Professional Documents
Culture Documents
)
)
)
)
)
)
)
)
)
afford adequate deterrence to criminal conduct, to protect the public from further crimes of the
defendant, and to provide the defendant with needed correctional treatment; (4) the kinds of
sentences available; (5) the Sentencing Guidelines and related Sentencing Commission policy
statements; (6) the need to avoid unwarranted sentencing disparities; and (7) the need to provide
restitution to any victims of the offense. These requirements reflect the uniform and constant
federal judicial tradition of considering every convicted person as an individual and every case as
a unique study in the human failings that sometimes mitigate, sometimes magnify, the crime and
the punishment to ensue. Gall v. United States, 552 U.S. 38, 52 (2007) (quotation omitted).
ANALYSIS
I.
Further Imprisonment Is Not Necessary to Meet the Goals of Sentencing Under Section
3553(a)
A. Sentencing Guidelines and Sentencing Commission Policy Statements
As a matter of administration and to secure nationwide consistency, the Sentencing
Guidelines should be the starting point and the initial benchmark for determining the defendants
sentence. Gall, 552 U.S. at 49. In the ordinary case, the Commissions recommendation of a
sentencing range will reflect a rough approximation of sentences that might achieve 3553(a)s
objectives. Kimbrough v. United States, 552 U.S. 85, 89-90 (2007) (quoting Rita v. United States,
551 U.S. 338, 447 (2007)).
Here, the Sentencing Commissions guidelines and policy statements strongly support the
defense recommendation of time served, which with good time credits amounts to an effective
sentence of 37 months. Both parties and the PSR agree that the correct guidelines range is 41 to 51
months. But the government has also filed a motion pursuant to USSG 5K1.1, recognizing that
Islam provided substantial assistance to authorities. Thus, the governments request for a sentence
in the middle of the guidelines range conflicts with the policy statements stating that courts should
2
make an appropriate reduction from the guidelines range based on a list of factors related to the
defendants cooperation. USSG 5K1.1(a) (emphasis added); see also id. at 5K1.1 (describing
purpose of provision as allowing a court to depart from the guidelines) (emphasis added).
According to data compiled by the Sentencing Commission, the average downward departure for
5K1.1 motions is 52.6 percent from the bottom of the original guideline rangeover five times
the reduction requested by Islam. U.S. Sentencing Commission, 2014 Sourcebook of Federal
Sentencing Statistics, at Appendix A, Table A-1. Thus, by any measure, the less than ten percent
departure from the guidelines range requested by the defense is an appropriate reduction that
furthers the policies underlying the guidelines and rewards defendants for the often life-threatening
assistance they provide to the government.
B. Nature and Circumstances of the Offense
The government rightfully characterizes the offenses in this case as serious.
They
encompass three basic crimes: (i) doxing, or the posting of personally-identifying information
such as dates of birth, social security numbers, and fraudulently-obtained credit reports online;
(ii) swatting, or the harassing of individuals through false reports to 911 of emergency situations
with the intention of causing a dangerous invasion of the persons homes by heavily-armed police;
and (iii) the severe and intrusive harassment of A.R.T., an individual with whom Islam became
infatuated, including a swatting incident that resulted in the closure of her university. These
crimes exploit the increasingly digital nature of peoples lives to invade their privacy and subject
them to harassment and even the risk of violence. Swatting in particular is a reprehensible act
that endangers the lives of both police and innocent victims and wastes scarce public resources. As
reflected in the undisputed guidelines range of 41-51 months, these crimes deserve of a period of
incarceration.
Without minimizing the serious nature of these crimes, however, there are factors for each
offense that are mitigating to a certain degree or place the offense in a necessary broader context.
With regard to the doxing offenses, for example, the webpage created by Islam and his coconspirators, The Secret Files, was only online and accessible online for three short periods of 8,
20, and 20 days each,1 and there is no evidence that any of the information was used by members
of the public. PSR 21-27. Moreover, although Islam and his co-conspirators indisputably broke
the law by posing as third-parties to obtain credit reports and then posting the reports online, the
general practice of doxing public figures is not actually illegal if the information is obtained
legally. See Ex. 1 (Christine Pelisek, Doxxing: Its Like Hacking, But Legal, THE DAILY BEAST
(March 13, 2013)) (reporting on the Secret Files website created by Islam and his co-conspirators,
describing it as a classic case of doxxing and stating that [i]n many cases, its not even illegal).
This veneer of legality, especially as perceived by the immature minds of the teenage coconspirators, should be taken into account. Finally, the co-conspirators motivations reveal a
misguided but public-minded spirit and desire for attention not uncommon among teenagers. For
example, in one of their most notorious hacks, Islam and his co-conspirators temporarily disabled
4chan.com, a popular image-sharing website where users regularly traded jailbait photos of
young girls, because Islam thought everyone on 4chan was a child molester. Ex. 2 (Mat Honan,
Cosmo, the Hacker God Who Fell to Earth, WIRED (September 11, 2012)) (quoting E.T., a coconspirator known as, Cosmo the God). Similarly, in a farewell statement on their Exposed
website, the co-conspirators quoted extensively from the farewell message of another prominent
group of hackers, Lulz Security, issued in 2011 on George Orwells birthday:
Although the second and third of the periods ended with a law enforcement request to take the site
offline, the first period ended voluntarily and was accompanied by a farewell message.
4
While we are responsible for everything that The Lulz Boat is, we are not tied to
this identity permanently. Behind this jolly visage of rainbows and top hats, we are
people. People with a preference for music, a preference for food; we have varying
taste in clothes and television, we are just like you. Even Hitler and Osama Bin
Laden had these unique variations and style, and isnt that interesting to know?
The mediocre painter turned supervillain liked cats more than we did.
Again, behind the mask, behind the insanity and mayhem, we truly believe in the
AntiSec movement. We believe in it so strongly that we brought it back, much to
the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that
the movement manifests itself into a revolution that can continue on without us.
The support weve gathered for it in such a short space of time is truly
overwhelming, and not to mention humbling. Please dont stop. Together, united,
we can stomp down our common oppressors and imbue ourselves with the power
and freedom we deserve.
So with those last thoughts, its time to say bon voyage. Our planned 50 day cruise
has expired, and we must now sail into the distance, leaving behind - we hope inspiration, fear, denial, happiness, approval, disapproval, mockery,
embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we
had a microscopic impact on someone, somewhere. Anywhere.
Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we
head for the horizon.
Ex. 3 (Jason Mick, LulzSec Departs, Fires Parting Shot 812,000 User Accounts Leaked, Daily
Tech (June 26, 2011) (words copied by Islams group in italics); see also PSR, 23 (quoting Islams
farewell message). Like the LulzSec hackers, Islam and his co-conspirators broke the law and
must be punished. However, the fact that they were teenagers reflecting an immature yet principled
mindset common in the hacker community softens the edges in the governments portrayal, and
should be taken into consideration.
Similarly, although Islam and his co-conspirators repeated swatting of celebrities and
public officials was extremely traumatic and dangerous for their victims, there are additional
circumstances that also help to put this crime in context. Specifically, in the online gaming
communities in which Islam and his coconspirators practically lived and breathed, swatting was an
unfortunately common tactic used by competitive gamers to harass their opponents during or after
online matches. See Ex. 2 (Mat Honan, Cosmo, the Hacker God Who Fell to Earth, WIRED
(September 11, 2012)); see also Real SWAT Team Raid Shooting Gamer Live on Twitch,
YOUTUBE, available at https://www.youtube.com/watch?v=Dzav_Fjlz1M (last accessed July 7,
2016);
10
Streamers
Get
Swatted
Live,
YOUTUBE,
available
at
In addition to being perceived as a normal prank by Islam and his coconspirators at the time, it
is also noteworthy that swatting, like doxing, was not a violation of federal law in all circumstances.
See, e.g., Ex. 5 (Press Release, Office of Representative Katherine Clark, Clark bill aims to combat
dangerous swatting hoaxes (Nov. 18, 2015) (While federal law prohibits using the
telecommunications system to falsely report a bomb threat hoax or a terrorist attack, falsely
reporting other emergency situations is not currently prohibited.)).
2
A document produced in discovery suggests that the FBI agents who interviewed A.R.T. believed
she may have been untruthful about her internet usage and history, but does not elaborate on the
reasons for this conclusion.
4
This information was reported in an email to undersigned counsel by AUSA Weiss. The email
noted that the government has not found any evidence substantiating this speculation by Islams
co-conspirator, however.
7
to communicate with her and her friends was at least in part a reaction to the confusing disconnect
between the real world and what he experienced online, as exacerbated by his untreated obsessivecompulsive disorder.
C. History and Characteristics of the Defendant
Islams history and characteristics before and after his incarceration include several strongly
mitigating factors supporting the recommended sentence. Specifically, Islams youth and mental
health problems before his arrest, and his subsequent maturation, educational progress, and
successful mental health treatment, show that he is a profoundly changed individual who would be
extremely unlikely to return to criminal conduct.
1. Background
Islam was born in Bangladesh on June 24, 1994. His family emigrated to the United States
in 2000 and settled in Bronx, New York. After a fairly normal childhood, Islam developed several
mental health problems in adolescence, including bipolar disorder, chronic depression, obsessive
compulsive disorder (OCD), and attention deficit and hyperactivity disorder (ADHD). None of
these conditions were treated. Around the same time, Islam began immersing himself in online
gaming, chatting, and other activities. These activities functioned as an addiction, both soothing
and exacerbating his mood and attention disorders. As a result, Islam dropped out of high school
and began spending 15-18 hours a day online without interruption or parental intervention.
It was during this period, while he was still a minor, that Islam became involved in the
carding activities that led to his arrest in the Southern District of New York shortly after his 18th
birthday. According to the New York PSR, these activities began in 2009, when Islam was just 14
or 15 years old. For Islam and the other teenagers he met online, the Internet was a powerful and
seductive playground that allowed them to purchase food and electronics with stolen credit card
numbers before they were even old enough to drive, as well as chase fame and attention through
8
celebrity-related doxing and hacks. According to Islam, at the time he viewed these activities as
adolescent pranks, and it was difficult to connect the thrill he received from his virtual activities to
any real-world consequences. That was so even after he was arrested the day after his 18th birthday,
since he was spared the lessons of prison when he was granted pretrial release. This helps explain
why, even while cooperating with the government in his pending case, Islam conspired with his
friends to create the doxing and swatting website.
All that changed when Islams release was revoked and he was forced to experience the
reality of life in prison for the first time. Islam spent the life-changing, formative years that many
young people spend in college in Queens Detention Facility. There he experienced enormous
hardship and was subjected to unusually harsh and punitive conditions, with lifelong affects. For
example, upon his remand into custody, Islam was placed into a unit where he had to share one
toilet and sink with twenty-five other inmates, not to mention insects and vermin. A restless sleeper,
Islam requested to be placed on a bottom bunk for safety reasons. Prison officials ignored this
request, and in 2013 Islam fell off of the top bunk and suffered a herniated disc and nerve damage
in his legs and right arm, causing him chronic pain to this day. PSR 134. On another occasion,
Islam was provided vitamins by correctional staff contaminated by mold. Id. The vitamins caused
damage to the cartilage in his wrists and knees, pain in his clavicle, and discoloration on his skin,
and exacerbated his chronic pain.
These experiences served as a wake-up call and set Islam on the path hes on today. The
change in Islam is evidenced in his educational and emotional progress. After dropping out of
school, Islam earned his GED in December 2013 while incarcerated, PSR 144, and in August
2014 successfully graduated from a twelve-week program through the Focus Forward Project, PSR
145. In a letter to the court, Naomi Chakofsky-Lewy, Coordinator of the Focus Forward Project,
eloquently describes the contributions Islam made to the class and his personal growth and maturity
as a result of his participation in the program. Ex. 7. After working with him for twelve weeks,
Ms. Chakofsky-Lewy describes Islam as an intelligent, caring, supportive man with tremendous
gratitude toward those who have helped him, and expressed her strong belief that Mirs
experiences have made him a wiser, more self-aware, more thoughtful person, and that he will
continue to apply the lessons hes learned for the rest of his life. Id.
Obtaining treatment for his mental health issues played an indispensable role in this
turnaround. As noted in the PSR, Islam now takes Celexa (antidepressant); Depakote (treatment
for bipolar disorder); Wellbutrin (antidepressant); and Effexor (antidepressant). PSR 136. This
has allowed him to experience a level of mental stability he lacked growing up, and freed him of
the compulsive need to seek stimulations through addictions like the Internet and obsessive
romantic attachments. He has also matured in his outlook on life. As he wrote in his letter to the
court, Islam is grateful for his arrest, and credits the government with saving his life. Ex. 8. This
perspective is incredibly mature and shows the tremendous strides Islam has made.
2. Sentencing Implications
This brief discussion of Islams history and characteristics includes several factors noted by
sentencing courts as mitigating factors justifying a downward departure or variance:
(a) Youth
The Supreme Court has cited youth as an important mitigating factor on multiple occasions.
See Gall, 552 U.S. at 58 (Immaturity at the time of the offense conduct is not an inconsequential
consideration.While age does not excuse behavior, a sentencing court should account for age
when inquiring into the conduct of a defendant.) (quoting sentencing court). This is so even for
defendants like Islam, who, having just turned 18, was not technically a minor at the time of these
offenses. See id. (stating that [r]ecent studies on the development of the human brain conclude
10
that human brain development may not become complete until the age of twenty-five, and noting
that the recent [National Institute of Health] report confirms that there is no bold line demarcating
at what age a person reaches full maturity.). As the Supreme Court has explained, [t]he relevance
of youth as a mitigating factor derives from the fact that the signature qualities of youth are
transient; as individuals mature, the impetuousness and recklessness that may dominate in younger
years can subside. Roper v. Simmons, 543 U.S. 551 (2005). Moreover, courts have also
recognized that young or first-time offenders are good candidates for lower sentences based on their
lowered risk of recidivism, as established in Sentencing Commission studies. See, e.g., United
States v. Ross, 557 F.3d 237 (5th Cir. 2009); United States v. Prisel, 316 F. Appx 377 (6th Cir.
2008); United States v. Cabrera, 567 F. Supp. 2d 271 (D. Mass. 2008) (citing studies).
(b) Mental health issues
A history of mental health issues is also an important mitigating factor, for two main
reasons. First, courts recognize that a defendant should be judged less harshly when his criminal
conduct was spurred in part by a mental health condition.5 Second, diagnosis and treatment of a
defendants mental health problems is one of the strongest factors that reduces the risk of
See, e.g., United States v. Ferguson, 942 F. Supp. 2d 1186, 1194 (M.D. Ala. 2013) (noting that
diminished capacity is relevant to 3553(a) factors as well as 5K 2.13 departure and varying
down to sentence of probation where defendant suffered from schizoaffective disorder, PTSD, and
neurocognitive limitations); United States v. Pallowick, 364 F. Supp. 2d 923 (E.D. Wis. 2005)
(imposing sentence of 46 months where defendant was convicted of six armed bank robberies and
Guidelines were 70-87 months because defendants major depressive disorder and anxiety disorder
played major role); United States v. Lighthall, 389 F.3d 791 (8th Cir. 2004) (affirming downward
departure where college student with obsessive compulsive disorder obsessively collected child
pornography); United States v. Ruklick, 919 F.2d 95, 97, 99 (8th Cir. 1990) (affirming downward
departure where defendant suffered from schizophrenic affective disorder that predated drug abuse
and impaired his judgment); United States v. Garcia, 497 F.3d 964 (9th Cir. 2007) (affirming
district courts discretion to consider defendants alleged diminished mental capacity due to drug
addiction); United States v. Menyweather, 431 F.3d 692, 698 (9th Cir. 2005) (affirming 8-level
departure and probationary sentence in embezzlement case in part due to defendants post-traumatic
stress disorder (PTSD)).
11
recidivism.6 Here, all of Islams crimes occurred while his depression, bipolar disorder, OCD, and
ADHD were undiagnosed and untreated.
impulsive and obsessive behavior toward A.R.T. and other addictive online activities. Having been
treated for the first time in prison, Islam has experienced enormous progress in his mood stability,
and reports feeling like a different person with no psychological connection to the overweight,
depressed, and obsessed individual he was at the age of eighteen. Ex. 8. This strongly weighs in
favor of the recommended sentence.
(c) Lack of prior experience with incarceration
Although the government emphasizes as an aggravating factor that the instant offenses were
committed while Islam was facing charges in his New York case, at that time Islam was a first-time
offender with no prior experience being incarcerated. As many courts have recognized, time in
prison has greater significance for those imprisoned for the first time, and thus, that a lesser prison
term is sufficient to deter a defendant who has never been subject to prior lengthy incarceration.
See, e.g., United State v. Baker, 445 F.3d 987 (7th Cir. 2006) (affirming downward variance to 78
months from 108 months justified in part by judges finding that prison would mean more to the
defendant than one who has been imprisoned before, which resonated with the goal of just
punishment in 3553(a)(2)(A) and adequate deterrence in Section 3553(a)(2)(B)); United States
v. Cull, 446 F. Supp. 2d 961 (E.D. Wis. 2006) (non-guideline sentence of 2 months in jail and 4
See, e.g., United States v. Ross, 557 F.3d 237 (5 Cir. 2009) (reversing sua sponte increase of
original below-guideline sentence where original sentence was based on defendants lack of
criminal history, strong family support, and youth as mitigating factors, and a psychiatrist who had
evaluated the defendant had testified that he had a low likelihood of recidivism); United States v.
Prisel, 2008 WL 4899451 (6th Cir. 2008) (affirming sentence of one day of imprisonment with
three years of supervised release, despite guidelines range of 27-33 months, where district court
cited the defendants age and his mental and emotional condition, and psychiatric testimony
indicated that his risk of recidivism was low).
12
months home confinement, where advisory range was 10-14 months for marijuana offense by
defendant who had never been confined, was sufficient to impress on him the seriousness of his
crime and deter him from re-offending).7
(d) Harsh conditions of confinement
Similarly, where a defendant has spent the pretrial period of incarceration under unusually
harsh conditions, courts recognize that a shorter period of post-sentencing incarceration is
appropriate, both as a matter of justice and deterrence. See, e.g., United States v. Pressley, 345 F.3d
1205 (11th Cir. 2003); United States v. Carty, 263 F.3d 191 (2d Cir. 2001); United States v. Ortiz,
2007 WL4208842 (D. N.J. Nov. 27, 2007); United States v. Mateo, 299 F. Supp. 2d 201 (S.D.N.Y.
2004); United States v. Rodriguez, 214 F. Supp. 2d 1239 (M.D. Ala. 2002); United States v. Bakeas,
987 F. Supp. 44, 50 (D. Mass. 1997). Here, Islams incarceration included 4 months of protective
solitary confinement, and resulted in injuries that will continue to affect him for years, if not for the
rest of his life, including a herniated disc, nerve damage, and damaged cartilage in his wrists and
knees.
unnecessary both as a matter of punishment and to deter Islam from future crimes, since his own
body will long provide him with painful reminders of this period his life.
See also United States v. Collington, 461 F.3d 805 (6th Cir. 2006) (affirming sixty-month
downward variance where defendant had only been incarcerated for seven months prior to his
crime, despite being in Criminal History Category IV); United States v. Newhouse, 919 F.Supp. 2d
955 (N.D. Iowa 2013) (varying down from career offender range to a ninety-six month sentence
where defendants only two prior convictions resulted in probationary sentences); United States v.
Moreland, 568 F. Supp. 2d 674 (S.D. W. Va. 2008) (rejecting career offender Guideline range of
30 years to life to impose statutory minimum 120 months for a defendant whose remote and nonviolent predicate convictions were cumulatively penalized by less than six months in jail); United
States v. Qualls, 373 F. Supp. 2d 873, 877 (E.D. Wis. 2005).
13
14
for a small departure from this range of four months in recognition of cooperation the government
has deemed substantial enough to merit the filing of a 5K1.1 motion. The government, on the
other hand, asserts that the guidelines understate the seriousness of Islams offenses to such a degree
that the Court should take the extraordinary step of giving a mid-range guidelines sentence in a case
involving a 5K1.1 motion.
guidelines range would be in a series of alternative scenarios, such as if Islam had been prosecuted
serially in Arizona and the District rather than together, or if he had been sentenced to sixty days or
more in New York, or if the time he has spent in prison were not to be credited to this case.
But even granting the government the benefit of all of the alternative scenarios it proposes,
its recommended sentence is still too high as measured by the average sentence reductions in cases
involving a 5K1.1 motion. The maximum range discussed by the government would have
occurred had Islam (i) been sentenced to more than 60 days in New York, resulting in a criminal
history category of II; (ii) sentenced in this case, with a guidelines range of 30-37 months based on
a level 18 and criminal history category of II; and then (iii) sentenced in Arizona, with a guidelines
range of 37-46 months, based on a level 19 and a criminal history category of III. Under this
scenario, Islams combined sentencing range for the instant offenses, if sentenced consecutively,
would be 67-83 months. Applying the average sentencing reduction in 5K1.1 cases of 52.6 % to
the bottom range of this figure results in a sentence of 32 months. Since under this scenario, Islam
would have 60 fewer days of credit in this case than he actually received, his total effective sentence
would be 34 months in this casealmost exactly time-served, and less than time-served after
factoring in Islams credits for good time. Accordingly, even under the governments argument,
time served is an appropriate sentence once Islams substantial cooperation is taken into account.
15
Of course, the sentence also included 36 months of supervised release, which subjects Islam to
the possibility of further incarceration should a violation of his conditions be proven by a mere
preponderance of the evidence.
16
(LAP) (S.D.N.Y. 2014), the defendant was a key leader of the Lulz Security hacking groupthe
same group whose farewell message was copied by Islams group on their Secret Files website.
Ex. 3. Like Islam, Monsegur initially violated his release conditions and was remanded back into
custody. Ex. 6 at 7. He was released seven months later to continue cooperating, and eventually
earned a 5K1.1 motion from the government. In the motion, the government recommended that
Monsegur be sentenced to time served, which reflected a departure of 252 monthsalmost twice
Islams departure, and approximately 97% off his guidelines range of 259-317 months. Notably,
this range was itself lowered by the transfer and simultaneous resolution of four other cases against
Monsegur from other district courts, the very practice the government cited as an aggravating factor
in its memorandum here.
In light of Monsegurs equally extraordinarily light and charitable sentence, Govt Mem.
at 21, which was obtained at the governments request, the governments assertion that [s]uch a
dramatic departure was never contemplated by the government when negotiating the plea
agreement in this case, id., rings hollow. Indeed, unlike Monsegur, an older hacker with deeper
connections to the hacking world and many opportunities to earn a successful legal living, Islam
was a teenager struggling alone in his room with several mental health conditions when he
committed the carding offenses in the New York prosecution. Nothing in the guidelines range
agreed upon by the parties and probation understates the seriousness of his offenses, and there is no
reason that the 5K1.1 motion he earned should be rendered a nullity by the mid-range guidelines
sentence requested by the government.
E. The Need to Afford Adequate Deterrence and to Protect the Public
The government asserts without citation that [s]watting and doxing are both increasingly
common offenses, that must be severely punished to put [w]ould be offenderson notice that
[they] will be treated with the severity they deserve. Govt Mem. at 23. Happily, the opposite
17
is actually true. Since Islams arrest, the Federal Communications Commission (FCC) issued two
rulings allowing telecommunication companies to refuse to relay 911 communications by
unregistered users, which was the way the vast majority of swatting perpetrators hid their identities.
See Ex. 4 (Order of Acting Chief, Consumer and Governmental Affairs Bureau, Federal
Communications Commission (June 10, 2015), CG Docket Nos. 12-38, 03-123). According to
testimony submitted to the FCC by Sprint, as a result of this simple policy change, swatting calls
made using IP Relay service were completely eliminated. Id. (emphasis added) (citing Sprint
Corporation, Request for Extension of Interim Waiver, CG Docket Nos. 12-38, 03-123 (filed Apr.
30, 2015) (Sprint Waiver Extension Request)). Sprint, the company that was used by Islam and his
co-conspirators in this case, described this policy change as the absolute solution to the swatting
problem. Id. (quoting Sprint Waiver Extension Request).
Moreover, even if the swatting problem were not substantially resolved, there is no reason
to believe that requiring Islam to serve 41 months rather than time served (i.e., effectively 37
months) would deter any would-be criminal contemplating doxing or swatting. While many believe
that lengthier sentences have a greater deterrent effect, the empirical research shows this to be
untrue. Three National Academy of Science panels . . . reached that conclusion, as has every major
survey of the evidence. Michael Tonry, Purposes and Functions of Sentencing, 34 CRIME AND
JUSTICE: A REVIEW OF RESEARCH 28-29 (2006). That is because most potential criminals are not
generally aware of penalties for their prospective crimes, do not believe they will be apprehended
and convicted, and simply do not consider sentencing consequences in the manner one might expect
of rational decision makers. Id. Indeed, in one of the best studies of specific deterrence, which
involved federal white collar defendants in the pre-Guidelines era, no difference in deterrence was
found even between probation and imprisonment. See David Weisburd et. al., Specific Deterrence
18
disparities. The government asserts in a footnote that it is unaware of any individuals sentenced
for conduct similar to Islams, particularly given the unusual sentence he received for that
conviction. Govt Mem. at 24 n.1. But in two recent cases involving multiple incidents of
swatting, the defendants received far less time that Islam has already served. See United States v.
Tollis, No. 15-cr-00110 (D. Conn. 2015) (1 year and 1 day in prison for numerous swatting incidents
in 2014 affecting schools and universities); James Eli Shiffer, Canadian teen sentenced after
swatting, doxxing across North America, STAR TRIBUNE (July 25, 2015), available at
http://www.startribune.com/canadian-teen-sentenced-after-swatting-doxxing-across-northamerica/318537651/ (last accessed July 8, 2016) (15 months in prison for multiple incidents of
doxing, swatting, and cyberstalking). And in a third case, a federal defendant received a 41-month
sentencethe amount sought by the government herewithout the benefit of a 5K1.1 motion and
19
the concomitant risks to a defendants safety. See United States v. Morgenstern, No. 15-cr-00217
(D. Minn. 2015).9
Similarly, most of the hackers received less time than Islam is requesting in the Lulz
Security case discussed above, including: Cody Kretsinger (1 year imprisonment, 1 year home
detention); Raynaldo Rivera (1 year and 1 day imprisonment, 13 months home detention); Matthew
Flannery (15 months home detention); and the ringleader and chief cooperator, Hector Xavier
Monsegur (7 months). See United States v. Monsegur, 11-cr-666 (LAP) (S.D.N.Y. 2014). Nor was
Islams sentence in the New York case unusual, since several defendants received sentences of
time served or probation in the case (including Christian Cangeopol (3 years probation); Sean
Harper (time served); Joshua Hicks (2 years probation); Michael Hogue (5 years probation); and
Peter Ketchum (2 years probation)), and pretrial services had recommended time served in the PSR.
G. The Kinds of Sentences Available
Finally, 3553(a) requires the Court to creatively consider the kinds of sentences
available. The consideration includes choices such as prison versus a halfway house or probation,
as well as where educational or vocational training, medical care, or other correctional treatment
can be provided in the most effective manner. 3553(a)(2)(D). See also United States v. Martin,
363 F.3d 25, 49-50 & n.39 (1st Cir. 2004); United States v. Derbes, 369 F.3d 579, 581-83 (1st Cir.
2004); United States v. Gee, 226 F.3d 885, 902 (7th Cir. 2000); United States v. Ryder, 414 F.3d
908, 920 (8th Cir. 2005). As noted in the PSR, Islam could benefit from vocational or educational
training and mental health treatment, and could best access those services while on supervised
release. In addition, community service is an underutilized tool that serves the public interest while
In one other federal case where the defendants received more time (60 months), the facts were
especially egregious: the defendants committed over 250 swattings resulting in at least two
injuries and losses of between $120,000 and $250,000. See United States v. Rosoff, No. 3:07-cr00196 (N.D. Tex. 2008). And even in that case, one defendant received a 30-month sentence.
20
21
III. Conclusion
For the foregoing reasons, Defendant Mir Islam prays that the Court will sentence him to
time served followed by 36 months of supervised release, with the condition that he complete
vocational training and continue receiving mental health treatment.
Respectfully submitted,
July 8, 2016
..
Certificate of Service
I, Matthew J. Peed, hereby certify that on July 8, 2016, I caused a true and correct copy of
Defendants Memorandum in Aid of Sentencing and accompanying exhibits to be served upon the
attorney for the United States, Assistant United States Attorney Corbin Weiss, via electronic mail
to: corbin.weiss@usdoj.gov.
/s/ Matthew J. Peed
22
EXHIBIT 1
POLITICS
ENTERTAINMENT
WORLD
U.S. NEWS
TECH + HEALTH
BEASTSTYLE
VIDEO
ECRIMES
CHRISTINE
PELISEK
03.13.13 4:45 AM ET
Hillary, Beyonc, Ashton: they all got doxxed this week. Christine Pelisek on the
cyber pranksters who post stars private info for all to seeand why thats o en
perfectly legal.
MichelleObamassupposedsocialsecuritynumberwasposted.SowasBeyoncs
purportedaddress.AndAshtonKutchersphonenumber,too.Thelistgoeson:JoeBiden,
DonaldTrump,HillaryRodham,BritneySpears,MelGibson,andAttorneyGeneralEric
Holderwerealltargetedintheinformationdump.
Inwhatmusthavebeenaparticularlygallingnoteforlawenforcementofficials,the
cyberattackalsosussedouttheallegedcreditreportofLAPDchiefCharlieBeck.Allof
thesedetailsandmorewerepostedtothemysteriouswebsiteTheSecretFiles,whichasof
Wednesdayafternoonwasbackonlineaftergoingdarkthedaybefore.
Butthiswasntahackattack,policeandcybersecurityexpertssay.Itwasaclassiccaseof
doxxing,theactofobtainingandpostingprivateinformationaboutapersonby
scouringtheInternet.Anditssurprisinglyeasytodo.Inmanycases,itsnotevenillegal.
Youcanpostitaslongasthereisnothingnefariousaboutit,saysLAPDcybercrimes
detectiveAndrewKleinick.Theyarepublicfiguresandthatkindofthinghappens.Its
notright,[but]Iknowofnocrime.
Theexception,saysKleinick,occurswheninformationobtainedthroughdoxxingisused
tothreatensomeone,stealsomeonesidentity,orinfiltrateprivateemails.Thatwasthe
casewith36yearoldChristopherChaney,whothreemonthsagowassentencedto10
yearsinprisonafterhackingintotheemailaccountsofactressesScarlettJohanssonand
MilaKunis.
SAMANTHA ALLEN
AMY ZIMMERMAN
Borihanhsaysthedepartmentis
partneringwiththeFBItofindoutmore
informationanddeterminewhether
criminalchargesapply.Theyarelooking
atthesourcingofit,Borihanhsays,and
ifitwasobtainedthroughillegalmeans.
Otherwise,itisinformationthatwasput
POLITICS
ENTERTAINMENT
outtherebefore.
WORLD
U.S. NEWS
TECH + HEALTH
BEASTSTYLE
VIDEO
ThisisntthefirsttimetheLAPDhasbeendoxxed.In2011,agroupaffiliatedwiththe
onlinehackersAnonymousclaimedresponsibilityforpostingpersonalinformationof
morethan40officers,includingtheirhomeaddresses,campaigncontributions,property
records,andnamesoffamilymembersaftertheyclaimedtheLAPDoppressedthemby
shuttingdowntheOccupyL.A.Movement.
Butitdoesnttakeamasterhackertopulloffsuchafeat.Expertssaythatdoxxinghas
becomealmostcommonplacewhenitcomestomajorcelebrities.Afterall,findinga
personsaddressorphonenumberiseasytodobysearchingtheweborpayingsmallfees
toonlinesearchproviders.Foranextrafee,plentyofsearchengineswillalsohandout
phonenumbersandaddressesofnextdoorneighborsaswellassomecriminal
backgroundinformation.
CreditreportsandsocialsecuritynumbersarealsoobtainableontheWeb,thoughthey
arehardertotrackdownandthisiswherethecaseofTheSecretFilesmayhaveveered
intocriminalhackingterritory.OnTuesday,thenationsthreebiggestcreditreport
agenciessaidthattheperpetratorhadinputconsiderableamountsofinformation,
includingsocialsecuritynumbers,toimpersonatethefamousvictimsandcomeaway
withtheircreditreports,whichwouldbeillegal.DuetotheconnectiontoObamaand
Clinton,theSecretServiceisreportedlylookingintothemess.
Chaneyimpersonatedhisvictims,too,scouringcelebritymagazinesandwebsitesfor
cluestostarsemailpasswords.Afterclearingcommonsecurityhurdlesmothers
maidenname,favoritepetsnamehewasabletoinfiltratetheGoogle,Apple,andYahoo
emailaccountsofJohanssonandKunis,leakingseveralnudephotos.Infact,duringa
fourmonthperiod,hecrackedthepasswordsofcloseto50celebritiesaccounts.
Hepledguiltytoninefelony
ADVERTISING
countsincludingidentity
theft,wiretapping,and
unauthorizedaccessand
damagetoaprotected
Replay
computer.
"Thereisnosuchthingas
completecybersecurity,"says
inReadinventedbyTeads
JohnVillasenor,aUCLA
professorandnonresidentseniorfellowattheBrookingsInstitution."Asthenumberof
likelytoseemoreofthesesortsofdatacompromisesinthecomingyears."
TheSecretFilesboretheInternetsuffix.su,originallyassignedtotheSovietUnion.The
frontpageofthesitefeaturedacreepypictureofazombielikegirlwholookslikesheis
askingviewerstobequiet.MusicfromtheShowtimeseriesDexterplaysinthe
backgroundnearthegirlspictureiswritten:IfyoubelievethatGodmakesmiracles,
youhavetowonderifSatanhasafewuphissleeve.
POLITICS
ENTERTAINMENT
WORLD
U.S. NEWS
TECH + HEALTH
BEASTSTYLE
Beforeitwentoffline,thewebsitehadmorethan147,000visitors.
VIDEO
Kleinick,thecybercrimesexpert,saysthelinebetweenlegaldoxxingandcriminalactivity
isfairlyclear.Youcannotuseittomakefinancialgains,hesaid.Youcantsay,Iam
TomCruisesendmemoneyforthisorthat.Youcantimpersonatesomeone.Icanpost
TomCruisesbirthdatebecauseitispublicinformation.Iftheinformationwastaken
illegallyorifitwasstolen,thenitwouldbesomethingwewouldhandle.
Kleinickhimselfsayshebecameavictimofcyberintrusionafterapersonhewas
investigatingpostedsomeofhisprivateinformationontheWeb.Still,hesaysthatwhile
plentyofpeoplehaveincurredthewrathofthesepeskycyberseekers,itistechnicallynot
areportablecrime.
Ifitisjustpostingpersonalinformationwedonttakeareport,becauseitisnotillegal.
Sorry,Ashton.
PROMOTED STORIES
JawDropping Fortunes
Of America's Richest
Pastors
THE SOVEREIGN
INVESTOR
UBERHAVOC
VIRALMOZO
15 Bewitched Secrets
Kept Hidden From Fans
GUNDRY MD
TREND CHASER
SHAREDABLE
HEALTH CENTRAL
Recommendedby
EXHIBIT 2
25%
34%
35%
54%
50%
50%
44%
45%
49%
44%
40%
54%
50%
35%
14%
20%
15%
15%
29%
34%
29%
COSMOISHUGE 6 f 7 220 p m ,
f B, f J 26.
b, b m m , -
mm p m m, pp,
&, PP, , fx, , Mf j 15
.
16 x M, m v p .
m f m- FB
f. bf , b
f v m m f pb
f. v b .
; f m pp f m.
p, ( f p ), m p m f m f
. p, m f
vm f , Q, .v, .v,
f m f p. bp p,
j 4 f,
p p M M Bmb
mb . f b b -
q p M, p mp m 500,000
mb . m f , p
p b. f v--pf f m, pp, , PP, B
B, B.m, v.m (: m, , Xbx) m. j
p mb fm &, p, -Mb .
b , M pp, f F, v m. f b .
v m m q.
, , m . B bf m, *.
m m b , j . p. ,
f, v f. B m , m pv
.
m m b pp, f -
q mv pp m mm b
m . m m, p m mp,
p b, m , j m
.
f pp f b mm
v j m, m Pb. m
m, m b m f
vb. m, f B m f
f.
* : B m, m
m.
m qm m v m.
m pm, b p, fm
. f p b b. , v x
f. p f J b. m fm v
B f f ; f, f p f
v pp .
m v p m, p x
. m v. p f.
v j f B. p
mp, b f m xm
fq v. B vv f ,
m.
ADVERTISING
, m. , m.
. v .
m b, b f .
b pv - mp, mb,
p f m , v f q p
. bf, b f m p
bm . f m. .
p.
! , , b 2011. m
bmb m . v f ,
ff m m. ff
. .
m m m, x m
v b pb . m b f b
v j, , b m f
m .
m m , m, m. pp m.
, m m , b f m
SUBSCRIBE
p pm. v p
m p , mb
fm vm p.
, & . f pp
pp. v p, b p. j m
m & 911. ,
m. m. m ,
b f .
m , pf m ff f b.
, 2012, pf m f b b
f q. f b mbx,
b -m .
m v m. p Xbx, p
mpv. , ff m-m,
ff m. v v mp ,
m p pp P . b m
mf. q m ff--f
pm, b. v f.
Xbx m b m. m m
v mp m F , , F1988.
Bf Mf bf p , p- fm
v ( j m ) q m
f xp f f.
v p m m
fx . bm m.
fx , . , SUBSCRIBE
m? , [], v m -m, ,
p 12345, . f f
. f v p- fm,
j q f m m f ,
f , xp .
m . fx, pv
m -m , v m
p .
m fx fm
p . B - mm.
f f fx , b pv. B ,
m . b m . m
f f [ p].
f j v fm.m
mb. , j , p, b, v m
f .
m m, m b m
, f m v. ( m
v v p.) m f p
ff, b v v. . j m m.
SUBSCRIBE
m f m f f fm: ,
B.m, BB, PP, pp ff v
, pp mb, m.
- q p
. fm b f
. M m v b- m v
m p m.
M, m m v v p b f
, . f bmb , v
b.
pm mp . B
f b. b, m .
mb, q.
m m m, b. x m,
SUBSCRIBE
f f pp m b j m. f
J , p v p ,
f mb p P P. F
fm b m b pp -p ,
mv b . pp . m
jb mp pv b
.
f F.m b f m F
mpp f pp f P. ( m
.m.) m b fm
F p, , b mp
. V ,
. B.
P, f , . B v . b f
f f f
.. Pp J b f f v p
m m. MBB.m, b- m b
p fm, j m. p mm.
mb pp m
.. vm, , . pp,
pp [ f] f pv, m.
, m.
p b 4. J v 4
m, m xp. B m
mv : . m ff. f
4 f, v f m, v
.
v j 4 b v mp F
pv 4 v. (, .m
F m.)
F v , m
m m bf mp.
SUBSCRIBE
F M P x fm p
j . B : P -p
mm . v-pf P
. B b b P p
mb &, m v f :
m, & mb v p.
. ,
&. f P p, bp mm,
. p, j
mb. . .
mb f b ,
v m b , b p b b .
b mb f b
m f , f xmp, $3.80, pb v v
fv b b v.
P mb, m mp
& m v.
F & f [P] p mb V.
, m? J
M P. , f f ?
J v f . p
mb f ?
v V mb, f.
m x m f, b
P . Fm, b p
f mb m m b, b
f x m V fm &. V , x . SUBSCRIBE
v m p. m
b , v M, p mb j v f m .
P b , p m
bp f p pp m. p
p , v p . Fm,
p mb -v p p .
v q p, f
mb, v p m.
, m p m b
v, m p m, P. v
-f , f -v
p, vf -f-b m. j
m m p m , , b
m p m.
p f pb. pp
v m fx f x
v p f pp f B m v pf
. f m f p
m f
v, 2-p vf v b b p.
v b f m mpm
m m. f v pv f
b.
m, b bp
f P F m m .
b 4 p .
m m, b v 4 ff vm, .
xm pf, b m
f 2012.
SUBSCRIBE
P F, m mp m f f b
f v .
b f fm , x fm
v v, mb,
. f, b mp
pp m p b pm.
mm b p ff b m f
mp b- m.
f m fx mp.
[ fx mp] F mp
mp. Fm b f , [pp]
b.
m b mf b v fx P
. B m. j b
.
v mp fx . p , m m
. m fm fx m v ff
b. m p f m? m, m,
b, f f. j b
p.
. m mp p b
mp, f m f . m
p p f. f p f p j
f, v m f b f
m. m f m, m
p f m m q
.
m mm v pv pp
SUBSCRIBE
. F xmp, f pp q p f,
pv f . m m pp m b
b q. .
p m mpmp ,
m. M pp f f v b . B
m mp .
m f q b mp vv mp v
f , m vp f PP.
f PP v f fm f .
, f f m
b , b . fm , ,
b b p f . M f,
m PP , f b m.
m xp x .
v b . m v b
.m f fm Fm.m.
vf pb b
m fm q
v mb, v , fm
fm Fm.
PP, v v f f pm m.
fm m mp PP .
fm f. m p mb,
V mb. ,
b j . f .
p, PP.m, M PP .
p mb . p
V mb, [] p. ,
p f vf p f b
mb. j b mb m -.
x, pmp p.
SUBSCRIBE
b p m v PP p .
f PP, mp .
PP f mm, j ,
mp b p f p
b .
bq f b ,
p mb , PP p
b vf b .
m p p v pm. ff
v B P pm m
f b P . p m ff
f m f - b
p bf. m P Jv
, p x .
m m, .
bm m , .
p p bm p .
m. m b m m
m m . p v
j . m p b
, ff.
m p pp M
mp, pp f m mb
p b, F m
SUBSCRIBE
FB . , xp m f P
f pp v mpm v m
p.
M P bf [ ], m m.
m b . & p m.
j m , b . J
, b
m P? P fm v
v & bf. m m f
f, b mp f .
F xmp, f m
b m m. m b
mp fm m v M pp, m
b f . , b, , m ff.
q f p m .
m mf bf . m
m v Pb, m. Pb m m
b pf . Fm m f
m, , , m
mv f .
SUBSCRIBE
m m b f fm
mp. , mp b xp
. , m m m
v m.
p f m ,
v v--p -pp f m p
. F p , f
f f f.
m m , fm p b.
m.
. .
b fm v p b p
f , p b b b q.
m , v b pv . f
fm , q p v p.
m f , f, p p
pp p, V P f M Mb v
mp fm v m. pbm mm,
f , b p pb
v p-b p .
f m m f, PP
p. F m, m.
m f v m m .
m f . B b
. mf j p
, m f f p pb, bf
, m .
bv, .
B , v, v .
SUBSCRIBE
VIEWCOMMENTS
NEXTADVISOR
j-pp 6% b m
EXHIBIT 3
7/8/2016
Home
Auto
Gadgets
Hardware
Internet
IT
Science
Software
Blogs
Polls
SearchDailyTech
SubmitNews
Internet
LulzSec"Departs",FiresPartingShot
812,000UserAccountsLeaked
JasonMick(Blog)June26,20112:30AM
New
53comment(s)lastbyjust4U..onJul2at12:57AM
Groupsaystheywillcontinueoperations
underthename"AntiSec",butare
retiringtheirmoniker
LulzSecisgonefornow.Thegroupon
Sundaymorningat12:01a.m.announcedits
surprisedepartureviaapressrelease.But
theyaren'treallygoinganywhere,and
theydidn't"leave"theirmonikerwithouta
partingshottheypostedtheresultsoftheir
latesthackingcampaignstoThePirateBayina
modestarchive.
I.ByeByeBirdie
LulzSechasbeenatitfor50daysnow,hacking
theplanet.They'vehacked[1][2][3]Sony
Corp.(TYO:6758).They'veDDoSedtheCIA.
They'vehackedtheU.S.Senateandthe
Arizonastatepolice.
EAwasthelatestvictimofLulzSec.Inthegroup's
farewellhackitaired550,000users'informationvia
torrent.(Source:EA)
Butafteralltheirfun,theysaytheirbidding
adieutotheLulzSecmonikerfornow.On
theanniversaryofGeorgeOrwell'sbirthday,
theywrite:
Friendsaroundtheglobe,
WeareLulzSecurity,andthisisour
finalrelease,astodaymarkssomething
meaningfultous.50daysago,weset
sailwithourhumbleshiponanuneasy
andbrutalocean:theInternet.Thehate
machine,thelovemachine,themachine
poweredbymanymachines.Weareall
partofit,helpingitgrow,andhelpingit
growonus.
Thegroupalsograbbed200,000accountsfroma
popularhackerforum.
Forthepast50dayswe'vebeen
disruptingandexposingcorporations,
governments,oftenthegeneral
populationitself,andquitepossibly
everythinginbetween,justbecausewe
could.Alltoselflesslyentertainothers
vanity,fame,recognition,allofthese
thingsareshadowedbyourdesirefor
thatwhichwealllove.Theraw,
uninterrupted,chaoticthrillof
entertainmentandanarchy.It'swhat
weallcrave,eventheseeminglylifeless
politiciansandemotionless,middle
agedselftitledfailures.Youarenotfailures.Youhavenotblownaway.Youcanget
whatyouwantandyouareworthhavingit,believeinyourself.
WhileweareresponsibleforeverythingthatTheLulzBoatis,wearenottiedtothis
identitypermanently.Behindthisjollyvisageofrainbowsandtophats,weare
people.Peoplewithapreferenceformusic,apreferenceforfoodwehavevarying
http://www.dailytech.com/LulzSec+Departs+Fires+Parting+Shot++812000+User+Accounts+Leaked/article22006.htm
1/3
7/8/2016
LulzSecurityourcrewofsixwishesyouahappy2011,andashoutouttoallofourbattlefleet
membersandsupportersacrosstheglobe
ThespeechbringstomindthefamouscomedianJohhnyCarson'sfarewellwordsin1992onhis
latenightshow:
Icanonlytellyouthatithasbeenanhonorandaprivilegetocomeintoyourhomes
alltheseyearsandentertainyou.AndIhopewhenIfindsomethingthatIwantto
doandIthinkyouwouldlikeandcomebackthatyou'llbeasgraciousininvitingme
intoyourhomeasyouhavebeen.Ibidyouaveryheartfeltgoodnight.
OfcourseJohnnyCarsonwentaboutspreading"lulz"inquiteadifferentfashion.Andhehacked
farlesspeople.
II.750,000MorePeopleExposed
Thepartingshotwasno"PentagonPapers",butitdidhaveabitofsomethingforeveryone.
LeadingthewayareinternalmappingsofAT&TInc.(T)andAOLInc.'s(AOL)servers.Thegroup
alsopostedafileentitled"Officenetworksofcorporations.txt".ThehackbringstomindAdrian
Lamo'swatchdogsideInsideAOL.com,fromthe1990s.
ButwhereMr.Lamoneverexposedasignificantclassofusers,LulzSectakesjoyinengagingin
thatactivityaswell.Theirbiggestpostwasleakedinfoof550kusersofElectronicArts,Inc.'s
(ERTS)cartoonyFPSgameBattlefieldHeroes.Atpresstimewehavenotyetobtainedthefull
archive,sowe'reunabletoascertainwhatdetailswereleaked.
EAappearstoconfirmthebreach,writing:
BattlefieldHeroesisOffline
Wearecurrentlyinvestigatinganapparentsecuritybreachrelatedtoourfreetoplay
BattlefieldHeroesfranchise.Weareworkingtoidentifywhichaccountswereaffectedand
willtakeallprecautionstoensurethoseplayersarenotifiedasquicklyaspossible.We
apologizeforanyinconvenienceandhopetohavethegamebackonlineshortly.
Italsopostedaccountinformationon50k"random"gameforumusers.
Thehackersalsoturnedontheirfellownovicebrethren,publishingrecordsontheusersof
Hackforums.net(theyappeartohaveobtainedthisdataviathetriedandtruemethodofSQL
injectionsomewhatembarrassingforaselfproclaimed"hacking"site).Intotal200kaccounts
werereportedlycompromisedonthesite(that'salotofhackers!).
Theforumwrites:
Allub3randl33tmustdoapasswordresettotheiremail.Usecontactformifyoudonot
getyourpasswordemailresetordonothaveaccesstotheemailonfile.
Thenthere's12kNorthAtlanticTreatyOrganizationebookcenterusernamesandpasswords
(somebodywillhavefunreading).NATOmoreorlessalreadyconfirmedthisbreachtobe
authentic,postingonFriday:
ProbabledatabreachfromaNATOrelatedwebsite
PolicedealingwithdigitalcrimeshavenotifiedNATOofaprobabledatabreachfrom
aNATOrelatedwebsiteoperatedbyanexternalcompany.NATOseBookshopisa
separateserviceforthepublicforthereleaseofNATOinformationanddoesnot
containanyclassifieddata.Accesstothesitehasbeenblockedandsubscribershave
beennotified.
Thegroupalsopostedanimagefileentitled"navy.milowned.png",whichwe'lldebriefyouon
shortly.
Andthenthere's29emailsandpasswords[PasteBin]atP.I.LimitedofDublin.It'salways
embarrassingwhensecurityprofessionalswindupinthesereleases.
http://www.dailytech.com/LulzSec+Departs+Fires+Parting+Shot++812000+User+Accounts+Leaked/article22006.htm
2/3
7/8/2016
Roundingofftherelease,there'sapostdetailinganapparentvulnerability[PasteBin]ofanFBI
webpropertyinvolvingtheopensourcecontentmanagementsystemPlone.Andthere'sacool
2,454IPaddresses[PasteBin]thatarelistedapparentlyusing"root"or"admin"astheirpassword
forthecorrespondingadministrator/superuseraccountname.Ouch.
III.WhytheSuddenExit?
Thesuddendeparturemadeusinitiallywonderiftheawaitedpoliceaxefinallyfelluponthe
audaciouscrew.Howeverasofearlythismorning,oneofthegroup'sringleaders,"Sabu",was
stillhappilyposting.
Hewrites:
Nobodyisleaving.we'reworkingonthe#antisecmovement.
Ifyoureadthestatementyourquestionswillbeanswered.There'sonlybeenone
arrestRyan,andheisn'tpartoflulzsec.
Nooneisdisappearing.findusall@#antisec
Accordingtothegroup,they'renotceasingtheiractivitiesthey'rejustdroppingthe"lulz"and
gettingseriousabouttheircampaignof"cyberwar"againsttheworld'srulingpowers.Andthose
powersstillappearsashelplessasevertocapturebrainsbehindthegroup.
Thatsaid,there'sonemajoroutstandingquestionwhathappenedtoTopiary.Thehacker,
allegedlyacorememberofAnonymous,fellsilentlastweek.HislastTwitterpostwasdatedJune
17.Soit'spossibletherecouldbesomethingmoretothisstorythoughfornowit'sjustan
interestingobservation.
Meanwhile,another812,000+userswillwakeupSundaymorningandgroan.They'veyetagain
beenthevictimofpoorITmanagementandtheeverbolderpresenceofAnonymousandits
affiliatesLulzSecandAntiSec.
http://www.dailytech.com/LulzSec+Departs+Fires+Parting+Shot++812000+User+Accounts+Leaked/article22006.htm
3/3
EXHIBIT 4
DA 15-680
Before the
Federal Communications Commission
Washington, D.C. 20554
In the Matter of
Misuse of Internet Protocol (IP) Relay Service
Telecommunications Relay Services and Speechto-Speech Services for Individuals with Hearing
and Speech Disabilities
)
)
)
)
)
)
)
)
ORDER
Adopted: June 10, 2015
47 C.F.R. 64.601(a)(17); see also Provision of Improved TRS and Speech-to-Speech Services for Individuals with
Hearing and Speech Disabilities, CC Docket No. 98-67, Declaratory Ruling and Second Further Notice of Proposed
Rulemaking, 17 FCC Rcd 7779 (2002) (IP Relay Declaratory Ruling) (recognizing IP Relay as a form of TRS). In
an IP Relay call, the communication between the person who is deaf, hard-of-hearing, deaf-blind, or who has a
speech disability and the provider s communication assistant (CA) is conveyed in text via an Internet connection,
and communication between the CA and the hearing party is conveyed verbally over the public switched telephone
network.
2
See Misuse Of Internet Protocol (IP) Relay Service; Telecommunications Relay Services And Speech-To-Speech
Services For Individuals With Hearing And Speech Disabilities, CG Docket Nos. 12-38, 03-123, Order, 29 FCC Rcd
4807, 4808-09, 2-4 (CGB 2014) (IP Relay Swatting Order).
3
Because a CA handling IP Relay calls receives only text-based communications over the Internet and cannot see
the caller, fraudsters tend to use the anonymity of this form of relay to hide their identity, as well as the fact that they
are calling from a location outside the United States.
DA 15-680
as calling merchants and placing orders using fake, stolen, or otherwise invalid credit cards.4 Most
relevant to this Order, in 2008, among other actions, the Commission directed IP Relay providers to
register users and use a reasonable means of verifying their registration and eligibility information.5 At
the same time, the Commission also adopted a policy requiring IP Relay providers, to the extent
technically feasible, to allow new users to make and receive calls immediately upon supplying their
registration information, even if the provider had not yet completed verification of registration
information.6 However, in the 2012 IP Relay Misuse Order, in order to curb the continued abuse of IP
Relay service, the Commission terminated that policy and prohibited providers from temporarily
authorizing IP Relay users to make non-emergency calls prior to the provider verifying the users
registration information.7 Instead, the IP Relay Misuse Order required IP Relay providers to verify new
IP Relay registrants before handling non-emergency IP Relay calls made by the registrant.8 However, the
Commission continued to require IP Relay providers to handle emergency calls to 911 placed by users
who submitted registration information, pending its verification, to ensure that 911 calls placed by such
individuals could reach their destination.9
3.
In the 2014 IP Relay Swatting Order, the Bureau sua sponte granted an interim waiver of
the requirement that IP Relay providers handle 911 calls placed by users who have been registered but not
yet verified by an IP Relay provider.10 The Bureau granted this waiver after receiving information from
Sprint, an IP Relay provider, about an increase of unverified registrants using IP Relay service to hide
their identities in order to place calls to 911, in an attempt to trick Public Safety Answering Points
(PSAPs) into dispatching emergency services based on false reports of emergency situations, a practice
known as swatting.11 Sprint explained that these callers provide very little information to the PSAP and
hang up quickly, but not before the need to dispatch emergency personnel has been triggered, potentially
causing alarm and even danger for the targeted residents and emergency service personnel and wasting
the limited resources of emergency responders.12 Sprint noted that, in its experience, calls to 911 from
unregistered users are not legitimate and urged the Commission to permit IP Relay providers to block
such calls.13 Based on this information, the Bureau concluded there was good cause to waive for one year
4
See, e.g., Telecommunications Relay Services and Speech-to-Speech Services for Individuals with Hearing and
Speech Disabilities; E911 Requirements for IP-Enabled Service Providers, CG Docket No. 03-123, WC Docket No.
05-196, Report and Order and Further Notice of Proposed Rulemaking, 23 FCC Rcd 11591 (2008) (iTRS Numbering
Order I); Telecommunications Relay Services and Speech-to-Speech Services for Individuals with Hearing and
Speech Disabilities; E911 Requirements for IP-Enabled Service Providers, CG Docket Nos. 03-123, 98-57, WC
Docket No. 05-196, Second Report and Order and Order on Reconsideration, 24 FCC Rcd 791 (2008) (iTRS
Numbering Order II); Misuse of Internet Protocol (IP) Relay Service; Telecommunications Relay Services for
Individuals with Hearing and Speech Disabilities, CG Docket Nos. 12-38, 03-123, First Report and Order, 27 FCC
Rcd 7866 (2012) (IP Relay Misuse Order).
5
Id. at 803, 25. The Commission adopted this policy in response to comments by a coalition of consumer groups
concerned that eligible IP Relay users would be cut off from service during the transition to a new ten-digit
numbering system for IP Relay service and the new registration system. See IP Relay Swatting Order, 29 FCC Rcd
at 4808, 3 (citing iTRS Numbering Order II, 24 FCC Rcd at 803, 25).
7
10
11
Id. at 4809, 5. This mischief has been referred to as swatting because these calls at times have required the
dispatch of police special weapons and tactical teams (SWAT teams). Id.
12
Id.
13
Id. at 4809-10, 5.
DA 15-680
the requirement that IP Relay providers allow newly registered users to place emergency 911 calls
immediately, before completing the verification of such individuals.14
4.
The waiver granted in the IP Relay Swatting Order expired on April 29, 2015.15 On April
30, 2015, Sprint filed a request that the waiver be extended until the Commission addresses this matter
on a permanent basis.16
5.
Discussion. Generally, the Commissions rules may be waived for good cause shown.17
The Bureau determines that the public interest will be served and good cause exists to extend the waiver
until such time as the Commission resolves whether to adopt a permanent prohibition against the handling
of 911 calls initiated by individuals who have been registered but not verified by an IP Relay provider.
Specifically, we find that it is very likely that the use of IP Relay service to engage in swatting would
resume if the waiver is not extended. Sprint informs the Commission that, during the time the waiver was
in effect and Sprint was not handling 911 calls by unverified registrants, swatting calls made using IP
Relay service were completely eliminated.18 As a result, the waiver also eliminated the threats to safety
of life and property and waste of law enforcement resources caused by such calls.19 For these reasons,
Sprint believes that the waiver has proven to be the correct decision and the absolute solution to the
swatting problem, and that the public is clearly safer today with the waiver in effect.20 Additionally,
Sprint maintains that, based on its experience, it cannot imagine any circumstance in which [an
unverified] user of IP Relay services, in a true emergency situation, would suddenly adopt a new way of
calling 911.21 Sprint concludes that a failure to extend the waiver will result in a rash of new swatting
calls and urges the Commission to extend the current waiver until the Commission has an opportunity
to address this matter on a permanent basis.22
6.
Given the danger to the public and first responders posed by spoofed 911 calls via IP
Relay service, the evident efficacy of the waiver in eliminating such calls, and the likelihood that such
calls would resume absent a waiver extension, we find that the public interest will be served and good
cause exists to extend the waiver granted in the IP Relay Swatting Order. Additionally, for the reasons
14
15
Id. at 4807, 1 (stating that the waiver granted in the Order will remain in effect for one year).
16
Sprint Corporation, Request for Extension of Interim Waiver, CG Docket Nos. 12-38, 03-123 (filed Apr. 30,
2015) (Sprint Waiver Extension Request). Although Sprint was remiss in filing its Waiver Extension Request after
the original waiver had expired, the Bureau finds that the strong public interest need to prevent swatting weighs in
favor of applying the effective date of the waiver extension retroactively to the expiration date of the original
waiver. Nevertheless, the Bureau cautions Sprint that the late filing of a waiver request, which deprives the Bureau
and the Commission of a reasonable amount of time to consider and act on the extension request prior to the
expiration of the waiver, disregards the Commissions processes and can undermine the public interest.
17
47 C.F.R 1.3. See, e.g., Local Number Portability Porting Interval and Validation Requirements; Telephone
Number Portability; Embarq Petition for Waiver of Deadline, WC Docket No. 07-244, CC Docket No. 95-116,
Order, 23 FCC Rcd 2425, 2427, 5-7 (2008); see also Northeast Cellular Tel. Co. v. FCC, 897 F.2d 1164 (D.C.
Cir. 1990).
18
19
Id. (stating that the waiver has reduced threats to safety of life and property and that rather than focusing
energy and resources investigating swatting incidents, these resources are being properly allocated to protect and
serve the public); see also IP Relay Swatting Order, 29 FCC Rcd at 4809, 5 (noting that swatting calls have the
potential to cause alarm and even danger for the targeted residents and emergency service personnel, in addition to
wasting the limited resources of emergency responders).
20
21
Id. at 2.
22
Id. at 4.
DA 15-680
identified in the IP Relay Swatting Order and supported by Sprint in its waiver extension request, we find
that the facts before the Commission continue to indicate that it is unlikely that a user who has not been
verified, and for whom IP Relay is therefore not the users customary way of making telephone calls, will
seek to use IP Relay service for legitimate calls to 911.23 Accordingly, the waiver extension will apply
retroactively to April 29, 2015, and will remain in effect until such time as the Commission resolves
whether to adopt a permanent prohibition against the handling of 911 calls from callers whose registration
information has not yet been verified. The Bureau takes this action because of the potential and
immediate dangers associated with allowing the guest user policy for 911 calls to come back into effect
while the Commission proceeds with a rulemaking proceeding on this and other issues addressing the
provision of IP Relay service. We emphasize, however, that notwithstanding the extension of this waiver
with respect to placement of calls by unverified users, a provider must continue to ensure that registered,
verified IP Relay users can place 911 calls through IP Relay service in accordance with the TRS rules.24
7.
Accordingly, IT IS ORDERED, pursuant to the authority contained in sections 1, 4(i),
4(j), 5, and 225 of the Communications Act of 1934, as amended, 47 U.S.C. 151, 154(i), 154(j), 155,
225, and sections 0.141, 0.361, and 1.3 of the Commissions rules, 47 C.F.R. 0.141, 0.361, 1.3, that the
waiver of the requirement that IP Relay providers must handle 911 calls initiated by registered users
pending their verification IS EXTENDED as provided herein.
8.
IT IS FURTHER ORDERED that the extended waiver of the requirement that IP Relay
providers handle 911 calls initiated by registered users pending their verification SHALL BE
EFFECTIVE as of April 29, 2015, and SHALL REMAIN IN EFFECT until the effective date of a
Commission order addressing whether to adopt a permanent prohibition against the handling of 911 calls
initiated by unverified users.
9.
To request materials in accessible formats (such as Braille, large print, electronic files, or
audio format), send an e-mail to fcc504@fcc.gov or call the Consumer and Governmental Affairs Bureau
at (202) 418-0530 (voice) or (202) 418-0432 (TTY). This Order may be downloaded from
<http://www.fcc.gov/encyclopedia/telecommunications-relay-services-trs>.
FEDERAL COMMUNICATIONS COMMISSION
Alison Kutler
Acting Chief
Consumer and Governmental Affairs Bureau
23
See IP Relay Swatting Order, 29 FCC Rcd at 4810, 6 (noting that a survey conducted by the Commissions
former Emergency Access Advisory Committee (EAAC) in 2011 revealed that the overwhelming majority of relay
consumers, including consumers of IP Relay [service], typically utilize the communication technologies that they
routinely use when placing emergency calls and that it is far less likely that a newly registered IP Relay user who
has not yet been verified will use this service to place a legitimate 911 call during the guest period in an emergency,
when they need to think fast to obtain swift 911 assistance).
24
EXHIBIT 5
7/8/2016
PRESS RELEASES
Share
HomeNewsPress Releases
Nov182015
1/4
7/8/2016
2/4
EXHIBIT 6
Case
Case1:15-cr-00067-RDM
1:11-cr-00666-LAP Document 31
30 Filed 07/08/16
05/23/14 Page 57
1 ofof20
82
Defendant.
:
------------------------------------x
PREET BHARARA
United States Attorney for the
Southern District of New York
Attorney for the United States
of America
JAMES J. PASTORE, JR.
Assistant United States Attorney
- Of Counsel
Case
Case1:15-cr-00067-RDM
1:11-cr-00666-LAP Document 31
30 Filed 07/08/16
05/23/14 Page 58
2 ofof20
82
Defendant.
:
------------------------------------x
Preliminary Statement
The Government respectfully submits this memorandum in connection with the
sentencing of defendant Hector Xavier Monsegur, a/k/a Sabu (the defendant or
Monsegur), which is currently scheduled for May 27, 2014 at 11:00 a.m. In its Presentence
Report (PSR), the United States Probation Office (Probation) correctly calculates that the
defendants United States Sentencing Guidelines (U.S.S.G. or Guidelines) range is 259 to
317 months imprisonment. Probation recommends a sentence of time served. As set forth in
more detail below, Monsegur was an extremely valuable and productive cooperator. Assuming
that the defendant continues to comply with the terms of his cooperation agreement, and
commits no additional crimes before sentencing, the Government intends to move at sentencing,
pursuant to Section 5K1.1 of the United States Sentencing Guidelines (Guidelines or
U.S.S.G.) and Section 3553(e) of Title 18, United States Code, that the Court sentence the
defendant in light of the factors set forth in Section 5K1.1(a)(1)-(5) of the Guidelines, and
without regard to the otherwise applicable mandatory minimum sentence in this case.
Case
Case1:15-cr-00067-RDM
1:11-cr-00666-LAP Document 31
30 Filed 07/08/16
05/23/14 Page 59
3 ofof20
82
Statement of Facts
I.
of computer systems around the world, hacking, disabling and at times exfiltrating data from
those systems. Victims included news media outlets, government agencies and contractors, and
private entities. In approximately May 2011, Monsegur and five other members of Anonymous
formed Lulz Security, an elite hacking collective or crew commonly referred to as LulzSec.1
Monsegur and the other core members of LulzSec typically worked as a team and had
complementary, specialized skills that enabled them to gain unauthorized access to computer
systems, damage and exploit those systems, and publicize their hacking activities. This core
group, among whom only Monsegur was identified prior to the time Monsegur began
cooperating in the investigation, included:
Monsegur, a/k/a Sabu, who served primarily as a rooter, analyzing
code for vulnerabilities which could then be exploited;
Kayla, who specialized, among other things, in social engineering
that is, manipulating others into divulging personal information such as login credentials;
T-Flow, who served as an organizer, analyzing information provided by
members of the group in order to direct other members what to do next;
Topiary, who served from time to time as the public face of
Anonymous and LulzSec, giving interviews to media outlets and writing public communications
on LulzSecs behalf;
Case
Case1:15-cr-00067-RDM
1:11-cr-00666-LAP Document 31
30 Filed 07/08/16
05/23/14 Page 60
4 ofof20
82
Case
Case1:15-cr-00067-RDM
1:11-cr-00666-LAP Document 31
30 Filed 07/08/16
05/23/14 Page 61
5 ofof20
82
Following his arrest, Monsegur provided information that helped repair and remediate
this hack.
2
Monsegur provided the FBI with information about the vulnerability, which allowed it to
be repaired or patched.
3
Case
Case1:15-cr-00067-RDM
1:11-cr-00666-LAP Document 31
30 Filed 07/08/16
05/23/14 Page 62
6 ofof20
82
In addition to Monsegurs direct participation in the criminal hacking activity set forth
above, Monsegur had contemporaneous knowledge of other major criminal hacking activity by
his co-conspirators, including hacks into the computer servers of the Irish political party Fine
Gael; a U.S. online media outlet,
Playstation Network.
In addition to the six core members identified above, several individuals were loosely
affiliated with Monsegur and LulzSec, including, significantly, Donncha OCearrbhail, a/k/a
palladium, and Jeremy Hammond, a/k/a Anarchaos. Hammond, the FBIs number one
cybercriminal target at the time of his arrest in 2012, was a prolific and technically skilled hacker
who launched cyber attacks against scores of governmental institutions, law enforcement
organizations, and businesses during a nearly year-long rampage in which he broke into these
victims computer systems, stole data, defaced websites, destroyed files and published online the
sensitive personal and financial information of thousands of individuals all with the object of
creating, in Hammonds words, maximum mayhem.
The hacks identified above constitute only a portion of the significant criminal computer
intrusions committed by Internet Feds, LulzSec, and their members, including Monsegur. As the
examples make clear, Monsegur and his co-conspirators indiscriminately targeted government
agencies, private companies, and news media outlets. In many instances, the harms inflicted on
these entities were significant, ranging from defacements of their websites to the exfiltration of
personal identification information of customers or employees of the entities; the costs associated
with repairing these attacks ran into the tens of millions of dollars. Monsegur was a key
participant in these Anonymous hacking crews, providing his technical expertise to aid in many
of the hacking operations.
Case
Case1:15-cr-00067-RDM
1:11-cr-00666-LAP Document 31
30 Filed 07/08/16
05/23/14 Page 63
7 ofof20
82
II.
The Complaint, Monsegurs Guilty Plea and Subsequent Remand, and the
Guidelines Calculation
On or about June 7, 2011, the FBI approached Monsegur in his home and questioned him
about his online activities. Monsegur admitted his criminal conduct and immediately agreed to
cooperate with law enforcement. That night, Monsegur reviewed his computer files with FBI
agents and provided actionable information to law enforcement. The next morning, Monsegur
appeared in court on a criminal complaint charging him with credit card fraud and identity theft,
and was released on bail, whereupon he immediately continued his cooperation with the
Government, as described further below. On or about August 15, 2011, Monsegur appeared
before Your Honor and entered a guilty plea pursuant to a cooperation agreement with the
Government. Pursuant to the terms of that agreement, Monsegur pled guilty to a 12-count
Superseding Information, S1 11 Cr. 666, charging him with nine counts related to computer
hacking; one count related to credit card fraud; one count of conspiring to commit bank fraud;
and one count of aggravated identity theft. In addition to resolving the charges brought against
him in the Southern District of New York, Monsegurs guilty plea also resolved four cases filed
against him in other districts (including the Eastern and Central Districts of California, the
Northern District of Georgia, and the Eastern District of Virginia) which were transferred to the
Court under docket numbers 11 Cr. 693-696, respectively.
On or about May 24, 2012, the Government moved to revoke Monsegurs bail because he
made unauthorized online postings. Monsegur was arrested and remanded to custody the
following day. He was released on a revised bail package on or about December 18, 2012, and
has remained at liberty since that date. Accordingly, Monsegur has served approximately 7
months in prison in connection with this case.
Case
Case1:15-cr-00067-RDM
1:11-cr-00666-LAP Document 31
30 Filed 07/08/16
05/23/14 Page 64
8 ofof20
82
In the PSR, Probation correctly calculates that the defendants base offense level is 7
pursuant to U.S.S.G. 2B1.1(a)(1) and correctly applies a 22-level enhancement in light of a loss
amount between $20 million and $50 million4; a 6-level enhancement given that the offense
involved more than 250 victims; a 2-level enhancement for sophisticated means; and a 4-level
enhancement given that the defendant was convicted of violating Title 18, United States Code,
Section 1030(a)(5)(A). The defendant receives a three-level reduction for his acceptance of
responsibility, resulting in a total adjusted offense level of 38. (PSR 43-59.) The defendant
has zero criminal history points, and is therefore in Criminal History Category I. (PSR 6066.)
Based on an offense level of 38 and a Criminal History Category of I, the defendants
advisory Guidelines Range is 235 to 293 months imprisonment. (PSR 96.) In addition, absent
the Court granting the Governments motion pursuant to Title 18, United States Code, Section
3553(e), the defendant would face a mandatory consecutive term of two years imprisonment,
resulting in a total advisory Guidelines range of 259 to 317 months imprisonment.
III.
Monsegurs Cooperation
Monsegur acknowledged his criminal conduct from the time he was first approached by
agents, before he was charged in this case. Monsegur admitted both to prior criminal conduct
about which the Government had not developed evidence, as well as his role in both Internet
Feds and LulzSec. Monsegur subsequently and timely provided crucial, detailed information
regarding computer intrusions committed by these groups, including how the attacks occurred,
4
This loss figure includes damages caused not only by hacks in which Monsegur
personally and directly participated, but also damages from hacks perpetrated by Monsegurs coconspirators in which he did not directly participate. Monsegurs actions personally and directly
caused between $1,000,000 and $2,500,000 in damages. Had Monsegur not candidly
acknowledged his affiliation with the groups that committed the other hacks, his advisory
Guidelines range likely would have been substantially lower.
7
Case
Case1:15-cr-00067-RDM
1:11-cr-00666-LAP Document 31
30 Filed 07/08/16
05/23/14 Page 65
9 ofof20
82
which members were involved, and how the computer systems were exploited once breached.
As set forth below, Monsegurs consistent and corroborated historical information, coupled with
his substantial proactive cooperation and other evidence developed in the case, contributed
directly to the identification, prosecution and conviction of eight of his major co-conspirators,
including Hammond, who at the time of his arrest was the FBIs number one cybercriminal
target in the world. On top of that, Monsegur engaged in additional, substantial proactive
cooperation that enabled the FBI to prevent a substantial number of planned cyber attacks, as set
forth below.
A.
To begin with, Monsegur immediately admitted his role in Internet Feds and LulzSec,
including his role in the major cyber intrusions set forth in the first section of this memorandum.
In addition, Monsegur admitted to playing a role in cyber attacks and intrusions with these
groups that the Government had not previously known that he played. For example, Monsegur
admitted to participating in DDoS (Distributed Denial of Service)5 attacks against the computer
systems of PayPal, MasterCard, and Visa, among other targets. Monsegur also admitted to
hacking certain government websites and taking government servers offline, to providing
security research (that is, publicizing vulnerabilities in computer systems that others could
exploit), and to using his celebrity hacker name Sabu in the hopes that it would inspire
others to join certain criminal activities of these groups.
In addition to his admission to these crimes, Monsegur admitted to engaging in hacking
activities about which the Government had not previously developed evidence. According to
Monsegur, between 1999, when he first began hacking computers, and late 2003/early 2004,
DDoS attacks involve the use of several computers to bombard a victims computer
system with connection requests, thereby overwhelming the victims system, often resulting in
the temporary shutdown of the victims website.
5
Case
Case 1:15-cr-00067-RDM
1:11-cr-00666-LAP Document
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 10
66 of
of 20
82
Monsegur hacked into thousands of computers. For the next approximately two years, Monsegur
identified vulnerabilities in perhaps 200 computer systems in an effort to grow a legitimate
computer security firm. Then, starting around 2006, Monsegur hacked into computer systems
for personal financial gain, or as part of hacker groups that broke into systems for a variety of
reasons, including so-called hacktivism. Monsegur admitted that, before joining Anonymous
hacking crews, he hacked into a variety of websites and computer systems including the websites
of several businesses. Through these hacks, Monsegur was able to steal credit card information,
and then sold the credit card numbers, gave them away to family members and friends, and used
them to pay his own bills. On at least one occasion, Monsegur was hired to hack into a
businesss computer system. He also successfully hacked into a businesss website and had
merchandise delivered to him free of charge.
Finally, Monsegur acknowledged a variety of other criminal conduct including sales and
attempted sales of small quantities of marijuana; personal marijuana use; illegally possessing an
unlicensed firearm; and purchasing stolen goods including electronics and jewelry.
B.
Monsegurs primary substantial assistance came in the form of his cooperation against
significant cybercriminals affiliated with Anonymous, Internet Feds, and LulzSec. He provided
detailed historical information about the activities of Anonymous, contributing greatly to law
enforcements understanding of how Anonymous operates. Monsegur also provided crucial and
detailed information about the formation, organization, hierarchy and membership of these
hacking groups, as well as specific information about their planning and execution of many
major cyber attacks, including the specific roles of his co-conspirators in committing those
crimes. He also provided historical information that helped resolve open investigations into
9
Case
Case 1:15-cr-00067-RDM
1:11-cr-00666-LAP Document
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 11
67 of
of 20
82
several computer intrusions committed by members of Internet Feds and LulzSec, including the
hacks identified above.
In addition to this crucial historical information, Monsegur proactively cooperated with
ongoing Government investigations. Working sometimes literally around the clock, at the
direction of law enforcement, Monsegur engaged his co-conspirators in online chats that were
critical to confirming their identities and whereabouts. During some of the online chats, at the
direction of law enforcement, Monsegur convinced LulzSec members to provide him digital
evidence of the hacking activities they claimed to have previously engaged in, such as logs
regarding particular criminal hacks. When law enforcement later searched the computers of
particular LulzSec members, they discovered copies of the same electronic evidence on the
individuals computers. In this way, the online nicknames of LulzSec members were definitively
linked to their true identities, providing powerful proof of their guilt. Other times, at the
direction of law enforcement, Monsegur asked seemingly innocuous questions designed to elicit
information from his co-conspirators that, when coupled with other information obtained during
the investigation, could be used to pinpoint their exact locations and identities. Monsegurs
substantial proactive cooperation, as set forth more particularly below, contributed directly to the
identification, prosecution, and conviction of eight of his co-conspirators, including Hammond.
As disclosed in their communications, Hammond and certain other co-conspirators had
learned how to exploit a particular software application vulnerability that enabled him to hack
into many computer servers. At law enforcement direction, Monsegur attempted to learn how
these targets were able to exploit this vulnerability, but was unsuccessful. At the same time,
Monsegur was able to learn of many hacks, including hacks of foreign government computer
servers, committed by these targets and other hackers, enabling the Government to notify the
10
Case
Case 1:15-cr-00067-RDM
1:11-cr-00666-LAP Document
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 12
68 of
of 20
82
victims, wherever feasible, so the victims could engage in remediation efforts and prevent further
damage or intrusions.
Monsegurs cooperation was complex and sophisticated, and the investigations in which
he participated required close and precise coordination with law enforcement officers in several
locations. For instance, during the investigation of Hammond, Monsegur (who was then in New
York) engaged in online chats with Hammond (who was then in Chicago), while coordinating
with FBI agents in New York, physical surveillance teams deployed in Chicago, and an
electronic surveillance unit in Washington, D.C.
Monsegur also engaged in a significant undercover operation in an existing investigation
through which, acting at the direction of law enforcement, Monsegur gathered evidence that
exposed a particular subjects role in soliciting cyber attacks on a foreign government. The
evidence he enabled the Government to obtain was extremely valuable, and the Government
could not otherwise have obtained it without his assistance. Although this cooperation has not
resulted in any prosecutions to date, the Government believes his information, and the evidence
he helped to obtain in this matter, is extremely significant.
C.
Notably, during the period of his cooperation, Monsegur received communications from
hackers about vulnerabilities in computer systems, as well as computer hacks that were being
planned or carried out by them. The FBI used this information, wherever feasible, to prevent or
mitigate harm that otherwise would have occurred. The FBI estimates that it was able to disrupt
or prevent at least 300 separate computer hacks in this fashion. The victims included divisions
of the United States Government such as the United States Armed Forces (specifically,
, the United States Congress, the United States Courts (specifically,
11
Case
Case 1:15-cr-00067-RDM
1:11-cr-00666-LAP Document
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 13
69 of
of 20
82
that Monsegurs actions prevented at least millions of dollars in loss to these victims.
Monsegur also provided information about vulnerabilities in critical infrastructure,
including at a water utility for an American city, and a foreign energy company. Law
enforcement used the information Monsegur provided to secure the water utility, and the
information about the energy company was shared with appropriate government personnel. In
addition, when Anonymous claimed to have hacked the electrical grid in the United States,
Monsegur communicated with certain Anonymous members who revealed that the claims were a
hoax. This saved the Government the substantial time and resources that otherwise would have
been deployed in responding to these bogus claims.
Discussion
I.
Applicable Law
The United States Sentencing Guidelines still provide strong guidance to the Court
following United States v. Booker, 543 U.S. 220 (2005), and United States v. Crosby, 397 F.3d
103 (2d Cir. 2005). As the Supreme Court stated, a district court should begin all sentencing
proceedings by correctly calculating the applicable Guidelines range that should be the
starting point and the initial benchmark. Gall v. United States, 128 S. Ct. 586, 596 (2007).
After that calculation, however, a sentencing judge must consider seven factors outlined
in Title 18, United States Code, Section 3553(a): the nature and circumstances of the offense
and the history and characteristics of the defendant, 18 U.S.C. 3553(a)(1); the four legitimate
12
Case
Case 1:15-cr-00067-RDM
1:11-cr-00666-LAP Document
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 14
70 of
of 20
82
purposes of sentencing, see id. 3553(a)(2); the kinds of sentences available, id. 3553(a)(3);
the Guidelines range itself, see id. 3553(a)(4); any relevant policy statement by the Sentencing
Commission, see id. 3553(a)(5); the need to avoid unwarranted sentence disparities among
defendants, id. 3553(a)(6); and the need to provide restitution to any victims, id.
3553(a)(7). See Gall, 128 S. Ct. at 596 & n.6.
II.
courts are encouraged to consider in determining the appropriate sentencing reduction for a
defendant who has rendered substantial assistance, including the significance and usefulness of
the assistance; the truthfulness, completeness and reliability of the defendants information and
testimony; the nature and extent of the assistance; any injury suffered, or any danger or risk of
injury to the defendant or his family resulting from his assistance; and the timeliness of the
assistance.
As to the significance and usefulness of the defendants assistance, Monsegurs
cooperation was extraordinarily valuable and productive. Monsegur provided unprecedented
access to LulzSec a tightly knit group of hackers who targeted and successfully breached a
variety of computer systems operated by governments, businesses, and news media outlets.
Through Monsegurs historical information and substantial proactive cooperation, the FBI and
international law enforcement were able to pierce the secrecy surrounding the group, identify and
locate its core members, and successfully prosecute them. In particular, when Monsegur first
was arrested, he provided the FBI with information about the identities and whereabouts of core
LulzSec members. This information helped focus the investigations being conducted by the FBI
and international law enforcement, allowing them to develop additional evidence against
13
Case
Case 1:15-cr-00067-RDM
1:11-cr-00666-LAP Document
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 15
71 of
of 20
82
LulzSec members. At the direction of law enforcement, Monsegur then engaged in online chats
with various LulzSec members, convincing them to disclose details that confirmed their
identities and whereabouts including, as noted above, digital evidence that later was matched to
files stored on the LulzSec members computers. Monsegur also provided in-depth information
regarding many of the computer hacks that LulzSec had perpetrated.
Monsegurs efforts contributed directly in the identification, prosecution, and convictions
of core members of LulzSec, including:
Ryan Ackroyd, a/k/a Kayla. Ackroyd was arrested by authorities in the
United Kingdom. He pled guilty and was sentenced to 30 months imprisonment.
Jake Davis, a/k/a Topiary. Davis was arrested by authorities in the
United Kingdom. He pled guilty and was sentenced to 24 months custody in a young offender
institution.
Mustafa Al-Bassam, a/k/a T-Flow. Al-Bassam was arrested by
authorities in the United Kingdom. He pled guilty and was sentenced to a 20 month term, which
was suspended for two years, as well as 300 hours community service.
Darren Martyn, a/k/a pwnsauce, was arrested by authorities in Ireland.
He subsequently pled guilty and received a sentence of probation and a fine.
In addition to these core members of LulzSec, Monsegurs cooperation led to the arrest
and prosecution of others who contributed to LulzSecs hacking efforts, including:
Jeremy Hammond, a/k/a Anarchaos. As the Court is aware, Hammond,
the FBIs most wanted cybercriminal in the world at the time of his arrest, was prosecuted in the
Southern District of New York, pled guilty, and was sentenced by the Court principally to a term
of imprisonment of 120 months.
14
Case
Case 1:15-cr-00067-RDM
1:11-cr-00666-LAP Document
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 16
72 of
of 20
82
15
Case
Case 1:15-cr-00067-RDM
1:11-cr-00666-LAP Document
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 17
73 of
of 20
82
16
Case
Case 1:15-cr-00067-RDM
1:11-cr-00666-LAP Document
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 18
74 of
of 20
82
The nature of Monsegurs cooperation was also somewhat atypical in that his work as a
cooperating witness was made public shortly after the arrest of the core LulzSec members. This
revelation in itself served an important deterrent effect throughout the hacking community. At
the same time, it resulted in significant scrutiny of Monsegur and his family members.
As to the danger or risk associated with Monsegurs cooperation, Monsegur faced
hardships because of his cooperation. During the course of his cooperation, the threat to
Monsegur and his family became severe enough that the FBI relocated Monsegur and certain of
his family members. Monsegur repeatedly was approached on the street and threatened or
menaced about his cooperation once it became publicly known. Monsegur was also harassed by
individuals who incorrectly concluded that he participated in the Governments prosecution of
the operators of the Silk Road website.
Moreover, Monsegur has been vilified online by various groups affiliated with the
Anonymous movement, which particularly affected him given the central role that his online
activity played in his life prior to his cooperation with the Government. Among other things,
certain groups have sought to release Monsegurs personal identification information (such as his
exact address) as well as the personal identification information of certain of his family
members.
Members of Monsegurs family have been threatened because of his cooperation, and one
of those relatives was involved in a physical altercation regarding Monsegurs cooperation.
Monsegurs family members have also repeatedly been approached by members of the media. In
one instance, a reporter was removed from the school of the children for whom Monsegur served
as guardian after the reporter entered the school and attempted to interview the children.
17
Case
Case 1:15-cr-00067-RDM
1:11-cr-00666-LAP Document
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 19
75 of
of 20
82
18
Case
Case 1:15-cr-00067-RDM
1:11-cr-00666-LAP Document
Document 30
31 Filed
Filed 05/23/14
07/08/16 Page
Page 20
76 of
of 20
82
Request to Seal
The Government respectfully requests that it be permitted to file limited portions of this
submission under seal to protect the identities of certain victims.
Dated: New York, New York
May 23, 2014
Respectfully submitted,
PREET BHARARA
United States Attorney
By:
19
/S/
James J. Pastore, Jr.
Assistant United States Attorney
Tel.: (212) 637-2418
EXHIBIT 7
P.O. Box 2892, Church St. Station, New York, NY 10008-2892 | Tel: (646) 535-9743 (646) 535-9128 | info@thefocusforwardproject.org
OFFICERS
Justine Kentla
Executive Director
Alexandra Katz
Executive Director
BOARD OF DIRECTORS
Hon. Barbara S. Jones (ret.)
Chairperson
Fiona Doherty
Sean Hecker
Deirdre von Dornum
Jose Maldonado
Amy Finzi
For the Public Speaking unit in the class, Mir had to talk about a person in his life who had
inspired him. I saw again evidence of his willingness to accept advice from those around him.
He spoke movingly about a close friend and role model who has inspired him to mature, and
become more thoughtful of others. He spoke about growing up, and learning to surround
himself with positive and supportive friends. Mir revealed his developing interest in
psychology and human nature, and how he hopes to use knowledge of those subjects to help
people. As the class progressed, I watched him create positive goals for himself, and become
more aware of how his life affects others.
I feel strongly that Mirs experiences have made him a wiser, more self-aware, more
thoughtful person, and that he will continue to apply the lessons hes learned for the rest of
his life.
Mir Islam is an intelligent, caring, supportive man with tremendous gratitude toward those
who have helped him. I feel lucky to have gotten to know Mir and will remain supportive of
him going forward, doing whatever I can to help him. My aim is to give you a view of Mir
through my eyes after spending twelve weeks getting to know him. I appreciate the time
Your Honor has taken to read my letter. If you have any questions, please feel free to contact
me directly at the number listed below.
Sincerely,
Naomi Chakofsky-Lewy
The Focus Forward Project, Inc.
Project Coordinator/Class Facilitator
206-229-2880
EXHIBIT 8