referred to as LulzSec.1
Monsegur and the other core members of LulzSec typically worked as a team and had
complementary, specialized skills that enabled them to gain unauthorized access to computer
systems, damage and exploit those systems, and publicize their hacking activities. This core
group, among whom only Monsegur was identified prior to the time Monsegur began
cooperating in the investigation, included:
Monsegur, a/k/a Sabu, who served primarily as a rooter, analyzing
code for vulnerabilities which could then be exploited;
Kayla, who specialized, among other things, in social engineering
that is, manipulating others into divulging personal information such as login credentials;
T-Flow, who served as an organizer, analyzing information provided by
members of the group in order to direct other members what to do next;
Topiary, who served from time to time as the public face of
Anonymous and LulzSec, giving interviews to media outlets and writing public communications
on LulzSecs behalf;
Lulz is shorthand for a common abbreviation used in Internet communications LOL

or laughing out loud. As explained on LulzSecs website, LulzSec.com, the groups unofficial
motto was Laughing at your security since 2011.
1
Case
30 Filed 07/08/16
05/23/14 Page 60
4 ofof20
82
AVUnit, who provided computer infrastructure for the group such as

servers; and
Pwnsauce, who performed some of the same work as Monsegur and
Kayla.
Monsegur and many of these core LulzSec members were also part of another
Anonymous-affiliated group called Internet Feds which, like LulzSec, engaged in major criminal
computer hacking activity.
Throughout 2011, Monsegur, through LulzSec and Internet Feds, engaged in several
major hacks into and thefts from the computer servers of United States and foreign corporations
and other entities including the following:
HB Gary. Monsegur directly participated in the hack of the computer
system of this internet security firm in response to the firms claim, through one of its
investigators, that it had identified the members of Anonymous. This hack involved the theft of
emails and other company information.
Fox Television. This hack resulted in the compromise of a database of
contestants of a reality TV show called X-Factor. Monsegur downloaded data from Fox that
he was able to obtain through his co-conspirators unauthorized access to Foxs computer
systems.
Tribune Company. A journalist provided his credentials to Internet Feds
in the hopes he would be invited into private chats. Monsegur used the credentials to login to the
Tribunes systems and confirmed that the credentials could be used to gain access to Tribune
Companys entire system.
Case
30 Filed 07/08/16
05/23/14 Page 61
5 ofof20
82
PBS.org. Monsegur was a direct participant in this hack, which resulted in

the compromise of PBSs servers and the defacement of its website. Monsegur helped identify a
vulnerability and then installed multiple back doors on PBSs system that is, he installed
programs that allowed others to later access the computer system.2
Sonypictures.com. Monsegur was a direct participant in this hack, in
which the personal identification information of customers was stolen from Sony.
Sony BMG sites in Belgium, Russia, and the Netherlands. Monsegur
accessed and downloaded data from the Belgium and Netherlands sites, including the release
dates of records. Monsegur passed information about a vulnerability for the Russian website to
other members of LulzSec for exploitation.
Nintendo. Monsegur participated in a hack into Nintendos computer
systems, pursuant to which files regarding the structure of Nintendos computer systems were
downloaded.
Senate.gov. Monsegur had knowledge of, and conducted research for, this
hack of the Senates website.3
Bethesda/Brink video game. Monsegur helped hack into Bethesdas
system, and downloaded information including a database containing personal identification
information.
Infragard/Unveillance. Monsegur was a participant in a hack of an FBI
affiliate in Atlanta, which resulted in the theft of confidential information.
Following his arrest, Monsegur provided information that helped repair and remediate
this hack.
2
Monsegur provided the FBI with information about the vulnerability, which allowed it to
be repaired or patched.
3
Case
30 Filed 07/08/16
05/23/14 Page 62
6 ofof20
82
In addition to Monsegurs direct participation in the criminal hacking activity set forth
above, Monsegur had contemporaneous knowledge of other major criminal hacking activity by
his co-conspirators, including hacks into the computer servers of the Irish political party Fine
Gael; a U.S. online media outlet,
a foreign law firm,
; and the Sony
Playstation Network.
In addition to the six core members identified above, several individuals were loosely
affiliated with Monsegur and LulzSec, including, significantly, Donncha OCearrbhail, a/k/a
palladium, and Jeremy Hammond, a/k/a Anarchaos. Hammond, the FBIs number one
cybercriminal target at the time of his arrest in 2012, was a prolific and technically skilled hacker
who launched cyber attacks against scores of governmental institutions, law enforcement
organizations, and businesses during a nearly year-long rampage in which he broke into these
victims computer systems, stole data, defaced websites, destroyed files and published online the
sensitive personal and financial information of thousands of individuals all with the object of
creating, in Hammonds words, maximum mayhem.
The hacks identified above constitute only a portion of the significant criminal computer
intrusions committed by Internet Feds, LulzSec, and their members, including Monsegur. As the
examples make clear, Monsegur and his co-conspirators indiscriminately targeted government
agencies, private companies, and news media outlets. In many instances, the harms inflicted on
these entities were significant, ranging from defacements of their websites to the exfiltration of
personal identification information of customers or employees of the entities; the costs associated
with repairing these attacks ran into the tens of millions of dollars. Monsegur was a key
participant in these Anonymous hacking crews, providing his technical expertise to aid in many
of the hacking operations.
Case
30 Filed 07/08/16
05/23/14 Page 63
7 ofof20
82
II.
The Complaint, Monsegurs Guilty Plea and Subsequent Remand, and the
Guidelines Calculation
On or about June 7, 2011, the FBI approached Monsegur in his home and questioned him
about his online activities. Monsegur admitted his criminal conduct and immediately agreed to
cooperate with law enforcement. That night, Monsegur reviewed his computer files with FBI
agents and provided actionable information to law enforcement. The next morning, Monsegur
appeared in court on a criminal complaint charging him with credit card fraud and identity theft,
and was released on bail, whereupon he immediately continued his cooperation with the
Government, as described further below. On or about August 15, 2011, Monsegur appeared
before Your Honor and entered a guilty plea pursuant to a cooperation agreement with the
Government. Pursuant to the terms of that agreement, Monsegur pled guilty to a 12-count
Superseding Information, S1 11 Cr. 666, charging him with nine counts related to computer
hacking; one count related to credit card fraud; one count of conspiring to commit bank fraud;
and one count of aggravated identity theft. In addition to resolving the charges brought against
him in the Southern District of New York, Monsegurs guilty plea also resolved four cases filed
against him in other districts (including the Eastern and Central Districts of California, the
Northern District of Georgia, and the Eastern District of Virginia) which were transferred to the
Court under docket numbers 11 Cr. 693-696, respectively.
On or about May 24, 2012, the Government moved to revoke Monsegurs bail because he
made unauthorized online postings. Monsegur was arrested and remanded to custody the
following day. He was released on a revised bail package on or about December 18, 2012, and
has remained at liberty since that date. Accordingly, Monsegur has served approximately 7
months in prison in connection with this case.
Case
30 Filed 07/08/16
05/23/14 Page 64
8 ofof20
82
In the PSR, Probation correctly calculates that the defendants base offense level is 7
pursuant to U.S.S.G. 2B1.1(a)(1) and correctly applies a 22-level enhancement in light of a loss
amount between $20 million and $50 million4; a 6-level enhancement given that the offense
involved more than 250 victims; a 2-level enhancement for sophisticated means; and a 4-level
enhancement given that the defendant was convicted of violating Title 18, United States Code,
Section 1030(a)(5)(A). The defendant receives a three-level reduction for his acceptance of
responsibility, resulting in a total adjusted offense level of 38. (PSR 43-59.) The defendant
has zero criminal history points, and is therefore in Criminal History Category I. (PSR 6066.)
Based on an offense level of 38 and a Criminal History Category of I, the defendants
advisory Guidelines Range is 235 to 293 months imprisonment. (PSR 96.) In addition, absent
the Court granting the Governments motion pursuant to Title 18, United States Code, Section
3553(e), the defendant would face a mandatory consecutive term of two years imprisonment,
resulting in a total advisory Guidelines range of 259 to 317 months imprisonment.
III.
Monsegurs Cooperation
Monsegur acknowledged his criminal conduct from the time he was first approached by
agents, before he was charged in this case. Monsegur admitted both to prior criminal conduct
about which the Government had not developed evidence, as well as his role in both Internet
Feds and LulzSec. Monsegur subsequently and timely provided crucial, detailed information
regarding computer intrusions committed by these groups, including how the attacks occurred,
4
This loss figure includes damages caused not only by hacks in which Monsegur
personally and directly participated, but also damages from hacks perpetrated by Monsegurs coconspirators in which he did not directly participate. Monsegurs actions personally and directly
caused between $1,000,000 and $2,500,000 in damages. Had Monsegur not candidly
acknowledged his affiliation with the groups that committed the other hacks, his advisory
Guidelines range likely would have been substantially lower.
7
Case
30 Filed 07/08/16
05/23/14 Page 65
9 ofof20
82
which members were involved, and how the computer systems were exploited once breached.
As set forth below, Monsegurs consistent and corroborated historical information, coupled with
his substantial proactive cooperation and other evidence developed in the case, contributed
directly to the identification, prosecution and conviction of eight of his major co-conspirators,
including Hammond, who at the time of his arrest was the FBIs number one cybercriminal
target in the world. On top of that, Monsegur engaged in additional, substantial proactive
cooperation that enabled the FBI to prevent a substantial number of planned cyber attacks, as set
forth below.
A.
Monsegurs Acceptance of Responsibility
To begin with, Monsegur immediately admitted his role in Internet Feds and LulzSec,
including his role in the major cyber intrusions set forth in the first section of this memorandum.
In addition, Monsegur admitted to playing a role in cyber attacks and intrusions with these
groups that the Government had not previously known that he played. For example, Monsegur
admitted to participating in DDoS (Distributed Denial of Service)5 attacks against the computer
systems of PayPal, MasterCard, and Visa, among other targets. Monsegur also admitted to
hacking certain government websites and taking government servers offline, to providing
security research (that is, publicizing vulnerabilities in computer systems that others could
exploit), and to using his celebrity hacker name Sabu in the hopes that it would inspire
others to join certain criminal activities of these groups.
In addition to his admission to these crimes, Monsegur admitted to engaging in hacking
activities about which the Government had not previously developed evidence. According to
Monsegur, between 1999, when he first began hacking computers, and late 2003/early 2004,
DDoS attacks involve the use of several computers to bombard a victims computer
system with connection requests, thereby overwhelming the victims system, often resulting in
the temporary shutdown of the victims website.
5
Case
1:11-cr-00666-LAP Document
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 10
66 of
of 20
82
Monsegur hacked into thousands of computers. For the next approximately two years, Monsegur
identified vulnerabilities in perhaps 200 computer systems in an effort to grow a legitimate
computer security firm. Then, starting around 2006, Monsegur hacked into computer systems
for personal financial gain, or as part of hacker groups that broke into systems for a variety of
reasons, including so-called hacktivism. Monsegur admitted that, before joining Anonymous
hacking crews, he hacked into a variety of websites and computer systems including the websites
of several businesses. Through these hacks, Monsegur was able to steal credit card information,
and then sold the credit card numbers, gave them away to family members and friends, and used
them to pay his own bills. On at least one occasion, Monsegur was hired to hack into a
businesss computer system. He also successfully hacked into a businesss website and had
merchandise delivered to him free of charge.
Finally, Monsegur acknowledged a variety of other criminal conduct including sales and
attempted sales of small quantities of marijuana; personal marijuana use; illegally possessing an
unlicensed firearm; and purchasing stolen goods including electronics and jewelry.
B.
Monsegur Assists Law Enforcement in Identifying and Locating LulzSec

Members and Affiliates
Monsegurs primary substantial assistance came in the form of his cooperation against
significant cybercriminals affiliated with Anonymous, Internet Feds, and LulzSec. He provided
detailed historical information about the activities of Anonymous, contributing greatly to law
enforcements understanding of how Anonymous operates. Monsegur also provided crucial and
detailed information about the formation, organization, hierarchy and membership of these
hacking groups, as well as specific information about their planning and execution of many
major cyber attacks, including the specific roles of his co-conspirators in committing those
crimes. He also provided historical information that helped resolve open investigations into
9
Case
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 11
67 of
of 20
82
several computer intrusions committed by members of Internet Feds and LulzSec, including the
hacks identified above.
In addition to this crucial historical information, Monsegur proactively cooperated with
ongoing Government investigations. Working sometimes literally around the clock, at the
direction of law enforcement, Monsegur engaged his co-conspirators in online chats that were
critical to confirming their identities and whereabouts. During some of the online chats, at the
direction of law enforcement, Monsegur convinced LulzSec members to provide him digital
evidence of the hacking activities they claimed to have previously engaged in, such as logs
regarding particular criminal hacks. When law enforcement later searched the computers of
particular LulzSec members, they discovered copies of the same electronic evidence on the
individuals computers. In this way, the online nicknames of LulzSec members were definitively
linked to their true identities, providing powerful proof of their guilt. Other times, at the
direction of law enforcement, Monsegur asked seemingly innocuous questions designed to elicit
information from his co-conspirators that, when coupled with other information obtained during
the investigation, could be used to pinpoint their exact locations and identities. Monsegurs
substantial proactive cooperation, as set forth more particularly below, contributed directly to the
identification, prosecution, and conviction of eight of his co-conspirators, including Hammond.
As disclosed in their communications, Hammond and certain other co-conspirators had
learned how to exploit a particular software application vulnerability that enabled him to hack
into many computer servers. At law enforcement direction, Monsegur attempted to learn how
these targets were able to exploit this vulnerability, but was unsuccessful. At the same time,
Monsegur was able to learn of many hacks, including hacks of foreign government computer
servers, committed by these targets and other hackers, enabling the Government to notify the
10
Case
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 12
68 of
of 20
82
victims, wherever feasible, so the victims could engage in remediation efforts and prevent further
damage or intrusions.
Monsegurs cooperation was complex and sophisticated, and the investigations in which
he participated required close and precise coordination with law enforcement officers in several
locations. For instance, during the investigation of Hammond, Monsegur (who was then in New
York) engaged in online chats with Hammond (who was then in Chicago), while coordinating
with FBI agents in New York, physical surveillance teams deployed in Chicago, and an
electronic surveillance unit in Washington, D.C.
Monsegur also engaged in a significant undercover operation in an existing investigation
through which, acting at the direction of law enforcement, Monsegur gathered evidence that
exposed a particular subjects role in soliciting cyber attacks on a foreign government. The
evidence he enabled the Government to obtain was extremely valuable, and the Government
could not otherwise have obtained it without his assistance. Although this cooperation has not
resulted in any prosecutions to date, the Government believes his information, and the evidence
he helped to obtain in this matter, is extremely significant.
C.
Monsegur Assists Law Enforcement in Preventing Hacks
Notably, during the period of his cooperation, Monsegur received communications from
hackers about vulnerabilities in computer systems, as well as computer hacks that were being
planned or carried out by them. The FBI used this information, wherever feasible, to prevent or
mitigate harm that otherwise would have occurred. The FBI estimates that it was able to disrupt
or prevent at least 300 separate computer hacks in this fashion. The victims included divisions
of the United States Government such as the United States Armed Forces (specifically,
, the United States Congress, the United States Courts (specifically,
11
Case
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 13
69 of
of 20
82
), and NASA; international intergovernmental organizations

(specifically,
television network (
(
); and several private companies including a

), a security firm (
), a video game manufacturer
), and an electronics conglomerate (
). Although difficult to quantify, it is likely
that Monsegurs actions prevented at least millions of dollars in loss to these victims.
Monsegur also provided information about vulnerabilities in critical infrastructure,
including at a water utility for an American city, and a foreign energy company. Law
enforcement used the information Monsegur provided to secure the water utility, and the
information about the energy company was shared with appropriate government personnel. In
addition, when Anonymous claimed to have hacked the electrical grid in the United States,
Monsegur communicated with certain Anonymous members who revealed that the claims were a
hoax. This saved the Government the substantial time and resources that otherwise would have
been deployed in responding to these bogus claims.
Discussion
I.
Applicable Law
The United States Sentencing Guidelines still provide strong guidance to the Court
following United States v. Booker, 543 U.S. 220 (2005), and United States v. Crosby, 397 F.3d
103 (2d Cir. 2005). As the Supreme Court stated, a district court should begin all sentencing
proceedings by correctly calculating the applicable Guidelines range that should be the
starting point and the initial benchmark. Gall v. United States, 128 S. Ct. 586, 596 (2007).
After that calculation, however, a sentencing judge must consider seven factors outlined
in Title 18, United States Code, Section 3553(a): the nature and circumstances of the offense
and the history and characteristics of the defendant, 18 U.S.C. 3553(a)(1); the four legitimate
12
Case
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 14
70 of
of 20
82
purposes of sentencing, see id. 3553(a)(2); the kinds of sentences available, id. 3553(a)(3);
the Guidelines range itself, see id. 3553(a)(4); any relevant policy statement by the Sentencing
Commission, see id. 3553(a)(5); the need to avoid unwarranted sentence disparities among
defendants, id. 3553(a)(6); and the need to provide restitution to any victims, id.
3553(a)(7). See Gall, 128 S. Ct. at 596 & n.6.
II.
Evaluation of Defendants Cooperation

Section 5K1.1 of the Guidelines sets forth five non-exclusive factors that sentencing
courts are encouraged to consider in determining the appropriate sentencing reduction for a
defendant who has rendered substantial assistance, including the significance and usefulness of
the assistance; the truthfulness, completeness and reliability of the defendants information and
testimony; the nature and extent of the assistance; any injury suffered, or any danger or risk of
injury to the defendant or his family resulting from his assistance; and the timeliness of the
assistance.
As to the significance and usefulness of the defendants assistance, Monsegurs
cooperation was extraordinarily valuable and productive. Monsegur provided unprecedented
access to LulzSec a tightly knit group of hackers who targeted and successfully breached a
variety of computer systems operated by governments, businesses, and news media outlets.
Through Monsegurs historical information and substantial proactive cooperation, the FBI and
international law enforcement were able to pierce the secrecy surrounding the group, identify and
locate its core members, and successfully prosecute them. In particular, when Monsegur first
was arrested, he provided the FBI with information about the identities and whereabouts of core
LulzSec members. This information helped focus the investigations being conducted by the FBI
and international law enforcement, allowing them to develop additional evidence against
13
Case
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 15
71 of
of 20
82
LulzSec members. At the direction of law enforcement, Monsegur then engaged in online chats
with various LulzSec members, convincing them to disclose details that confirmed their
identities and whereabouts including, as noted above, digital evidence that later was matched to
files stored on the LulzSec members computers. Monsegur also provided in-depth information
regarding many of the computer hacks that LulzSec had perpetrated.
Monsegurs efforts contributed directly in the identification, prosecution, and convictions
of core members of LulzSec, including:
Ryan Ackroyd, a/k/a Kayla. Ackroyd was arrested by authorities in the
United Kingdom. He pled guilty and was sentenced to 30 months imprisonment.
Jake Davis, a/k/a Topiary. Davis was arrested by authorities in the
United Kingdom. He pled guilty and was sentenced to 24 months custody in a young offender
institution.
Mustafa Al-Bassam, a/k/a T-Flow. Al-Bassam was arrested by
authorities in the United Kingdom. He pled guilty and was sentenced to a 20 month term, which
was suspended for two years, as well as 300 hours community service.
Darren Martyn, a/k/a pwnsauce, was arrested by authorities in Ireland.
He subsequently pled guilty and received a sentence of probation and a fine.
In addition to these core members of LulzSec, Monsegurs cooperation led to the arrest
and prosecution of others who contributed to LulzSecs hacking efforts, including:
Jeremy Hammond, a/k/a Anarchaos. As the Court is aware, Hammond,
the FBIs most wanted cybercriminal in the world at the time of his arrest, was prosecuted in the
Southern District of New York, pled guilty, and was sentenced by the Court principally to a term
of imprisonment of 120 months.
14
Case
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 16
72 of
of 20
82
Ryan Cleary. Cleary was arrested by authorities in the United Kingdom.

He pled guilty and was sentenced to 32 months imprisonment.
Donncha OCearrbhail, a/k/a palladium. OCearrbhail was arrested by
authorities in Ireland, pled guilty, and was sentenced to probation and a fine.
Matthew Keys. Keys is currently charged in the Eastern District of
California in connection with his role in permitting unauthorized access to the Tribune
Companys computer systems.
All of these prosecutions were extremely important to the Government. As set forth
above, these hackers engaged in significant cyber attacks against computer systems that
belonged to government agencies and contractors, news media outlets, non-profit institutions,
and private entities. Some of the attacks defaced news media websites, others rendered
government websites inaccessible, and still others resulted in the exfiltration of the personal
identification information of victims.
Yet the number of prosecutions to which Monsegur contributed only partially conveys
the significance and utility of his cooperation. On a daily basis throughout the summer of 2011,
Monsegur provided, in real time, information about then-ongoing computer hacks and
vulnerabilities in significant computer systems. Through Monsegurs cooperation, the FBI was
able to thwart or mitigate at least 300 separate hacks. The amount of loss prevented by
Monsegurs actions is difficult to fully quantify, but even a conservative estimate would yield a
loss prevention figure in the millions of dollars. Moreover, Monsegur provided information
about actual and purported vulnerabilities in critical infrastructure, allowing law enforcement to
respond appropriately.
15
Case
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 17
73 of
of 20
82
Finally, as set forth above, Monsegur engaged in a significant undercover operation in

which, acting at the direction of law enforcement, he helped to obtain evidence that exposed a
subjects role in soliciting cyber attacks on the computer systems of a foreign government.
While it has not resulted in prosecutions to date, this evidence is significant and valuable to the
Government.
As to Monsegurs truthfulness, completeness and reliability, he presented as fully candid,
and admitted not only to crimes about which the Government had gathered evidence, but also
crimes about which the Government had not previously gathered evidence. Monsegurs
information was also consistently reliable and complete, corroborated by documents and
electronic files, as well as by statements from other witnesses. As noted above, while Monsegur
made certain unauthorized online postings that resulted in the revocation of his bail and his
incarceration for several months, following his release from custody in December 2012,
Monsegur made no further unauthorized postings.
As to the nature and extent of Monsegurs cooperation, as noted above, Monsegur has
been cooperating with law enforcement for approximately three years. His cooperation entailed
many multi-hour meetings with FBI agents that extended into the late evening and early morning
hours. Monsegur provided substantial historical cooperation, as well as substantial proactive
cooperation, and he was prepared to testify if needed. However, to date, every defendant against
whom Monsegur has cooperated has pled guilty with the exception of Keys, who is awaiting
trial. Monsegurs cooperation no doubt played a significant role in securing several of these
guilty pleas in that, among other things, acting at the direction of law enforcement, Monsegur
obtained incriminating online chats with most of the defendants that constituted strong proof of
each defendants guilt.
16
Case
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 18
74 of
of 20
82
The nature of Monsegurs cooperation was also somewhat atypical in that his work as a
cooperating witness was made public shortly after the arrest of the core LulzSec members. This
revelation in itself served an important deterrent effect throughout the hacking community. At
the same time, it resulted in significant scrutiny of Monsegur and his family members.
As to the danger or risk associated with Monsegurs cooperation, Monsegur faced
hardships because of his cooperation. During the course of his cooperation, the threat to
Monsegur and his family became severe enough that the FBI relocated Monsegur and certain of
his family members. Monsegur repeatedly was approached on the street and threatened or
menaced about his cooperation once it became publicly known. Monsegur was also harassed by
individuals who incorrectly concluded that he participated in the Governments prosecution of
the operators of the Silk Road website.
Moreover, Monsegur has been vilified online by various groups affiliated with the
Anonymous movement, which particularly affected him given the central role that his online
activity played in his life prior to his cooperation with the Government. Among other things,
certain groups have sought to release Monsegurs personal identification information (such as his
exact address) as well as the personal identification information of certain of his family
members.
Members of Monsegurs family have been threatened because of his cooperation, and one
of those relatives was involved in a physical altercation regarding Monsegurs cooperation.
Monsegurs family members have also repeatedly been approached by members of the media. In
one instance, a reporter was removed from the school of the children for whom Monsegur served
as guardian after the reporter entered the school and attempted to interview the children.
17
Case
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 19
75 of
of 20
82
As to the timeliness of Monsegurs assistance, as noted above, he immediately

cooperated with law enforcement. Just hours after being approached by law enforcement, he was
back online cooperating proactively. His timely decision to cooperate helped prevent or mitigate
hundreds of hacks; allowed the Government to develop sufficient evidence to charge multiple
individuals with serious computer crimes; and revealed a significant subjects role in soliciting
cyber attacks against a foreign government. Had Monsegur delayed his decision to cooperate,
his efforts would have been far less fruitful. In fact, LulzSec had developed an action plan to
destroy evidence and disband if the group determined that any of its members had been arrested,
or were out of touch with the other group members for an extended period of time. Accordingly,
had Monsegur delayed his decision to cooperate and remained offline for an extended period of
time, it is likely that much of the evidence regarding LulzSecs activities would have been
destroyed, and members of the group would have become much more difficult to locate.
Monsegurs immediate decision to cooperate was thus particularly important to the ultimate
successes that stemmed from his cooperation.
Conclusion
In light of the foregoing facts, the Government respectfully requests that, pursuant to
Section 5K1.1 of the Guidelines, the Court grant the defendant a substantial downward departure
at sentencing. In addition, the Government respectfully moves, pursuant to Title 18, Section
3553(e), for relief from the otherwise applicable mandatory minimum sentence in this case.
Such a sentence will appropriately account for the defendants extraordinary cooperation, and be
sufficient, but not greater than necessary, to serve the legitimate goals of sentencing.
18
Case
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 20
76 of
of 20
82
Request to Seal
The Government respectfully requests that it be permitted to file limited portions of this
submission under seal to protect the identities of certain victims.
Dated: New York, New York
May 23, 2014
Respectfully submitted,
PREET BHARARA
United States Attorney
By:
19
/S/
James J. Pastore, Jr.
Assistant United States Attorney
Tel.: (212) 637-2418
EXHIBIT 7
P.O. Box 2892, Church St. Station, New York, NY 10008-2892 | Tel: (646) 535-9743 (646) 535-9128 | info@thefocusforwardproject.org
OFFICERS
Justine Kentla
Executive Director
Alexandra Katz
Executive Director
BOARD OF DIRECTORS
Hon. Barbara S. Jones (ret.)
Chairperson
Fiona Doherty
Sean Hecker
Deirdre von Dornum
Jose Maldonado
Amy Finzi
May 15, 2016

Honorable Randolph D. Moss
United States District Court
333 Constitution Avenue N.W.
Washington, DC 20001
Dear Judge Moss,
I write in support of Mir Islam, a successful graduate of The Focus Forward
Project class. The Focus Forward Project, Inc. is a nonprofit organization dedicated to
providing educational programming to federal pretrial inmates and individuals under
pretrial supervision. The Focus Forward Project class is a twelve-week course
designed to provide both an intellectual and emotional outlet for students as they
navigate the stress and uncertainty of the pretrial phase of their federal case. The class
meets once a week for two hours and participants are required to complete weekly
reading and journal assignments. The first hour of each class is spent discussing and
analyzing the book A Long Way Gone by Ishmael Beah. The second half of the class
focuses on life skills, highlighting a different one each week. By the end of the
course, participants walk away with a completed working resume, interview skills,
conflict resolutions skills, public speaking skills, and both short and long-term goals.
The mission of The Focus Forward Project is to provide participants with the
confidence and skills to move forward successfully in their lives. Mir graduated from
the course on Tuesday, August 26, 2014.
Mir was an invaluable participant in my class. From the very first day, it was
obvious that he would bring light-hearted humor and laughter to our class discussions.
He participated enthusiastically in all our discussions, whether we were talking about
the book, covering various life skills, or just talking about the experiences the men
were going through. Mir always had an insightful comment to share about his own
experiences, or from his impressive wealth of trivia on subjects ranging from history
to psychology. But he also displayed humility, opening up to the group about the
frustration and disappointment he felt about finding himself in this situation. By the
end of the class, he was able to build genuine friendships with his classmates.
I came to know Mir as an intelligent and dedicated student. Although he
occasionally struggled with the reading material, he always listened to his classmates'
comments and was able to develop his own ideas and build on them from week to
week. He allowed his classmates to help him develop his thoughts, and he showed
marked improvement in his critical thinking and analytical skills as the class
progressed.
For the Public Speaking unit in the class, Mir had to talk about a person in his life who had
inspired him. I saw again evidence of his willingness to accept advice from those around him.
He spoke movingly about a close friend and role model who has inspired him to mature, and
become more thoughtful of others. He spoke about growing up, and learning to surround
himself with positive and supportive friends. Mir revealed his developing interest in
psychology and human nature, and how he hopes to use knowledge of those subjects to help
people. As the class progressed, I watched him create positive goals for himself, and become
more aware of how his life affects others.
I feel strongly that Mirs experiences have made him a wiser, more self-aware, more
thoughtful person, and that he will continue to apply the lessons hes learned for the rest of
his life.
Mir Islam is an intelligent, caring, supportive man with tremendous gratitude toward those
who have helped him. I feel lucky to have gotten to know Mir and will remain supportive of
him going forward, doing whatever I can to help him. My aim is to give you a view of Mir
through my eyes after spending twelve weeks getting to know him. I appreciate the time
Your Honor has taken to read my letter. If you have any questions, please feel free to contact
me directly at the number listed below.
Sincerely,
Naomi Chakofsky-Lewy
The Focus Forward Project, Inc.
Project Coordinator/Class Facilitator
206-229-2880
EXHIBIT 8

Case 1:15-cr-00067-RDM Document 31

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Case 1:15-cr-00067-RDM Document 31

Uploaded by

Copyright:

Available Formats

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 1 of 82

IN THE UNITED STATES DISTRICT COURT

Crim. No. 15-cr-67 (RDM)

DEFENDANTS MEMORANDUM IN AID OF SENTENCING

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 2 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 3 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 4 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 5 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 6 of 82

https://www.youtube.com/watch?v=TiW-BVPCbZk (last accessed July 7, 2016).

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 7 of 82

his co-conspirators in their immaturity as an acceptable prank to make political statements or

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 8 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 9 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 10 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 11 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 12 of 82

This undoubtedly contributed significantly to his

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 13 of 82

In light of the harshness of this period of confinement, additional confinement is

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 14 of 82

(e) Education and rehabilitation

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 15 of 82

To support this argument, the government describes what the

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 16 of 82

More fundamentally, however, there is no reason to indulge the government in its

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 17 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 18 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 19 of 82

in a Sample of Offenders Convicted of White-Collar Crimes, 33 CRIMINOLOGY 587 (1995). These

The Need to Avoid Unwarranted Sentencing Disparities

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 20 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 21 of 82

allowing the defendant to learn vocation-related skills in a job-like environment. According to a

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 22 of 82

By: /s/ Matthew J. Peed

Matthew J. Peed (D.C. Bar No. 503328)

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 23 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 24 of 82

GET OUT OF TOWN

READ THIS. list

2 FBI Just Crushed Hillarys Email Excuses

3 Chasing the Smart Car: Are We Close?

Doxxing: Its Like Hacking, But Legal

4 Realism vs. Exploitation in OITNB

5 Ciara: Future Might Kill Russell Wilson

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 25 of 82

GET OUT OF TOWN

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 26 of 82

GET OUT OF TOWN

U.S. Betrayed: The Real

What Donald Trump Has

Ten Behaviors of Sexually

Actor John Turturro

The Bride Had No Idea

How To Fix Your Fatigue

RAG & BONE OFFICIAL |

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 27 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 28 of 82

MATHONAN GEAR 09.11.12 6:00AM

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 29 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 30 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 31 of 82

Case 1:15-cr-00067-RDM Document 31 Filed 07/08/16 Page 32 of 82