Cyber Law & Crime News

Steven M. Dettelbach, United States Attorney for the Northern District of Ohio, announced today that an Information was filed today charging Mitchell L. Frost, age 22, of Bellevue, Ohio, with one count of causing damage to a protected computer system, and one count of possessing 15 or more unauthorized access devices.

The information charges that between August 2006, and March 2007, while enrolled as an undergraduate student at the University of Akron, Mitchell Frost used the University’s computer network to access IRC channels on the Internet to control other computers and computer networks via computers intentionally infected and taken over, known as “BotNet” zombies, which were located throughout the United States and in other countries.

The information charges that Frost gained access to other computers and computer networks by various means, including scanning the Internet searching for computer networks which were vulnerable to attack or unauthorized intrusion, gaining unauthorized access to and control over such computers, and fraudulently obtaining user names and passwords for users on such systems. Frost then used the compromised computers to spread malicious computer codes, commands and information to even more computers, all for the purpose of harvesting and obtaining information and data from the compromised computer networks, including user names, passwords, credit card numbers, and CVV security codes, and for the purpose of launching Distributed Denial of Service (DDoS) attacks on computer systems and Internet websites.
The information further charges that between August 2006 and March 2007, Frost initiated DDoS attacks on numerous computers connected to the Internet hosting various websites, including www.joinrudy2008.com, www.billoreilly.com, and www.anncoulter.com, among others, temporarily interrupting operation of the websites, which required the site owners to intervene and repair their computer systems.

The information also charges that Frost initiated denial of service attacks against the University of Akron computer server on or about March 14, 2007, which caused the entire University of Akron computer network to be knocked off-line for approximately 8 ½ hours, preventing all students, faculty and staff members from accessing the network. The information charges that this denial of service attack required the University of Akron to employ diagnostic and remedial measures to restore computer service causing losses in excess of $10,000.

If convicted, the defendant’s sentence will be determined by the Court after review of factors unique to this case, including the defendant’s prior criminal record, if any, the defendant’s role in the offense and the characteristics of the violation. In all cases the sentence will not exceed the statutory maximum and in most cases it will be less than the maximum.

This case is being prosecuted by Assistant U.S. Attorney Robert W. Kern, Cybercrime Coordinator for the Cleveland U.S. Attorney’s Office, following an investigation by the Akron Office of the United States Secret Service, the Federal Bureau of Investigation and the University of Akron Police Department.

An information is only a charge and is not evidence of guilt. A defendant is entitled to a fair trial in which it will be the government’s burden to prove guilt beyond a reasonable doubt.

—- Update —-
Convicted on 26 May 2010

Steven M. Dettelbach, United States Attorney for the Northern District of Ohio, announced today Mitchell L. Frost, age 23, of Bellevue, Ohio, appeared before U.S. Magistrate Judge Nancy A. Vecchiarelli and pleaded guilty to a two-count Information filed on May 14, 2010, which charged Frost with causing damage to a protected computer system and possessing
15 or more unauthorized access devices.

According to court documents, Frost admitted that between August 2006, and March 2007, while enrolled as a student at the University of Akron, he used the University’s computer network to access IRC channels on the Internet to control other computers and computer networks via computers intentionally infected and taken over, known as “BotNet” zombies, which were located throughout the United States and in other countries.

Frost also admitted gaining access to other computers and computer networks by various means, including scanning the Internet searching for computer networks which were vulnerable to attack or unauthorized intrusion, gaining unauthorized access to and control over such computers, and fraudulently obtaining user names and passwords for users on such systems. Frost admitted using the compromised computers to spread malicious computer codes, commands and information to even more computers, all for the purpose of harvesting and obtaining information and data from the compromised computer networks, including user names,
passwords, credit card numbers, and CVV security codes, and for the purpose of launching Distributed Denial of Service (DDoS) attacks on computer systems and Internet websites.

Frost admitted that between August 2006 and March 2007, Frost initiated DDoS attacks on numerous computers connected to the Internet hosting various websites, including www.joinrudy2008.com, www.billoreilly.com, and www.anncoulter.com, among others,
temporarily interrupting operation of the websites, which required the site owners to intervene and repair their computer systems.

Frost also admitted initiating denial of service attacks against the University of Akron computer server on or about March 14, 2007, which caused the entire University of Akron computer network to be knocked off-line for approximately 8 ½ hours, preventing all students, faculty and staff members from accessing the network. This denial of service attack required the University of Akron to employ diagnostic and remedial measures to restore computer service causing losses in excess of $10,000. Frost will be sentenced on August 5, 2010, by U.S. District Judge Lesley Wells. His sentence will be determined by the Court after review of factors unique to this case, including his prior criminal record, if any, his role in the offense and the characteristics of the violation. In all cases the sentence will not exceed the statutory maximum and in most cases it will be less than the maximum.

This case is being prosecuted by Assistant U.S. Attorney Robert W. Kern, Cybercrime Coordinator for the Cleveland U.S. Attorney’s Office, following an investigation by the Akron Office of the United States Secret Service, the Federal Bureau of Investigation and the University of Akron Police Department.

source: www.cybercrime.gov

THIBODAUX MAN CHARGED WITH VIOLATION OF DIGITAL MILLENNIUM COPYRIGHT ACT

RENO JEAN DARET, IV, age 28, of Thibodaux, Louisiana, was charged in a one count bill of information with violation of the Digital Millennium Copyright Act, announced U. S. Attorney Jim Letten.

According to the bill of information, between on or about October 26, 2009 and December 14, 2009, for purposes of commercial advantage and private financial gain, DARET knowingly circumvented technological measures that control access to copyrighted works.

DARET faces a maximum term of imprisonment of five (5) years, a fine of $500,000.00 and three (3) years of supervised release following any term of imprisonment. U. S. Attorney Letten reiterated that the bill of information is merely a charge and that the guilt of the defendant must be proven beyond a reasonable doubt.

The case is being investigated by the U.S. Department of Homeland Security, Immigration and Customs Enforcement and is being prosecuted by Assistant United States Attorney G. Dall Kammer.

source: cybercrime.gov

LAS VEGAS MAN PLEADS GUILTY TO CREATING AND SELLING COOKIE-STUFFING PROGRAM

Christopher Kennedy pleaded guilty yesterday to one count of conspiracy to commit wire fraud, United States Attorney Joseph P. Russoniello announced.

In pleading guilty, Kennedy, 28, of Las Vegas, Nev., admitted to creating and selling through his Web site, www.saucekit.com, a cookie-stuffing program, known as “saucekit,” from January 2009 to November 2009.

Cookie-stuffing is the act of depositing a cookie (a text string of code) containing an affiliate Web site’s ID onto an individual’s computer without that individual having clicked on an advertisement or link.

eBay, Inc. maintains an advertising and promotion program, known as the eBay Partner Network (EPN), through which Web sites that display eBay advertisements are reimbursed for referrals. Under the EPN,
eBay pays a referral fee to a Web site when an advertisement directs a Web user to the eBay Web site.

When that user accesses the eBay Web site, a cookie is deposited on
the user’s computer. This cookie contains information identifying the referring Web site (EPN ID) and is used to track whether and when the
user returns to the eBay Web site. A subsequent visit to the eBay Web site results in payment of a referral fee when the user engages in a revenue action, which occurs when the user utilizes eBay’s auction service.

If multiple cookies are present on the user’s computer, which may occur if the user has clicked on several different advertisements before engaging in a revenue action, the most recently deposited cookie (and its corresponding affiliate Web site) is credited for any revenue action. Cookie-stuffing occurs when an individual visits an affiliate Web site or Web page, such as an eBay auction page without clicking on an advertisement or link.

According to court documents, the cookie-stuffing program Saucekit created a cookie containing the affiliate Web site’s EPN ID and placed it onto the individual’s computer. The cookie remained on that individual’s computer for a period of time and, if that individual engaged in a revenue action with eBay, eBay credited
the affiliate. As a result, eBay payed referral fees to an affiliate, even though the individual who visited the affiliate Web site or Web page had not been referred to eBay by that Web site or Web page. In this way, eBay payed its affiliates fees to which they were not entitled.

An information was filed against Kennedy on Feb. 9, 2010. He was charged with one count of conspiracy to commit wire fraud, in violation of 18 U.S.C. § 371. Under the plea agreement, Kennedy pled guilty to the one-count information.

Kennedy has been released on $50,000 bail and is scheduled to be sentenced Nov. 1, 2010. The maximum statutory penalty for each count of conspiracy to commit wire fraud in violation 18 U.S.C. § 371 is five years imprisonment and a fine of $250,000, plus restitution if appropriate. However, any sentence following conviction would be imposed by the court after consideration of the U.S. Sentencing Guidelines and federal statute governing the imposition of a sentence, 18 U.S.C. § 3553.

Hanley Chew is the Assistant U.S. Attorney who is prosecuting the case with the assistance of Lauri Gomez. The guilty plea is the result of an investigation by the United States Secret Service.

source: cybercrime.gov

Ohio Man Sentenced To 29 Months In Prison For Selling Pirated Copies Of Movies

WASHINGTON – Richard Humphrey, 22, of North Ridgeville, Ohio, was sentenced today in Cleveland to 29 months in prison by U.S. District Court Judge Lesley Wells for selling counterfeit copies of copyrighted movies through the Internet, announced Assistant Attorney General Lanny A. Breuer of the Criminal Division and U.S. Attorney Steven M. Dettelbach for the Northern District of Ohio.

Humphrey was also sentenced to three years of supervised release following his prison term. Judge Wells ordered Humphrey to forfeit multiple computers and associated hardware used in the scheme. Humphrey pleaded guilty in Cleveland on Sept. 21, 2009, to one count of criminal copyright infringement for selling pirated movies prior to their commercial release through an Internet website.

According to court documents, from December 2006 through October 2007, Humphrey operated the subscription-based website USAWAREZ.COM from which he distributed copies of hundreds of copyrighted movies, computer games and software products without authorization from the copyright owners. Humphrey offered paid subscription services for access to the pirated materials on his website and also solicited donations for his operation of the site. FBI agents seized
two personal computers and associated hardware from Humphrey while executing a search warrant at his residence. Additionally, the FBI seized Humphrey’s computer server hosted at an internet service provider that was used to host and run the USAWAREZ website.

The case is being prosecuted by Trial Attorneys Tyler Newby and Tara Swaminatha of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Robert Kern for the Northern District of Ohio as well as Assistant U.S. Attorney Jay V. Prabhu for the Eastern District of Virginia. The case was investigated by the FBI.

source: cybercrime.gov

A Nebraska man agreed today to plead guilty to participating in an attack on Church of Scientology websites in January 2008 that shut down the group’s websites.

Brian Thomas Mettenbrink, 20, of Grand Island, Nebraska, was previously indicted by a federal grand jury, but in documents filed today he agreed to plead guilty to the misdemeanor charge of unauthorized access of a protected computer and to serve a one-year prison sentence.

According to court documents, Mettenbrink participated in the attack on the Scientology websites that was orchestrated by a group that labeled itself “Anonymous.” That underground group has led protests against the Church of Scientology at various locations across the country, and in January 2008 announced a new offensive against Scientology. In the court documents, Mettenbrink admits that he downloaded computer
software from an “Anonymous” message board and used that software to bombard Scientology websites to the point that it impaired the integrity and availability of those websites in a variation of a distributed denial of service attack (DDOS) attack. A DDOS attack occurs where a large amount of malicious Internet traffic is directed at a website or a set of websites. The target websites are unable to handle the high volume of Internet traffic and therefore become unavailable to legitimate users trying to reach the sites.

Mettenbrink, who was scheduled to go to trial on the charges in the grand jury indictment on February 9, is expected to plead guilty in federal court in Los Angeles next week.

Previously in the investigation into the “Anonymous” computer attack, Dmitriy Guzner, of Verona, New Jersey, was sentenced last year to one year and one day in federal prison after pleading guilty to participating in the “Anonymous” attack against the Scientology websites.

The cases against Mettenbrink and Guzner are part of an ongoing investigation by the United States Secret Service Electronic Crimes Task Force in Los Angeles. The agencies involved in the investigation are the United States Secret Service, the Federal Bureau of Investigation, the Los Angeles Police Department and the Los Angeles County District Attorney’s Office Bureau of Investigation.

source: www.cybercrime.gov

Nora R. Dannehy, United States Attorney for the District of Connecticut, announced that CORNEL IONUT TONITA, 28, of Galati, Romania, pleaded guilty today before United States Magistrate Judge Holly B. Fitzsimmons in Bridgeport to one count of conspiracy to commit fraud in connection with electronic mail (“spamming”). The charge stems from a “phishing” scheme that victimized individuals, financial institutions and companies. A phishing scheme uses the Internet to target large numbers of unwary individuals, using fraud and deceit to obtain private personal and financial information such as names, addresses, bank account numbers, credit card numbers and Social Security numbers. Phishing schemes often work by sending out large numbers of counterfeit email messages, or “spam,” which are made to appear as if they
originated from legitimate banks, financial institutions or other companies.

In pleading guilty, TONITA admitted that, from approximately February 2005 through April 2005, he conspired with others to engage in spamming. TONITA was paid to use software tools to harvest email addresses from Internet sites, focusing primarily on colleges and universities in the United States. TONITA then provided the email addresses to others with the knowledge that they would send spam to those email addresses.

Specifically, on approximately March 19, 2005, TONITA sent a file containing approximately 9,811 email addresses to a co-conspirator.

On January 18, 2007, a federal grand jury in New Haven returned an indictment charging TONITA and five other Romanian citizens for their alleged participation in the phishing scheme.

On July 18, 2009, TONITA was arrested on an Interpol warrant at the sea border crossing in Dubrovnik, Croatia. He was extradited to the U.S. on September 4, 2009.

The investigation of this matter stemmed from a citizen’s complaint concerning a fraudulent e-mail message made to appear as if it originated from Connecticut-based People’s Bank. In fact, the e-mail message directed victims to a computer in Minnesota that had been compromised, or “hacked,” and used to host a counterfeit People’s Bank Internet site. During the course of the investigation, it was determined that the defendants had allegedly engaged in similar phishing schemes against many other financial institutions and companies, including Citibank, Capital One, JPMorgan Chase & Co., Comerica Bank, Wells Fargo & Co., eBay and PayPal. TONITA is scheduled to be sentenced by United States District Judge Janet C. Hall on April 5, 2010, at which time TONITA faces a maximum term of imprisonment of five years.

This matter has been investigated by the Federal Bureau of Investigation in New Haven, Connecticut, and the Connecticut Computer Crimes Task Force. Critical assistance to the investigation also has been provided by the FBI Legal Attachés in Vienna, Bucharest and Ottawa; Interpol in Zagreb and Washington, D.C.; the Romanian National Police; the Croatian Criminal Police Directorate and Croatian General Police Directorate; the U.S. Embassy in Sarajevo; the Royal Canadian Mounted Police; Canada Border Services Agency in Montreal; and the United States Marshals Service.

The case is being prosecuted by Assistant United States Attorney Edward Chang.

source: www.cybercrime.gov

A federal grand jury in Dallas returned a superseding indictment this week charging 19 defendants in a massive cybercrime conspiracy, announced U.S. Attorney James T. Jacks of the Northern District of Texas. This indictment supersedes a September 2, 2009, indictment that charged nine of the defendants in the conspiracy.

The following 19 defendants are each charged with one count of conspiracy to commit wire and mail fraud. Defendants (3) through (7), who were charged in the original indictment, have made their initial appearances in federal court and, with the exception of defendant (6), are on pretrial release. Defendant (6) remains in custody. Defendants (10) through (15) and (18) and (19) were either arrested or have surrendered to federal authorities this week. Defendants (16) and (17) are outside of the United States.

Defendants (1), (2), (8) and (9) are believed to have fled the United States to avoid prosecution. One anonymous internet report suggested that Michael Faulkner was killed attempting to reenter the U.S. from Mexico. This report has not been confirmed.

(1) *Chastity Lynn Faulkner, 34, of Southlake, Texas (fugitive)
(2) *Michael Blaine Faulkner, 36, of Southlake, Texas (fugitive)
(3) *Brian Patrick Haney, 36 of Plano, Texas
(4) Eric Byron Littlejohn, II, 19, of Desoto, Texas
(5) Nathan Todd Shafer, 31 of Irving, Texas
(6) *Matthew Norman Simpson, 25, of Red Oak, Texas
(7) *Alicia Nicole Cargill Smallwood, 28, of Midlothian, Texas
(8) *Jason Carter Watts, 32, of Plano, Texas (fugitive)
(9) *William Michael Watts, 38, of Plano, Texas (fugitive)
(10) *Logan L. Vig, 22, of Dallas, Texas
(11) *Arya Neal Behgooy, 33, of Plano, Texas
(12) *Christopher Wayne Sigler, 27, of Roanoke, Texas
(13) *Marcus William Wentrcek, 29, of Frisco, Texas
(14) *Valerian James Stock, 42, of New Orleans, Louisiana
(15) *Ricky J. Keele, 55, of Coppell, Texas
(16) *Dmitri Siiatski, 22, of Canada
(17) *Milos Vujanic, 29, of Eastern Europe
(18) Jennifer Jo Gilliland, 29, of Phoenix, Arizona
(19) Casimir A. Wojciechowski, a/k/a Casey, 56, of Illinois

The eight-count indictment also charges 15 of the defendants (*) with fraud and related activity in connection with electronic mail and aiding and abetting. Michael Blaine Faulkner is also charged with one count of obstruction – threatening a witness or informant; one count of obstruction – hiding assets; one count of obstruction – destruction of evidence; and one count of false registration of a domain name. Matthew Norman Simpson is also charged with one count of obstruction – destruction of evidence and one count of false registration of a domain name. Logan L. Vig and Milos Vujanic area also each charged with one count of obstruction – destruction of evidence. The indictment also includes a forfeiture allegation which would require that the defendants, upon conviction, forfeit any proceeds obtained, directly or indirectly, as a result of the offense.

The indictment alleges that from March 2003 through July 2009, the defendants conspired to defraud various telecommunications companies, including AT&T; Verizon; XO Communications; SMARTnet VOIP; Waymark Communications; the lessors of properties at 2020 Live Oak, 2323 Bryan Street and 1950 Stemmons Freeway, in Dallas; various financial institutions; leasing companies and creditors, including Wells Fargo, AT&T Capital Services, and the credit reporting agencies; and various other service providers, such as power companies, insurance companies, air-conditioning companies, web site developers, and others for goods and services amounting to more than $15 million.

The indictment further alleges, that as part of the conspiracy, the conspirators made false representations to obtain goods, such as computer and telecommunications equipment and infrastructure, to include racks to hold computer equipment, generators to provide power for the equipment, and office space to install the equipment, as well as services related to the operation and use of computers and telecommunications. The conspirators created, purchased and used shell companies to hide the true identity of the owners or operators of the companies, or the relationships between the companies. They also established P.O. Boxes, commercial remailer services, shell offices, apartments, or other physical locations to hide owners’ or operators’ identity or the relationships between the companies. They assumed multiple fake identities to hide true ownership of the shell companies and made materially false representations to their victims, by mail, fax, telephone, email, or other communications, to obtain goods and services from them.

A series of search warrants were conducted by FBI agents in March and April 2009 at Chastity and Michael Faulkner’s residence in Southlake, and at a Faulkner business, Crydon, located at 1950 Stemmons Freeway in Dallas. Searches were also conducted at Core IP, located at 2323 Bryant Street in Dallas, and at other related businesses.

An indictment is an accusation by a federal grand jury and a defendant is entitled to the presumption of innocence unless proven guilty. However, if convicted, the conspiracy charge carries a maximum statutory sentence of 30 years in prison and a $1 million fine. Each of the obstruction charges carries a maximum statutory sentence of 20 years in prison and a $250,00 fine. If a defendant is convicted on a felony and also on false registration of a domain name, the penalty for that felony conviction is doubled, or increased by seven years, whichever is less. Restitution could be ordered.

U.S. Attorney Jacks praised the investigative efforts of the FBI, as well as the assistance provided by the Texas Workforce Commission, the Texas Secretary of State, the Dallas Police Department, the Southlake Police Department, Dallas Sheriff’s Office, Ellis County Sheriff’s Office, the Duncanville Police Department, the Longview Police Department, the New Orleans Police Department, and the American Registry for Internet Numbers (ARIN).

Assistant U.S. Attorney C.S. Heath is in charge of the prosecution. The investigation is ongoing.

source: www.cybercrime.gov

Kyle Jeffrey Tschiegg, 39, of Sarasota, Florida was sentenced in United States District Court here today to 90 months imprisonment for emailing threats including threats to cause a candidate to drop out of a race for statewide office in Florida, hacking into email accounts of individuals and companies, and using stolen identity information to commit computer crimes.

Carter M. Stewart, United States Attorney for the Southern District of Ohio, and Keith L. Bennett, Special Agent in Charge, of the Cincinnati Division of the Federal Bureau of Investigation (FBI) announced the sentence handed down today by Senior United States District Court Judge James L. Graham.

Tscheigg pleaded guilty on September 4, 2009 to one count each of interstate transmission of threatening communications, interstate extortion, computer intrusion, and identity theft. On August 4, 2008, Tscheigg sent an email to a Columbus company he picked at random and two company employees threatening to “start shooting the whole place up, blowing your heads off…”

In part, Tscheigg’s email said, “I want to come to “RF” company in columbus and just start shooting the whole place up, blowing your heads off, and then I’m gonna go to “Pro” in sarasota and and kill all of them too, see ya soon!! Im looking forward to painting walls with brain matter:)”

A group of approximately 40 individuals and businesses received repeated email and telephone threats or harassment by Tschiegg. At one point, approximately 3500 email accounts were being copied on the threatening emails.

Tschiegg used several methods to conceal his identity online including using his laptop computer to access the Internet through neighbors’ unsecured, wireless networks in Sarasota. Tschiegg also hacked into a Florida state legislator’s email account in October 2008. He used personal information he found about the legislator on the Internet to reset the legislator’s password. Less than two weeks before the November 4, 2008 election, Tscheigg sent two emails threatening to injure the legislator, her family and supporters unless she withdrew from the race. Tscheigg has been in custody since FBI agents arrested him at his parents’ Sarasota home on February 12, 2009.

Stewart commended the investigation by FBI agents and investigators in the Sarasota County Sheriff’s Office, as well as Assistant U.S. Attorney Deborah A. Solove and Department of Justice Attorney Joseph Springsteen of the Computer Crime and Intellectual Property Section, who prosecuted the case. Stewart also acknowledged the assistance of Assistant U.S. Attorney Laurel Moore in the Middle District of Florida.

source: www.cybercrime.gov

WASHINGTON- Albert Gonzalez, 28, of Miami, pleaded guilty today to conspiring to hack into computer networks supporting major American retail and financial organizations, and to steal data relating to tens of millions of credit and debit cards, announced Assistant Attorney General of the Criminal Division Lanny A. Breuer, U.S. Attorney for the District of New Jersey Paul J. Fishman, U.S. Attorney for the District of Massachusetts Carmen Milagros Ortiz and Director of the U.S.
Secret Service Mark Sullivan.

Gonzalez, aka “segvec,” “soupnazi” and “j4guar17,” pleaded guilty to two counts of conspiracy to gain unauthorized access to the payment card networks operated by, among others, Heartland Payment Systems, a New Jersey-based card processor; 7-Eleven, a Texas-based nationwide convenience store chain; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain. The plea was entered in federal court in Boston before U.S. District Court Judge Douglas P. Woodlock.

The case is one of the largest data breaches ever investigated and prosecuted in the United States. According to information contained in the plea agreement, Gonzalez leased or otherwise controlled several servers, or “hacking platforms,” and gave access to these servers to other hackers, knowing that they would use them to store malicious software, or “malware,” and launch attacks against corporate victims. Malware used against several of the corporate victims was also found on a server controlled by Gonzalez. Gonzalez tested malware by running multiple anti-virus programs in an attempt to ascertain if the programs detected the malware. According to information in the plea
agreement, it was foreseeable to Gonzalez that his co-conspirators would use malware to steal tens of millions of credit and debit card numbers, affecting more than 250 financial institutions. Gonzalez
was indicted in New Jersey in August 2009 for this criminal conduct.
Based on the terms of the plea agreement, Gonzalez will not seek a prison term under 17 years and the government will not seek a prison term of more than 25 years. Gonzalez pleaded guilty in September 2009 in Boston to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft relating to hacks into numerous major U.S. retailers including TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority.

Gonzalez was indicted for those offenses in August 2008 in the District of Massachusetts. Gonzalez also pleaded guilty in September 2009 in Boston to one count of conspiracy to commit wire fraud relating to hacks into the Dave & Buster’s restaurant chain, which were the subject of a May 2008 indictment in the Eastern District of New York.

As part of the plea agreement with the government, the New Jersey case was transferred to the District of Massachusetts for plea and sentencing. According to the terms of the New Jersey plea agreement, the parties agree that Gonzalez’ sentence in the New Jersey case should run concurrently with the sentence imposed in the Boston and New York cases. Gonzalez remains in federal custody.

Sentencing in the Boston and New York cases is currently scheduled for March 18, 2010, in Boston. Sentencing in the New Jersey case is scheduled for March 19, 2010. “The Department of Justice will not allow computer hackers to rob consumers of their privacy and erode the public’s confidence in the security of the marketplace,” said Assistant Attorney General Breuer. “Criminals like Albert Gonzalez who operate in the shadows will be caught, exposed and held to account. Indeed, with timely reporting of data breaches and high-tech investigations, even the most sophisticated hacking rings can be uncovered and dismantled, as our prosecutors and agents demonstrated in this case.”

“Commercial hackers like Gonzalez believe they are immune from detection and prosecution as they lurk in the shadows of the Internet,” said U.S. Attorney Fishman of the District of New
Jersey. “But time and again they are caught, prosecuted and sentenced to lengthy federal prison terms. Other hackers should sit up and take notice.”

“The conviction of Mr. Gonzalez, and the unraveling of one of the most complex and large scale identity theft cases in history, should serve as a reminder to hacker organizations, that the Department of Justice will vigorously investigate and prosecute cybercrimes, regardless of their sophistication and global reach. Mr. Gonzalez’s conviction is the result of unprecedented coordination across agency and geographical lines, and I want to commend the investigators and
prosecutors who have worked tirelessly to bring this case to fruition,” said U.S. Attorney Ortiz of the District of Massachusetts.

“Today’s plea proves that although cyber criminals can threaten our nation’s financial sector, the Secret Service and its many partners around the world will pursue and prosecute them,” said U.S. Secret Service Director Sullivan. “Time and again, cooperation and advanced methodologies have allowed us to focus our resources in order to detect and prevent these types of crimes, wherever they
originate.”

The New Jersey case is being prosecuted by Assistant U.S. Attorneys Erez Liebermann and Seth Kosto of the District of New Jersey, Assistant U.S. Attorneys Stephen Heymann and Donald Cabell of the District of Massachusetts, and Senior Counsel Kimberly Kiefer Peretti of the Criminal Division’s Computer Crime and Intellectual Property Section. All of these cases are being investigated by the U.S. Secret Service.

source: www.cybercrime.gov

Sanchez, 47, who resides in The Bronx, was arrested at his home
without incident. This morning’s arrest follows an indictment returned on December 10 by a federal grand jury in Los Angeles that charges Sanchez with uploading the copyrighted “X-Men Origins: Wolverine to www.Megaupload.com last spring. The indictment was unsealed after Sanchez’ arrest this morning. Sanchez is expected to make his initial appearance today before a United States Magistrate Judge in New York.

The charge of uploading a copyrighted work to the Internet carries a statutory maximum penalty of three years in federal prison and a $250,000 fine or twice the gross gain or gross loss attributable to the offense, whichever is greater.

An indictment contains allegations that a defendant has committed a crime. Every defendant is presumed to be innocent until proven guilty in court. This case is the result of an investigation by the Federal Bureau of Investigation.