Cyber Law & Crime News

Steven M. Dettelbach, United States Attorney for the Northern District of Ohio, announced today that an Information was filed today charging Mitchell L. Frost, age 22, of Bellevue, Ohio, with one count of causing damage to a protected computer system, and one count of possessing 15 or more unauthorized access devices.

The information charges that between August 2006, and March 2007, while enrolled as an undergraduate student at the University of Akron, Mitchell Frost used the University’s computer network to access IRC channels on the Internet to control other computers and computer networks via computers intentionally infected and taken over, known as “BotNet” zombies, which were located throughout the United States and in other countries.

The information charges that Frost gained access to other computers and computer networks by various means, including scanning the Internet searching for computer networks which were vulnerable to attack or unauthorized intrusion, gaining unauthorized access to and control over such computers, and fraudulently obtaining user names and passwords for users on such systems. Frost then used the compromised computers to spread malicious computer codes, commands and information to even more computers, all for the purpose of harvesting and obtaining information and data from the compromised computer networks, including user names, passwords, credit card numbers, and CVV security codes, and for the purpose of launching Distributed Denial of Service (DDoS) attacks on computer systems and Internet websites.
The information further charges that between August 2006 and March 2007, Frost initiated DDoS attacks on numerous computers connected to the Internet hosting various websites, including www.joinrudy2008.com, www.billoreilly.com, and www.anncoulter.com, among others, temporarily interrupting operation of the websites, which required the site owners to intervene and repair their computer systems.

The information also charges that Frost initiated denial of service attacks against the University of Akron computer server on or about March 14, 2007, which caused the entire University of Akron computer network to be knocked off-line for approximately 8 ½ hours, preventing all students, faculty and staff members from accessing the network. The information charges that this denial of service attack required the University of Akron to employ diagnostic and remedial measures to restore computer service causing losses in excess of $10,000.

If convicted, the defendant’s sentence will be determined by the Court after review of factors unique to this case, including the defendant’s prior criminal record, if any, the defendant’s role in the offense and the characteristics of the violation. In all cases the sentence will not exceed the statutory maximum and in most cases it will be less than the maximum.

This case is being prosecuted by Assistant U.S. Attorney Robert W. Kern, Cybercrime Coordinator for the Cleveland U.S. Attorney’s Office, following an investigation by the Akron Office of the United States Secret Service, the Federal Bureau of Investigation and the University of Akron Police Department.

An information is only a charge and is not evidence of guilt. A defendant is entitled to a fair trial in which it will be the government’s burden to prove guilt beyond a reasonable doubt.

—- Update —-
Convicted on 26 May 2010

Steven M. Dettelbach, United States Attorney for the Northern District of Ohio, announced today Mitchell L. Frost, age 23, of Bellevue, Ohio, appeared before U.S. Magistrate Judge Nancy A. Vecchiarelli and pleaded guilty to a two-count Information filed on May 14, 2010, which charged Frost with causing damage to a protected computer system and possessing
15 or more unauthorized access devices.

According to court documents, Frost admitted that between August 2006, and March 2007, while enrolled as a student at the University of Akron, he used the University’s computer network to access IRC channels on the Internet to control other computers and computer networks via computers intentionally infected and taken over, known as “BotNet” zombies, which were located throughout the United States and in other countries.

Frost also admitted gaining access to other computers and computer networks by various means, including scanning the Internet searching for computer networks which were vulnerable to attack or unauthorized intrusion, gaining unauthorized access to and control over such computers, and fraudulently obtaining user names and passwords for users on such systems. Frost admitted using the compromised computers to spread malicious computer codes, commands and information to even more computers, all for the purpose of harvesting and obtaining information and data from the compromised computer networks, including user names,
passwords, credit card numbers, and CVV security codes, and for the purpose of launching Distributed Denial of Service (DDoS) attacks on computer systems and Internet websites.

Frost admitted that between August 2006 and March 2007, Frost initiated DDoS attacks on numerous computers connected to the Internet hosting various websites, including www.joinrudy2008.com, www.billoreilly.com, and www.anncoulter.com, among others,
temporarily interrupting operation of the websites, which required the site owners to intervene and repair their computer systems.

Frost also admitted initiating denial of service attacks against the University of Akron computer server on or about March 14, 2007, which caused the entire University of Akron computer network to be knocked off-line for approximately 8 ½ hours, preventing all students, faculty and staff members from accessing the network. This denial of service attack required the University of Akron to employ diagnostic and remedial measures to restore computer service causing losses in excess of $10,000. Frost will be sentenced on August 5, 2010, by U.S. District Judge Lesley Wells. His sentence will be determined by the Court after review of factors unique to this case, including his prior criminal record, if any, his role in the offense and the characteristics of the violation. In all cases the sentence will not exceed the statutory maximum and in most cases it will be less than the maximum.

This case is being prosecuted by Assistant U.S. Attorney Robert W. Kern, Cybercrime Coordinator for the Cleveland U.S. Attorney’s Office, following an investigation by the Akron Office of the United States Secret Service, the Federal Bureau of Investigation and the University of Akron Police Department.

source: www.cybercrime.gov

THIBODAUX MAN CHARGED WITH VIOLATION OF DIGITAL MILLENNIUM COPYRIGHT ACT

RENO JEAN DARET, IV, age 28, of Thibodaux, Louisiana, was charged in a one count bill of information with violation of the Digital Millennium Copyright Act, announced U. S. Attorney Jim Letten.

According to the bill of information, between on or about October 26, 2009 and December 14, 2009, for purposes of commercial advantage and private financial gain, DARET knowingly circumvented technological measures that control access to copyrighted works.

DARET faces a maximum term of imprisonment of five (5) years, a fine of $500,000.00 and three (3) years of supervised release following any term of imprisonment. U. S. Attorney Letten reiterated that the bill of information is merely a charge and that the guilt of the defendant must be proven beyond a reasonable doubt.

The case is being investigated by the U.S. Department of Homeland Security, Immigration and Customs Enforcement and is being prosecuted by Assistant United States Attorney G. Dall Kammer.

source: cybercrime.gov

LAS VEGAS MAN PLEADS GUILTY TO CREATING AND SELLING COOKIE-STUFFING PROGRAM

Christopher Kennedy pleaded guilty yesterday to one count of conspiracy to commit wire fraud, United States Attorney Joseph P. Russoniello announced.

In pleading guilty, Kennedy, 28, of Las Vegas, Nev., admitted to creating and selling through his Web site, www.saucekit.com, a cookie-stuffing program, known as “saucekit,” from January 2009 to November 2009.

Cookie-stuffing is the act of depositing a cookie (a text string of code) containing an affiliate Web site’s ID onto an individual’s computer without that individual having clicked on an advertisement or link.

eBay, Inc. maintains an advertising and promotion program, known as the eBay Partner Network (EPN), through which Web sites that display eBay advertisements are reimbursed for referrals. Under the EPN,
eBay pays a referral fee to a Web site when an advertisement directs a Web user to the eBay Web site.

When that user accesses the eBay Web site, a cookie is deposited on
the user’s computer. This cookie contains information identifying the referring Web site (EPN ID) and is used to track whether and when the
user returns to the eBay Web site. A subsequent visit to the eBay Web site results in payment of a referral fee when the user engages in a revenue action, which occurs when the user utilizes eBay’s auction service.

If multiple cookies are present on the user’s computer, which may occur if the user has clicked on several different advertisements before engaging in a revenue action, the most recently deposited cookie (and its corresponding affiliate Web site) is credited for any revenue action. Cookie-stuffing occurs when an individual visits an affiliate Web site or Web page, such as an eBay auction page without clicking on an advertisement or link.

According to court documents, the cookie-stuffing program Saucekit created a cookie containing the affiliate Web site’s EPN ID and placed it onto the individual’s computer. The cookie remained on that individual’s computer for a period of time and, if that individual engaged in a revenue action with eBay, eBay credited
the affiliate. As a result, eBay payed referral fees to an affiliate, even though the individual who visited the affiliate Web site or Web page had not been referred to eBay by that Web site or Web page. In this way, eBay payed its affiliates fees to which they were not entitled.

An information was filed against Kennedy on Feb. 9, 2010. He was charged with one count of conspiracy to commit wire fraud, in violation of 18 U.S.C. § 371. Under the plea agreement, Kennedy pled guilty to the one-count information.

Kennedy has been released on $50,000 bail and is scheduled to be sentenced Nov. 1, 2010. The maximum statutory penalty for each count of conspiracy to commit wire fraud in violation 18 U.S.C. § 371 is five years imprisonment and a fine of $250,000, plus restitution if appropriate. However, any sentence following conviction would be imposed by the court after consideration of the U.S. Sentencing Guidelines and federal statute governing the imposition of a sentence, 18 U.S.C. § 3553.

Hanley Chew is the Assistant U.S. Attorney who is prosecuting the case with the assistance of Lauri Gomez. The guilty plea is the result of an investigation by the United States Secret Service.

source: cybercrime.gov

An Indian national was sentenced today to 81 months in prison on conspiracy and aggravated identity theft charges arising from an international fraud scheme to “hack” into online brokerage accounts in the United States and use those accounts to manipulate stock prices, announced Assistant Attorney General Lanny A. Breuer of the Criminal Division and U.S. Attorney Deborah Gilg of the District of Nebraska.

Jaisankar Marimuthu, 36, a native of Chennai, India, was also ordered to pay $2.4 million in restitution. Marimuthu pleaded guilty on Feb. 5, 2010, to one count of conspiracy to commit wire fraud, securities fraud, computer fraud and aggravated identity theft, and to one count of aggravated identity theft before U.S. District Magistrate Judge F.A. Gossett III in Omaha, Neb. Marimuthu, who was extradited to the United States following his arrest in Hong Kong, was sentenced today before U.S. District Judge Laurie Smith Camp.

According to court documents, Marimuthu was part of a conspiracy that operated out of Thailand and India from February 2006 through December 2006 in which the prices of thinly-traded securities were fraudulently inflated by hacking into brokerage accounts in the United States and then illegally using the accounts to make large, unauthorized purchases of securities in the name of the unsuspecting customers. Marimuthu admitted that after the price of the securities had been artificially increased or “pumped up” through the bogus trading, the conspirators’ own holdings of the securities would be sold at a profit. More than 90 customers and seven brokerage firms in the United States have been identified as victims. Financial losses of close to $2.5 million were sustained by the victims in this case.

Co-defendant Thirugnanam Ramanathan, 37, pleaded guilty on June 2, 2008, to one count of conspiracy to commit wire fraud, securities fraud, computer fraud and aggravated identity theft. Following his arrest in Hong Kong, Ramanathan was extradited on May 25, 2007, to the United States. Ramanathan was sentenced to two years in prison by Judge Camp, and has since been returned to India following completion of his sentence. Co-defendant Chockalingham Ramanathan, 36, was charged with one count of conspiracy, eight counts of computer fraud, six counts of wire fraud, two counts of securities fraud and six counts of aggravated identity theft. Chockalingham Ramanathan remains at large.

This case was prosecuted by Trial Attorney Richard D. Green of the Criminal Division’s Computer Crime and Intellectual Property Section; Trial Attorneys Jack Patrick and Ryan Faulconer of the Criminal Division’s Fraud Section; and Assistant U.S. Attorney Michael Norris of the District of Nebraska. This case was investigated by the FBI in Omaha

source: cybercrime.gov

Ohio Man Sentenced To 29 Months In Prison For Selling Pirated Copies Of Movies

WASHINGTON – Richard Humphrey, 22, of North Ridgeville, Ohio, was sentenced today in Cleveland to 29 months in prison by U.S. District Court Judge Lesley Wells for selling counterfeit copies of copyrighted movies through the Internet, announced Assistant Attorney General Lanny A. Breuer of the Criminal Division and U.S. Attorney Steven M. Dettelbach for the Northern District of Ohio.

Humphrey was also sentenced to three years of supervised release following his prison term. Judge Wells ordered Humphrey to forfeit multiple computers and associated hardware used in the scheme. Humphrey pleaded guilty in Cleveland on Sept. 21, 2009, to one count of criminal copyright infringement for selling pirated movies prior to their commercial release through an Internet website.

According to court documents, from December 2006 through October 2007, Humphrey operated the subscription-based website USAWAREZ.COM from which he distributed copies of hundreds of copyrighted movies, computer games and software products without authorization from the copyright owners. Humphrey offered paid subscription services for access to the pirated materials on his website and also solicited donations for his operation of the site. FBI agents seized
two personal computers and associated hardware from Humphrey while executing a search warrant at his residence. Additionally, the FBI seized Humphrey’s computer server hosted at an internet service provider that was used to host and run the USAWAREZ website.

The case is being prosecuted by Trial Attorneys Tyler Newby and Tara Swaminatha of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Robert Kern for the Northern District of Ohio as well as Assistant U.S. Attorney Jay V. Prabhu for the Eastern District of Virginia. The case was investigated by the FBI.

source: cybercrime.gov

PREET BHARARA, the United States Attorney for the Southern District of New York, and JOSEPH M. DEMAREST, JR., the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced that ALEKSEY VOLYNSKIY was sentenced yesterday to 37 months in prison for hacking into victims’ brokerage accounts at Charles Schwab, laundering over $246,000, and sending a portion back to coconspirators in Russia. VOLYNSKIY also sold approximately 180 stolen credit card numbers to a cooperating witness and directed that they be fabricated into credit cards. United States
District Judge DENNY CHIN, who imposed the sentence in Manhattan federal court, also ordered VOLYNSKIY to pay restitution in the amount of $30,000 and imposed an order of forfeiture in the same amount.

According to the Indictment and other documents filed in the case, and statements made during the guilty plea and sentencing proceedings:
From approximately September 2006 through December 2007, VOLYNSKIY and co-defendant ALEXANDER BOBNEV participated in a scheme to steal funds from bank and brokerage accounts by hacking into those accounts through the internet, using personal financial information obtained through computer viruses, and then laundering the stolen proceeds.

To carry out this scheme, BOBNEV and co-conspirators in Russia used concealed computer codes known as “Trojan Horses” to hack into the personal computers of multiple victims in the United States. These Trojan Horses were designed to steal personal account information from individual victims as they accessed their bank and brokerage accounts through the internet.

After the Trojan Horses captured the victims’ personal account information, BOBNEV and other co-conspirators used the information to access victims’ bank and brokerage accounts, and thereafter made unauthorized sales of securities and unauthorized wire transfers out of these accounts.

VOLYNSKIY, along with co-conspirators residing in the United States, then set up various “drop” accounts to receive the funds stolen from their victims’ bank and brokerage accounts. VOLYNSKIY and his co-conspirators then sent a portion of the stolen funds from the various “drop” accounts in the United States to co-conspirators in Russia, through money remitting services, keeping a portion of the fraud proceeds for themselves.

In addition to the scheme to hack into victims’ brokerage accounts, from September 2006 through December 2007, VOLYNSKIY participated in a scheme to steal funds from bank accounts by withdrawing money from those accounts at ATMs, using stolen credit card numbers. On three separate occasions, VOLYNSKIY provided a total of 180 stolen credit card numbers to a cooperating witness, directing that they be fabricated into credit cards.

***
VOLYNSKIY was arrested on December 4, 2008, and pleaded guilty on August 4, 2009, to five counts, including conspiracy to commit wire fraud and unlawfully access and damage a protected computer, money laundering, and access device fraud.

On November 9, 2009, United States District Judge PAUL G. GARDEPHE sentenced MINEEV, another individual residing in the United States who conspired with BOBNEV to hack into brokerage accounts and launder the proceeds, to 18 months in prison. BOBNEV remains at large.

Mr. BHARARA praised the investigative work of the FBI. This case is being prosecuted by the Office’s Complex Frauds Unit. Assistant United States Attorney SEETHA RAMACHANDRAN is in charge of this prosecution.

LOS ANGELES – A Chicago-area man was sentenced this afternoon to 30 months in federal prison for taking nude videos of television personality Erin Andrews and posting the videos on the Internet after being rebuffed when he offered the videos for sale to a celebrity website.

Michael David Barrett, 49, of Westmont, Illinois, was sentenced by United States District Judge Manuel L. Real, who also ordered the defendant to pay $7,366 in restitution to Ms. Andrews.

During the sentencing hearing, Judge Real noted that, as a result of Barrett’s conduct, Ms. Andrews will suffer for the rest of her life. Barrett pleaded guilty December 15 to a federal charge of interstate stalking with the intent to harass and to cause substantial emotional distress. Barrett admitted that he stalked ESPN reporter Erin Andrews over an 18-month period. Barrett’s conduct included tracking Ms. Andrews to at least three different hotel rooms in three states in 2008. Barrett made the videos after removing the peephole device from the door in one of the hotel rooms and using his mobile phone to capture video of Ms. Andrews while she was naked.

In January 2009, TMZ.com was offered the opportunity to purchase the nude videos via email messages, an offer that the celebrity website immediately declined. Barrett subsequently posted 10 of the videos on the Internet, identifying Ms. Andrews as the victim.

During today’s sentencing hearing, Ms. Andrews told the court of the fear, anxiety and public humiliation that she suffers as a result of having been stalked. “I’m being victimized every day…and I did nothing to deserve it,” Ms. Andrews said, adding the videos will likely always be on the Internet.

In court papers filed in support of their request for a prison sentence in this case, prosecutors told the court that Barrett posted on the Internet another 32 videos that depicted another 16 as-yet-unidentified victims.

The case against Barrett was investigated by the Federal Bureau of Investigation’s Los Angeles Field Office, which received assistance from the FBI’s Chicago Field Office.

source: www.cybercrime.gov

A father and son have pleaded guilty to selling $1 million worth of counterfeit computer software through the Internet, in violation of criminal copyright infringement laws, Assistant Attorney General Lanny A. Breuer of the Criminal Division, U.S. Attorney Neil H. MacBride for the Eastern District of Virginia and John Morton, Assistant Secretary of Homeland Security for U.S. Immigration and Customs Enforcement announced today. The guilty pleas are part of the Department of Justice’s initiative to combat online piracy.

Robert D. Cook, 56, and his son, Todd A. Cook, 23, both of Wichita Falls, Texas, pleaded guilty late yesterday to criminal copyright infringement and conspiracy to commit criminal copyright infringement before U.S. District Court Judge T.S. Ellis III, in Alexandria, Va. According to court documents, from July 2006 through May 2008, the Cooks operated several Web sites that sold large volumes of counterfeit software with a combined retail value of approximately $1 million.

The defendants admitted that they used these Web sites to sell downloadable counterfeit software without authorization from the copyright owners. The defendants also admitted that they promoted their illicit scheme by purchasing advertising for their Web sites from major Internet search engines.

Both defendants face up to five years in prison, a fine of $250,000 and three years of supervised release. Sentencing has been scheduled for June 18, 2010.

The convictions of Robert and Todd Cook are the latest in an investigation out of Wichita Falls, in which four other men have been convicted for operating Web sites engaged in the sale of pirated software. Thomas C. Rushing III, William Lance Partridge and Brian C. Rue all pleaded guilty to criminal copyright infringement in U.S. District Court in Austin, Texas, on Aug. 22, 2008. Timothy K. Dunaway pleaded guilty to criminal copyright infringement on Oct. 20, 2008, in U.S. District Court in Wichita Falls. Combined, the counterfeit software sold by these individuals had a retail value of more than $10 million.

This case is part of the Department of Justice’s ongoing initiative to combat online auction piracy.

Including the guilty pleas announced today, the Department has obtained 46 convictions involving online auction and commercial distribution of counterfeit software. The Department’s initiative to combat online auction piracy is just one of several steps being undertaken to address the losses caused by intellectual property theft and hold responsible those engaged in criminal copyright infringement.

source: cybercrime.gov

Four Indicted in $25 Million Scheme Defrauding and Hacking Ticketmaster, Tickets.com, and Other Ticket Vendors

Three men who used fraud, deceit, and computer hacking to make more than $25 million by acquiring and reselling more than 1.5 million of the most coveted tickets to concerts, sporting events, and live entertainment throughout the United States surrendered to federal authorities this morning after being charged in an Indictment, U.S. Attorney Paul J. Fishman announced.

The 43-count Indictment describes a scheme in which the defendants and their company, Wiseguy Tickets, Inc. (“Wiseguys”), targeted Ticketmaster, Tickets.com, MLB.com, MusicToday, and other online ticket vendors. According to the Indictment, which was returned by a federal grand jury on Feb. 23 and unsealed this morning, the defendants are alleged to have fraudulently obtained prime tickets to performances by, among others, Bruce Springsteen, Hannah Montana, Bon Jovi, Barbara Streisand, Billy Joel, and Kenny Chesney.
The criminal scheme also targeted tickets to live theater, including productions of Wicked and The Producers; sporting events, including the 2006 Rose Bowl and 2007 Major League Baseball playoff games at Yankee Stadium; and special events, including tapings of the television show Dancing with the Stars. The events took place in Newark and East Rutherford, New Jersey, and across the United States, including in New York City, Anaheim, Chicago, Houston, Los Angeles, Omaha, Philadelphia, Pittsburgh and Tampa, according to the Indictment.

The Indictment charges Kenneth Lowson, 40, Kristofer Kirsch, 37, and Faisal Nahdi, 36, all of Los Angeles, and Joel Stevenson, 37, of Alameda, with conspiracy to commit wire fraud and to gain unauthorized access and exceed authorized access to computer systems. The indictment also charges 42 additional counts of wire fraud; gaining unauthorized access and exceeding authorized access to computer systems; or causing damage to computers in interstate commerce.

Defendants Lowson, Kirsch and Stevenson surrendered this morning at FBI headquarters in
Newark and are expected to appear before U.S. Magistrate Judge Michael Shipp at 2:00 p.m. in Newark. Defendant Nahdi, who is not currently in the United States, is expected to surrender to authorities in the coming weeks. All of the defendants will be arraigned in the coming weeks before the United States District Court Judge Katharine S. Hayden, to whom the case has been assigned.

“At a time when the Internet has brought convenience and fairness to the ticket marketplace,
these defendants gamed the system with a sophisticated fraud operation that generated over $25 million in illicit profits.” said U.S. Attorney Fishman. “Today’s indictment represents a
significant step forward in the fight against those who use fraud to disrupt E-Commerce and evade computer security.”

“The allegations in this indictment represent a scheme orchestrated through technology to cheat the public and circumvent fair business practices in the entertainment industry,” said Edward Kahrer, FBI Assistant Special Agent In Charge and head of its corruption program in the Newark Division. “Unfortunately for the defendants, they are the FBI’s first example of what happens to criminals when we combine the talent and resources in our white collar and cybercrime programs. As technology and the world move forward, the FBI will endeavor to remain one step ahead.”

According to the Indictment, Lowson, Kirsch, Stevenson, and Nahdi used Wiseguys to obtain
and resell millions of dollars worth of premium tickets to the most sought after concerts, shows, and sporting events. Wiseguys typically sold the event tickets that it obtained to ticket brokers, who in turn sold the tickets to the general public at significantly higher prices. Wiseguys profited by charging its customers, the ticket brokers, a percentage mark-up over the face value of the tickets it fraudulently obtained and re-sold.

Technological Steps to Ensure Fair Access to Tickets The Indictment alleges that ticket vendors were unwilling to sell tickets in large quantities for commercial resale to entities such as Wiseguys or brokers. To ensure fair access to tickets, Online Ticket Vendors restricted access to their ticket purchasing system to individual users, as opposed to computer programs that purchased tickets automatically, and restricted the number of tickets that an individual customer could purchase. To enforce these restrictions, Online Ticket Vendors used computer software that was designed to detect and prevent automated programs from accessing the Online Ticket Vendors’ computers.

These protecting technologies included CAPTCHA, a computer program that requires would-be ticket purchasers to read distorted images of letters, numbers, and characters that appear on their computer screens and to retype those images manually before tickets can be purchased. “CAPTCHA Challenges,” such as the one below, are programmed so that the images are recognizable to the human eye but confusing to computers.

According to the Indictment, other technologies the Online Ticket Vendors used to protect their computers include audio CAPTCHA Challenges, which are offered to ensure fair access to visually impaired customers who cannot see and respond to visual CAPTCHA Challenges; sending complex math problems to computers that were in the process of purchasing tickets (to slow down computers attempting to purchase multiple blocks of event tickets); and blocking the Internet Protocol addresses (“IP Addresses”) of computers that appeared to be using automated programs to access and attack the Online Ticket Vendors’ websites. Sidestepping the Computer Defenses To defeat the Online Ticket Vendors’ technologies, the defendants worked with computer programmers in Bulgaria to establish a nationwide network of computers that impersonated individual visitors to the Online Ticket Vendors’ websites, the Indictment alleges. The network – described as the “CAPTCHA Bots” in the Indictment – gave Wiseguys the ability to flood the Online Ticket Vendors’ computers at the exact moment that event tickets went on sale. The CAPTCHA Bots also automated and sped up the purchase process by completing both CAPTCHA Challenges and audio CAPTCHA Challenges automatically – faster than any human could accomplish the same task. The defendants thus gained a significant advantage over the general public in having access to the best seats to the most desirable events, according to the Indictment.

“The public thought it had a fair shot at getting tickets to these events, but what the public didn’t know was that the defendants had cheated them out of that opportunity,” said U.S. Attorney Fishman.

Allegedly, the defendants also used aliases, shell corporations, and fraudulent misrepresentations, both to deploy the CAPTCHA Bots and to disguise their ticket-purchasing activities. At various times the defendants, and others working at their direction, misrepresented Wiseguys’ activities to Online Ticket Vendors; to the companies that leased Internet access to Wiseguys for use of the CAPTCHA Bots; to the landlords that rented Wiseguys’ office space; and, in certain instances, to lower level employees at Wiseguys.
To further disguise their activities, defendants also created and managed hundreds of fake Internet domains (e.g., stupidcellphone.com) and thousands of e-mail addresses to receive event tickets from Online Ticket Vendors. The defendants also directed the development and
deployment of technologies to secretly obtain CAPTCHA and audio CAPTCHA Challenges that could be used to buy event tickets for resale.

According to the Indictment, the defendants were aware that the CAPTCHA Bots made it nearly impossible for the average consumer to have a chance to buy the best seats to the most popular events. For example, for a single July 2008 concert featuring Bruce Springsteen and the E Street Band at Giants Stadium, Wiseguys was able to purchase and control nearly half of the 440 General Admission floor tickets made available to the public for that concert – the tickets closest to the stage. In internal company reports, Wiseguys employees described their success at buying tickets as “straight domination,” having bought the “best ringsides by far,” and, for a January 2009 NFL playoff game at Giants Stadium between the Philadelphia Eagles and the New York Giants, having “pigged out” on tickets.

Defendants Lowson and Kirsch, according to the Indictment, owned Wiseguys and directed all of its operations; defendant Stevenson was the company’s chief U.S.-based programmer,
programmed aspects of the CAPTCHA Bots, and supervised Bulgarian computer programmers; defendant Nahdi managed Wiseguys’ operations and finances and at one point took ownership of a Wiseguys’ entity named Seats of San Francisco.

If convicted, each defendant faces a maximum statutory penalty of 5 years in prison on the
conspiracy charge and a maximum statutory penalty of 20 years in prison on each wire fraud
charge. In addition, defendants Lowson, Kirsch, and Stevenson face statutory maximum penalties of 5 years’ imprisonment and a $250,000 fine on each of 19 counts charging gaining unauthorized access and exceeding authorized access to computers; and 10 years’ imprisonment for each of six counts charging damage to computers in interstate commerce. In addition, each defendant faces a fine of $250,000 per count of conviction.

In determining an actual sentence, the Judge Hayden would, upon a conviction, consult the
Advisory U.S. Sentencing Guidelines, which provide appropriate sentencing ranges that take into account the severity and characteristics of the offense, the defendant’s criminal history, if any, and other factors. The judge, however, is not bound by those guidelines in determining a
sentence. Parole has been abolished in the federal system. Defendants who are given custodial terms must serve nearly all that time.

Despite indictment, all defendants are presumed innocent unless proven guilty beyond a
reasonable doubt. Fishman credited the Special Agents of the FBI, under the direction of Acting Special Agent in Charge Kevin B. Cruise in Newark, and Special Agents of the United States Postal Inspection Service, under the direction of Inspector in Charge David L. Collins in Newark, with the investigation.

The government is represented by Assistant U.S. Attorneys Erez Liebermann and Seth Kosto in the U.S. Attorney’s Office Computer Hacking and Intellectual Property group, within the Commercial Crimes Unit.

source: cybercrime.gov

New Jersey Man Pleads Guilty to Unauthorized Recording of Newly Released Motion Pictures in Movie Theater

Keshawn Deron Wilson of Asbury Park, N.J., pleaded guilty today in Tampa, Fla., to federal
charges of using a video camera to record then newly-released motion pictures in a New Jersey theater, announced Assistant Attorney General of the Criminal Division Lanny A. Breuer and U.S. Attorney for the Middle District of Florida A. Brian Albritton.

Keshawn Wilson, 25, pleaded guilty before U.S. Magistrate Judge Thomas B. McCoun III to two counts of unauthorized recording of motion pictures in a motion picture exhibition facility.
According to information presented in court, Wilson was arrested on Sept. 13, 2008, by Ocean Township, N.J., police officers, while he was in the process of recording Picturehouse
Entertainment’s then newly-released motion picture “The Women” at the Middlebrook Galleria 10 Clearview Cinemas in Ocean, N.J. At the time he was arrested, officers seized a high definition video camera with a 30 gigabyte hard drive from Wilson. A subsequent search of the camera’s hard drive revealed a copy of the then newly-released movie “The Women” and a copy of Universal Studios’ then newly-released movie “Burn After Reading,” which Wilson admitted he recorded the previous day at the same theater.

Wilson faces a maximum sentence of six years in prison, a $500,000 fine, two years of
supervised release following the prison term and an order of restitution. A sentencing date has not yet been set by the court.

The case is being prosecuted by Assistant U.S. Attorneys Donald Hansen of the Middle District of Florida and Seth Kosto of the District of New Jersey, as well as Assistant Deputy Chief for Litigation Clement McGovern of the Computer Crime and Intellectual Property Section. This case was investigated by the FBI. The Motion Picture Association of America, an industry trade group that represents major producers and distributors of entertainment, including motion picture studios, provided assistance in this case.

source: cybercrime.gov