Internet activist,

programmer Aaron Swartz

dead at 26
(Reuters) - Internet activist and computer prodigy Aaron Swartz, who
helped create an early version of the Web feed system RSS and was
facing federal criminal charges in a controversial fraud case, has
committed suicide at age 26, authorities said on Saturday.

Police found Swartz’s body in his Brooklyn, New York, apartment on

Friday, according to a spokeswoman for the city’s chief medical
examiner, which ruled the death a suicide by hanging.

Swartz is widely credited with being a co-author of the specifications for

the Web feed format RSS 1.0, which he worked on at age 14, according
to a blog post on Saturday from his friend, science fiction author Cory
Doctorow.

RSS, which stands for Rich Site Summary, is a format for delivering to
users content from sites that change constantly, such as news pages and
blogs.
Over the years, he became an online icon for helping to make a virtual
mountain of information freely available to the public, including an
estimated 19 million pages of federal court documents from the PACER
case-law system.

“Information is power. But like all power, there are those who want to
keep it for themselves,” Swartz wrote in an online “manifesto” dated
2008.

“The world’s entire scientific and cultural heritage, published over

centuries in books and journals, is increasingly being digitized and
locked up by a handful of private corporations. ...haring isn’t immoral —
it’s a moral imperative. Only those blinded by greed would refuse to let
a friend make a copy,” he wrote.

That belief - that information should be shared and available for the
good of society - prompted Swartz to found the nonprofit group
DemandProgress.

The group led a successful campaign to block a bill introduced in 2011

in the U.S. House of Representatives called the Stop Online Piracy Act.
The bill, which was withdrawn amid public pressure, would have
allowed court orders to curb access to certain websites deemed to be
engaging in illegal sharing of intellectual property.

Swartz and other activists objected on the grounds it would give the
government too many broad powers to censor and squelch legitimate
Web communication.

But Swartz faced trouble in July 2011, when he was indicted by a federal
grand jury of wire fraud, computer fraud and other charges related to
allegedly stealing millions of academic articles and journals from a
digital archive at the Massachusetts Institute of Technology.

According to the federal indictment, Swartz - who was a fellow at

Harvard University’s Edmond J. Safra Center for Ethics - used MIT’s
computer networks to steal more than 4 million articles from JSTOR, an
online archive and journal distribution service.

JSTOR did not press charges against Swartz after the digitized copies of
the articles were returned, according to media reports at the time.

Swartz, who pleaded not guilty to all counts, faced 35 years in prison
and a $1 million fine if convicted. He was released on bond. His trial
was scheduled to start later this year.
On Saturday, online tributes to Swartz flooded across cyberspace.

“Aaron had an unbeatable combination of political insight, technical

skill and intelligence about people and issues,” Doctorow, co-editor of
the weblog Boing Boing, wrote on the site.

Doctorow wrote that Swartz had “problems with depression for many
years.”

Swartz also played a role in building the news-sharing website Reddit,

but left the company after it was acquired by Wired magazine owner
Conde Nast. Recalling that time of his life, Swartz described his
struggles with dark feelings.

In an online account of his life and work, Swartz said he became

“miserable” after going to work at the San Francisco offices of Wired
after Reddit was acquired.

“I took a long Christmas vacation,” he wrote. “I got sick. I thought of

suicide. I ran from the police. And when I got back on Monday morning,
I was asked to resign.”

Swartz also had been a fellow at a Harvard University research lab on

institutional corruption, according to his website.
Tim Berners-Lee, who is credited as the most important figure in the creation of the World
Wide Web, commemorated Swartz in a Twitter post on Saturday.

“Aaron dead,” he wrote. “World wanderers, we have lost a wise elder. Hackers for right,
we are one down. Parents all, we have lost a child. Let us weep.”

Boracay arrests tip of

the iceberg
ILOILO CITY—A deadly mix of cybercrime and drugs is at the core of the operations of what
could be a syndicate of foreigners whose existence surfaced in the resort island of Boracay
following arrests made by police.

Senior Insp. Jess Baylon, chief of the Boracay Tourist Assistance Center, said police are in
search for more foreigners believed to be involved in illegal drugs and cybercrime following the
arrests of 18 Taiwanese and seven Chinese nationals on Monday.
Baylon said he believed that those arrested are part of a bigger crime group as indicated by
documents obtained by police.

“We found passports of persons aside from those we arrested so more of them could be on the
island (Boracay) or [elsewhere] in the country,” Baylon told the Inquirer on Monday.
Lawyer Maria Antonette Mangrobang, spokesperson of the Bureau of Immigration (BI), said BI
agents recovered passports of 16 Chinese and three Taiwanese, aside from those arrested.
At least 20 policemen from different units arrested the foreigners, seven of them women, at a
two-story house in Sitio Bulabog in Barangay Balabag.
Authorities first arrested Lin Szu, a Taiwanese, after he sold a sachet of suspected “shabu”
(methamphetamine hydrochloride) to an undercover narc.
Policemen, who ran after Szu, subsequently discovered several telephones, computers, routers,
modems and other electronic gadgets at the house being rented by the foreigners.
The gadgets were installed at the ground floor of the two-story house.
Unidentified recruiter
Policemen also found substances believed to be cocaine and shabu. Pills, serums and syringes
were also found on the second floor.

The items were brought for testing at the crime laboratory at the Western Visayas police
headquarters in Iloilo City.
Also recovered from the house are lists of telephone numbers and bank account numbers
believed to be those of the syndicate’s targets in its cybercrime operations in China and other
countries.
Speaking through an interpreter, the foreigners told investigators that they were recruited to
work for an online gaming company.
They could not identify their recruiter, according to Baylon.
The foreigners, who all have tourist visas, entered the Philippines on different dates that started
on May 2, according to Mangrobang.
Yesterday, the BI said charges had been filed against the foreigners.
Those charged were identified as Taiwanese nationals Lin Szu Wei, Hsiao Chun-Huang, Zeng
Shao-Wei, Chang Chih-Chih, Fan Yu-Lung, Chen Jhih-Hong, Chou Yuan-Syun, Wu Pei-Yu,
Weng Wei-Chieh, Yang Shuang-Chuan, Wu Shau-Wei, Lien Yu-Ting, Sun Chia-Hui, Wang
Yung-Chun, Jhou Tian-You, Hong Gou-Siou, Chou Hsi-Ao, and Lo Li-Yin.
The Chinese nationals were identified as Zhou HognHua, Zeng Hui, Han FengShuang, He
Zonglong, Zhong Yuling, Wang Juan and Gong Chun.
Under surveillance
Investigators said they believed the group is involved in the distribution of illegal drugs and
fraudulent online banking transactions with fellow Taiwanese and Chinese nationals as victims.
Baylon said the house, where the foreigners were arrested, had been under surveillance after
operatives monitored boxes of gadgets being brought inside.
The foreigners, who presented themselves as tourists, also roused suspicions because they
rarely went out.
A Taiwanese couple rented the house for P120,000 a month but they were not present when
police made the arrests, Baylon said.
Police are keeping the foreigners in the house pending the filing of drug charges against them.
With report from Tina Santos in Manila

Customs taps Microsoft

in P170-M antihack move
BUREAU of Customs (BOC) commissioner Alberto Lina said the rising cases of cyber attacks
continued to compromise government data and cause revenue losses of up to P64 billion every
year for the agency.
The BOC expressed alarm as he acknowledged that up to 85 percent of the bureau’s IT system
“is compromised” and needs to be protected from all forms of cyber attacks.
In 2015, he said, the BOC suffered a P64-billion deficiency mostly due to activities traced to
cybercriminals.

In a countermove, the BOC has launched a partnership with IT giant Microsoft for the
digitization of the bureau’s systems and services and the integration of its cybersecurity
programs. The P170-million project will be implemented in the next three years.
According to Ferdie Saputil, director of Microsoft Public Sector, the company also engages
other government agencies to promote transparency and security of government data.
Lina said a common cybercrime activity affecting the agency involves identity theft, wherein
hackers posing as BOC agents try to obtain sensitive information about companies.
Lina said “we have already been breached, it’s no longer an issue of defense for our (IT)
system.”
“We need to fortify internal operations, clean it up and come up with programs to identify cyber
threats,” said Lina. “We cannot start small, we need to create the perimeter in our system.”

Russian man pleads guilty in Minnesota

computer fraud case
A Russian man has pleaded guilty in Minnesota in connection with a global
computer fraud case.
Forty-one-year-old Maxim Senakh, of Velikii Novgorod, Russia, pleaded guilty
Tuesday in federal court to conspiracy to violate the Computer Fraud and
Abuse Act and wire fraud.
Authorities say Senakh and his associates installed malware on tens of
thousands of computer servers worldwide to generate fraudulent payments for
themselves. Among other things, the malware was used in spam email
schemes — generating millions in revenue.
Senakh was indicted in 2015, arrested by Finnish authorities and extradited to
the U.S. to face charges.
Minneapolis FBI spokesman Craig Lisher says the case was handled in
Minnesota because the agency's cyber investigators were searching for threats
and found that Senakh was victimizing Minnesota citizens.
Hamza Bendelladj: Is the
Algerian hacker a hero?
Depending on who you ask, Hamza Bendelladj is either a Robin Hood-esque

hero or a cyber-age hoodlum.

The 27-year-old Algerian computer science graduate will be sentenced on

Tuesday in a ​US​ court for using a computer virus to steal money from more

than 200 American banks and financial institutions. He then reportedly gave

millions of dollars to Palestinian charities.

​ ATCH: Hacking Madrid

W
[25:00]

Bendelladj, who is alleged to be the co-creator of a banking trojan horse called

SpyEye, was indicted in absentia by US authorities in 2011. The program - a

malware toolkit that saw its popularity peak between 2009 and 2011 - is

believed to have infected more than 1.4 million computers in the US and

elsewhere, according to Wired, a San Francisco-based technology magazine.

The software enabled users to steal login information for online financial

accounts, which they then pillaged.

On Tuesday, Bendelladj, who hails from Tizi Ouzou in ​Algeria​, will be

sentenced in court in the US state of Georgia. He has already pleaded guilty

and faces a prison sentence of ​more than 65 years and up to $14m in fines​,

according to the US Department of Justice.

RELATED: 'Professional hacking' company suffers data breach

It took two years for Bendelladj, known in the online world as Bx1, to be

apprehended. Authorities in ​Thailand​ arrested him on their soil and

extradited him to the US in 2013. He was dubbed the "happy hacker" because

he was photographed smiling as he was taken into custody at Bangkok's

Suvarnabhumi Airport.

American law enforcement officers identified Bendelladj when he allegedly

sold a copy of the SpyEye virus to an undercover officer for $8,500.

"Bendelladj's alleged criminal reach extended across international borders,

directly into victims' homes," said US attorney Sally Quillian Yates, on May 3,

2013, on the same day Bendelladj's ​23-count indictment​ was revealed. It

included charges related to wire, bank, and computer fraud.

 In a cyber-netherworld, he allegedly commercialised the wholesale theft of financial and personal
information through this virus, which he sold to other cyber-criminals.

Sally Quillian Yates, US attorney

"In a cyber-netherworld, he allegedly commercialised the wholesale theft of

financial and personal information through this virus, which he sold to other

cyber-criminals," Yates said.

According to court documents, between 2009 and 2011, Bendelladj and others

developed, marketed and sold various versions of the SpyEye virus to

cyber-criminals, which allowed them to obtain passwords, usernames and

credit card information. US authorities say he mostly advertised SpyEye on a

computer ​hacking​ forum known as Darkode.

US authorities say Bendelladj and other SpyEye users were responsible for

building a huge network, or "botnet", of infected computers that they regularly

hijacked for financial and personal information. Bendelladj is also accused of

using the information gathered to steal money from banks.

While the court documents make no references as to how the cash was spent,

several reports online claimed that Bendelladj used the money to fund various

Palestinian charities - information that made him a hero in the eyes of many.

Death sentence rumors

Following his extradition, rumours began to circulate online that Bendelladj

was facing the death penalty for his crimes, and his supporters ​began a

campaign​ asking for his life to be spared. In August, a user writing under the

Twitter handle @Hassan_JBr wrote: "Algerian hero is 1/10 most dangerous

hackers. Hacked 217 banks, sent $280,000,000 to Palestine. His sentence?

death." His message garnered​ more than 4,500 re-tweets​.

US authorities refuted the widely publicised claims; even the US ambassador

to Algeria, Joan Polaschik, tweeted in French that "computer crimes are not

capital [ones] and are not punishable by the death penalty".

Since Bendelladj incarceration, US law enforcement officers said they have

dismantled Darkode and have filed criminal charges against a dozen

individuals associated with the forum.

"This is a milestone in our efforts to shut down criminals' ability to buy, sell,

and trade malware, botnets, and personally identifiable information used to

steal from US citizens and individuals around the world," said FBI Deputy

Director Mark Giuliano.

Despite his admission of guilt, Bendelladj supporters continue to ​hack various

websites​ across the world, including, of late, Air France and a Virginia-based

university, calling for his release using the hashtags #FreeHamzaBendellaj

and #FreePalestine.

According to Martin Libicki, the author of Cyberdeterrence and Cyberwar, the

fight against online hackers such as Bendelladj will be a long one.

"Cybercrime is still an attractive proposition for someone who is clever and

has a tolerance for [ignoring] risk," he told Al Jazeera. "In the long run,

bringing the losses to cybercrime down to tolerable levels will have to depend

on provisions that are made in the architecture of computing and the

architecture of banking [and other money-handling industries]."

 Woman first to be charged under 
Anti-Cybercrime Law 

MANILA - A woman has been indicted for computer fraud in the first such case
under the Philippines' controversial cybercrime law, justice department records
showed Sunday.

Karla Martinez Ignacio could face up to six years in jail if found guilty of transferring
thousands of dollars to her bank account using fraudulent computer data.

She was indicted by a prosecutor in the city of Las Pinas, outside Manila, and is set
to be charged under the Philippines' Cybercrime Prevention Act.

The law is designed to stamp out online scourges like fraud, identity theft and child
pornography, but critics say it could be used to stifle dissent as it imposes heavy
prison terms for online libel.

Facebook and Twitter have become popular ways of organising major political
street protests in the Philippines.

The law was passed in 2012 but its implementation was suspended after coming
under challenge from various groups.
‘Hacker’ of Comelec
website arrested
MANILA — The alleged hacker of the Commission on Elections website was
arrested on Wednesday night and is now in the custody of the National Bureau of
Investigation Cybercrime Division.
NBI Director Virgilio Mendez said the suspect was apprehended somewhere in
Metro Manila after weeks of digital and human surveillance.
A press conference will be called later this morning about the arrest of the suspect,
according to Mendez.
The Comelec website was defaced last March 28 by a group of hacktivists who
identified themselves as the Anonymous Philippines.

Widow loses P30M to

foreigners in cyber fraud
ILOILO CITY — Loida (not her real name) met “Stephen Desmond Nelson” in
an online dating site in March last year.
Nelson told Loida that he was an American based in Chicago and was engaged
in an oil-related business in Malaysia. The two continued their online liaison
until the relationship turned romantic.
Nelson soon convinced Loida, a 52-year-old widow based on Guimaras Island,
to partner in an expansion venture in the Philippines. The venture would
require capitalization amounting to P500 million which he promised to
deposit in Loida’s bank accounts.

ADVERTISEMENT

Loida gave him details of her six bank accounts, including her automated
teller machine cards, which had total deposits reaching about P10 million,
mostly joint earnings with her deceased British husband.
When Loida checked the progress in the transfer of funds, Nelson told her to
send P260,000 to Malaysia to cover processing and other expenses.
After two months and upon Loida’s prodding, Nelson told her he was having
difficulties transferring the money and had hired an agency to facilitate the
transaction. But he again asked Loida to send a total of P7 million to cover
expenses.
This was repeated several times. In January, Loida discovered that her six
bank accounts were almost empty.
Loida said she had sent about P20 million, through money transfer
companies, to Nelson since they met in March last year. The amount did not
include the P10 million that was withdrawn from her account.
She sold or pawned two vehicles, a resort, boarding houses in Mindanao and
Metro Manila, and other properties so she could send money to Malaysia.
Realizing that she was duped, she sought the help of the National Bureau of
Investigation in Western Visayas region.
NBI agents subsequently set three entrapment operations at a shopping mall
here last week for five people supposedly sent by Nelson to receive another P8
million from Loida.

Three Romanian Nationals

Indicted in $4 Million Cyber
Fraud Scheme that Infected at
 Least 60,000 Computers and
Sent 11 Million Malicious Emails
A 21-count indictment was unsealed today charging three Romanian nationals for operating a cyber fraud
conspiracy in which they infected between 60,000 and 160,000 computers, sent out 11 million malicious
emails and stole at least $4 million.

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S.
Attorney Carole S. Rendon of the Northern District of Ohio and Special Agent in Charge Stephen D.
Anthony of the FBI’s Cleveland Division made the announcement.

Bogdan Nicolescu, 34, Tiberiu Danet, 31, and Radu Miclaus, 34, were extradited to the United States this
week after being taken into custody in their native Romania earlier this year. They were each charged
with 12 counts of wire fraud, as well as one count each of conspiracy to commit wire fraud, conspiracy to
traffic in counterfeit service marks, aggravated identity theft, conspiracy to commit money laundering and
conspiracy to violate the Computer Fraud and Abuse Act.

“This case illustrates the sophistication and determination with which cyber criminals seek to harm
Americans and American businesses from abroad,” said Assistant Attorney General Caldwell. “But our
response demonstrates that, with effective international cooperation, we can track these criminals down
and make sure they face justice, no matter where or how they try to hide.”

“These defendants stole millions of dollars from people in the United States through a sophisticated fraud
conspiracy they operated in Eastern Europe,” said U.S. Attorney Rendon. “Cybercrime is an ever-growing
threat. We will continue to work with both our partners in law enforcement and in the private sector to
evolve with the threat and protect our networks and national security.”

“This indictment and subsequent arrests reveal the dynamic landscape in which international criminals
utilize sophisticated cyber methods to take advantage of and defraud unsuspecting victims,” said Special
Agent in Charge Anthony. “Despite the complexity and global character of these investigations, these
arrests demonstrate the commitment by the FBI and our partners to aggressively pursue these individuals
and bring justice to the victims.”

According to the indictment, Nicolescu, Danet and Miclaus collectively operated a criminal conspiracy
from Bucharest, Romania, which began at least as early 2007 with the development of proprietary
malware used to infect and control more than 60,000 computers, primarily in the United States. The
co-conspirators allegedly used the computers to harvest personally identifiable information, such as credit
card information, user names and passwords; disable malware protection; and solve complex algorithms
to accrue valuable cryptocurrency for the financial benefit of the group, a process known as
cryptocurrency mining.

To spread their malware, the defendants allegedly activated files that forced infected computers to register
a total of over 100,000 email accounts with public email providers, according to the indictment. The
co-conspirators sent a total of more than 11 million emails containing the malware from these accounts to
email contacts copied from victim computers. When victims with infected computers visited websites
such as Facebook, PayPal or eBay, the co-conspirators would redirect the computers to a nearly identical
website they had created to steal account credentials. The defendants then used stolen credit card
information to fund their criminal infrastructure while concealing their identities.

In addition, the indictment alleges that the defendants placed more than 1,000 fraudulent listings for
automobiles, motorcycles and other high-priced goods on eBay and similar auction websites. Photos of
the items were allegedly infected with malware, which, when clicked, redirected victims to fictitious
webpages designed by the co-conspirators to resemble legitimate eBay pages. The fictitious webpages
prompted users to pay for their goods through a nonexistent “eBay Escrow Agent,” and payments would
then be funneled back to the co-conspirators. This scheme allegedly resulted in at least $4 million –
though the actual total may be tens of millions more – in losses to victims, which the defendants
laundered through wire transfers under the names of fictitious companies and then collected and
delivered to the co-conspirators by “money mules.”

An indictment is merely an allegation and the defendants are presumed innocent unless and until proven
guilty beyond a reasonable doubt in a court of law.

The FBI investigated the case with assistance from the Romanian National Police. Senior Counsel Brian
Levine of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S.
Attorneys Duncan T. Brown and Om Kakani of the Northern District of Ohio are prosecuting the case.
The Criminal Division’s Office of International Affairs provided substantial assistance in this matter.

Manhattan U.S. Attorney Announces Arrest Of Macau

Resident And Unsealing Of Charges Against Three
Individuals For Insider Trading Based On Information
Hacked From Prominent U.S. Law Firms

Iat Hong Arrested On December 25 In Hong Kong On U.S. Insider Trading And
Hacking Charges; In Addition To Successful Cyber Intrusions Into Two Law
Firms, Defendants Charged With Attempting To Hack Into Total Of Seven Law
Firms

Preet Bharara, the United States Attorney for the Southern District of New York, and William F.
Sweeney Jr., the Assistant Director-in-Charge of the New York Field Office of the Federal Bureau of
Investigation (“FBI”), announced the arrest of IAT HONG and the unsealing today of a 13-count
superseding indictment charging HONG, BO ZHENG, and CHIN HUNG (the “Defendants”). The
Defendants are charged with devising and carrying out a scheme to enrich themselves by obtaining
and trading on material, nonpublic information (“Inside Information”), exfiltrated from the
networks and servers of multiple prominent U.S.-based international law firms with offices in New
York, New York (the “Victim Law Firms”), which provided advisory services to companies engaged in
corporate mergers and acquisitions (“M&A transactions”). The defendants targeted at least seven
law firms as well as other entities in an effort to unlawfully obtain valuable confidential and
proprietary information. HONG, a resident of Macau, was arrested on these charges on December
25, 2016, in Hong Kong and is now pending extradition proceedings. HONG was presented for an
initial appearance on December 26, 2016, before a Judge in Hong Kong and is expected to have his
next court appearance on January 16, 2017.

As alleged, from April 2014 through late 2015, the Defendants successfully obtained Inside
Information from at least two of the Victim Law Firms (the “Infiltrated Law Firms”) by causing the
networks and servers of these firms to be hacked. Once the Defendants obtained access to the law
firms’ networks, the Defendants targeted email accounts of law firm partners who worked on
high-profile M&A transactions. After obtaining emails containing Inside Information, the
Defendants purchased stock in the target companies of certain transactions, which were expected to,
and typically did, increase in value once the transactions were announced. The Defendants
purchased shares of at least five publicly-traded companies before public announcements that those
companies would be acquired, and sold them after the acquisitions were publicly announced,
resulting in profits of over $4 million. In each case, one of the two Infiltrated Law Firms represented
either the target or a contemplated or actual acquirer in the transaction.

Manhattan U.S. Attorney Preet Bharara said: “As alleged, the defendants – including Iat Hong, who
was arrested in Hong Kong on Christmas Day – targeted several major New York law firms,
specifically looking for inside information about pending mergers and acquisitions. They allegedly
hacked into two prominent law firms, stole the emails of their M&A partners, and made over $4
million in illegal profits. This case of cyber meets securities fraud should serve as a wake-up call for
law firms around the world: you are and will be targets of cyber hacking, because you have
information valuable to would-be criminals.”

FBI Assistant Director-in-Charge William F. Sweeney Jr. said: “The subjects charged in this case
allegedly stole nonpublic information through unauthorized access to law firms’ computers, and used
the information for their own personal gain. The FBI works around the clock to keep these types of
alleged securities fraudsters and cyber criminals from trading on stolen information, potentially
manipulating the market at the cost of legitimate investors, and harm to corporations.”

According to the allegations contained in the superseding indictment (the “Indictment”)​[1]​:

The Law Firm-1 Hack and Insider Trading

At all times relevant to the Indictment, Law Firm-1 was a U.S.-based international law firm with
offices in New York, New York, which, among other services, provided advisory services to
companies engaged in M&A transactions.

The Contemplated Intermune Transaction

In June 2014, Law Firm-1 was retained by a company not named in the Indictment (the “Company”)
in connection with a contemplated acquisition of Intermune, a publicly traded U.S.-based drug
maker (the “Contemplated Intermune Transaction”). A partner in the M&A group at Law Firm-1
(“Partner-1”) was an attorney working on the Contemplated Intermune Transaction.

Beginning on July 21, 2014, the Defendants began exchanging emails concerning, among other
things, particular M&A partners at Law Firm-1. In addition, on or about July 29, 2014, HONG
emailed HUNG a list of eleven partners at Law Firm-1, including Partner-1.

Also beginning about July 2014, the Defendants, without authorization, caused one of Law Firm-1’s
web servers (the “Law Firm-1 Web Server”) to be accessed by using the unlawfully obtained
credentials of a Law Firm-1 employee. The Defendants then caused malware to be installed on the
Law Firm-1 Web Server. The access to the Law Firm-1 Web Server allowed unauthorized access to at
least one of Law Firm-1’s email servers (the “Law Firm-1 Email Server”), which contained the emails
of Law Firm-1 employees, including Partner-1.

Between about August 1 and August 15, 2014, Partner-1 was privy to Inside Information about the
Contemplated Intermune Transaction. For example, on more than one occasion between August 7
and August 15, 2014, Partner-1 obtained information, including via email, about details of the
proposed transaction, including the price per share the Company was considering offering to acquire
Intermune.

Between about August 1 and August 9, 2014, the Defendants caused more than 40 gigabytes of
confidential data to be exfiltrated from the Law Firm-1 Email Server over the course of at least eight
days.

On August 13, 2014, during the time Law Firm-1 was advising the Company on the Contemplated
Intermune Transaction and after the Defendants had obtained access to confidential email data
maintained at Law Firm-1, HONG used the Inside Information to purchase 7,500 shares of
Intermune stock for certain trading accounts (the “Trading Accounts”). Prior to that date, none of
the Trading Accounts had purchased any shares of Intermune. Later that day, HONG purchased an
additional 1,000 shares of Intermune stock in the Trading Accounts.
On August 16 and 17, 2014, the Defendants exploited their continued unauthorized access to email
data belonging to Law Firm-1 by exfiltrating approximately 10 gigabytes of confidential data from the
Law Firm-1 Email Server. Between about August 18 and August 21, 2014, HONG and ZHENG used
the Inside Information to purchase additional Intermune shares in the Trading Accounts on at least
five occasions, totaling an additional 9,500 shares of Intermune stock.

The Contemplated Intermune Transaction was never consummated. Instead, before the market
opened on Monday, August 25, 2014, Intermune announced that it had reached an agreement to be
acquired by Roche AG, a German company. On that day, Intermune’s share price increased by
approximately $19 per share, or approximately 40 percent from the closing price on Friday, August
22, 2014, the last prior trading day. That same day, August 25, 2014, the Defendants sold the 18,000
shares that they had begun acquiring twelve days earlier for profits of approximately $380,000.

The Intel-Altera Transaction

In January 2015, Law Firm-1 was retained by Intel Corporation (“Intel”), a publicly traded
multinational technology company, in connection with a contemplated acquisition of Altera
Corporation (“Altera”), a publicly traded integrated circuit manufacturer (the “Intel-Altera
Transaction”). As with the Contemplated Intermune Transaction, Partner-1 was an attorney working
on the Intel-Altera Transaction.

Between January and about March 27, 2015, Partner-1 was privy to Inside Information about the
Intel-Altera Transaction. On several occasions during this time period, Partner-1 obtained
confidential information about the contemplated transaction via email. For example, on January 29,
2015, Partner-1 received an email with deal terms, including the proposed price per share to
purchase Altera.

Between January 13, 2015, in the same month that Law Firm-1 was retained by Intel to advise on the
Intel-Altera Transaction, and about February 10, 2015, the Defendants caused approximately 2.8
gigabytes of confidential data to be exfiltrated from the Law Firm-1 Email Server.

Beginning February 17, 2015, during the time Law Firm-1 was advising Intel and after the
Defendants had obtained access to confidential email data maintained at Law Firm-1, the Defendants
used the Inside Information to purchase shares of Altera stock in the Trading Accounts. Prior to that
date, none of the Trading Accounts had purchased any shares of Altera.

To further effectuate their insider trading scheme, between February 17 and March 27, 2015, one or
more of the Defendants used the Inside Information to purchase additional shares of Altera stock in
the Trading Accounts on at least 26 occasions, ultimately purchasing more than 210,000 shares.
On March 27, 2015, a financial newspaper published an article reporting on confidential merger
discussions between Intel and Altera (the “March 27 Newspaper Article”). Following the publication
of the article, on March 27, 2015, Altera’s share price increased $9 per share, or approximately 26
percent, from Altera’s share price on March 27, 2015, just prior to the March 27 Newspaper Article.
On April 10 and April 13, 2015, the Defendants sold all of their shares of Altera stock for a profit of
approximately $1.4 million.

The Law Firm-2 Hack and Insider Trading

At all times relevant to this Indictment, Law Firm-2 was a U.S.-based international law firm with
offices in New York, New York, which, among other services, provided advisory services to
companies engaged in M&A transactions.

The Pitney Bowes-Borderfree Transaction

In December 2014, Law Firm-2 was retained by Pitney Bowes Inc., a publicly traded international
business services company, in connection with a contemplated acquisition of Borderfree, Inc., a
publicly traded e-commerce company headquartered in New York, New York (the “Pitney
Bowes-Borderfree Transaction”). A partner in the M&A group at Law Firm-2 (“Partner-2”) was an
attorney who worked on the Pitney Bowes-Borderfree Transaction.

Beginning about April 7, 2015, after Law Firm-2 had been retained to advise Pitney Bowes, the
Defendants, without authorization, caused one of Law Firm-2’s web servers (the “Law Firm-2 Web
Server”), located in New York, New York, to be accessed by using the unlawfully obtained credentials
of a Law Firm-2 employee. The Defendants then caused malware to be installed on the Law Firm-2
Web Server. The malware on the Law Firm-2 Web Server allowed unauthorized access to at least one
of Law Firm-2’s email servers, also located in New York, New York (the “Law Firm-2 Email Server”),
which contained the emails of Law Firm-2 attorneys, including Partner-2.

Between about April 8 and July 31, 2015, the Defendants then caused approximately seven gigabytes
of confidential data to be exfiltrated from the Law Firm-2 Email Server over the course of at least six
days.

Beginning April 29, 2015, hours after the Defendants had caused data from the Law Firm-2 Email
Server to be exfiltrated, HONG and HUNG used the Inside Information to purchase shares of
Borderfree stock for the Trading Accounts. Prior to that date, none of the Trading Accounts had
purchased any shares of Borderfree stock. To further effectuate their insider trading scheme,
between April 29 and May 5, 2015, HONG and HUNG used the Inside Information to purchase
additional shares of Borderfree in the Trading Accounts on at least five occasions. In total, HONG
and HUNG used the Inside Information to purchase 113,000 shares of Borderfree.

On May 6, 2015, the Pitney Bowes-Borderfree Transaction became public. On that day, Borderfree’s
stock price increased by approximately $7 per share, or 105 percent, from the previous day’s closing
price. On May 18, 2015, HONG and HUNG sold their Borderfree shares, earning a profit of
approximately $841,000.

Additional Insider Trading and Attempted Insider Trading Based on Inside

Information Hacked from the Infiltrated Law Firms

In addition to trading on Inside Information in connection with the Contemplated Intermune

Transaction, the Intel-Altera Transaction, and the Pitney Bowes-Borderfree Transaction, detailed
above, the Defendants carried out their scheme to enrich themselves by obtaining and trading on the
basis of Inside Information exfiltrated from the networks and servers of the Infiltrated Law Firms
concerning at least 10 additional M&A transactions, including certain M&A transactions that were
contemplated but never consummated. Several of these M&A transactions involved Partner-1 or
Partner-2. In total, as a result of trading on Inside Information, the Defendants enriched themselves
by at least $4 million.

Attempts to Hack Other Victim Law Firms

In addition to obtaining and trading on Inside Information concerning M&A transactions exfiltrated
from the networks and servers of the Infiltrated Law Firms, the Defendants repeatedly attempted to
cause unauthorized access to the networks and servers of five other Victim Law Firms using means
and methods similar to those used to successfully access the Infiltrated Law Firms. For example,
between March and September 2015, the Defendants attempted to cause unauthorized access to the
networks and servers of these law firms on more than 100,000 occasions.

The Robotics Company Intrusions

At certain relevant times, the Defendants were also involved in a start-up robotics company (the
“Robotics Company”), started by ZHENG, the defendant, which was engaged in the business of
developing robot controller chips and providing control system solutions. HONG and HUNG were
also involved in running the Robotics Company.

Between April 2014 and late 2015, in addition to their efforts to hack the Victim Law Firms’ networks
and servers during this period, the Defendants also caused confidential information to be exfiltrated
from the networks and servers of two robotics companies (the “Robotics Company Victims”) using
substantially similar means and methods of exfiltration as were used to access and attempt to access
and exfiltrate information from the Victim Law Firms. Specifically, certain of the same servers that
were used to carry out the hacks and attempted hacks of the Victim Law Firms were used to carry out
hacks of the Robotics Company Victims. Among other confidential information, the Defendants
obtained confidential and proprietary information concerning the technology and design of
consumer robotic products, including detailed and confidential proprietary design schematics.
Following these exfiltrations from the Robotics Company Victims, the Defendants exchanged emails
containing certain of the confidential information they had caused to be exfiltrated from the Robotics
Company Victims, including the proprietary schematics.

Defendants and Charges

HONG, 26, and HUNG, 50, are residents of Macau. ZHENG, 30, is a resident of Changsha, China.
HONG was arrested on December 25, 2016, in Hong Kong and is now pending extradition
proceedings. The defendants are charged with the following offenses, which carry the maximum
prison terms listed below. The statutory maximum penalties are prescribed by Congress and are
provided here for informational purposes only, as any sentencings of the defendants would be
determined by the judge.

Maximum Prison
Count Defendants Charge
Term

Conspiracy to Commit
One HONG, ZHENG, HUNG Securities Fraud: Insider 5 years
Trading

Securities Fraud: Insider

Two HONG 20 years
Trading – Intermune

Securities Fraud: Insider

Three ZHENG 20 years
Trading – Intermune
 Securities Fraud: Insider
Four HONG 20 years
Trading – Altera

Securities Fraud: Insider

Five HUNG 20 years
Trading – Altera

Securities Fraud: Insider

Six ZHENG 20 years
Trading - Altera

Securities Fraud: Insider

Seven HONG 20 years
Trading - Borderfree

Securities Fraud: Insider

Eight HUNG 20 years
Trading - Borderfree

Conspiracy to Commit
Nine HONG, ZHENG, HUNG 20 years
Wire Fraud

Ten HONG, ZHENG, HUNG Wire Fraud 20 years

Conspiracy to Commit
Eleven HONG, ZHENG, HUNG 5 years
Computer Intrusion
 Computer Intrusion –
Twelve HONG, ZHENG, HUNG Unlawful Access – Law 10 years
Firm-2

Computer Intrusion –
Thirteen HONG, ZHENG, HUNG Intentional Damage – 10 years
Law Firm-2

* * *

Mr. Bharara praised the investigative work of the FBI, and thanked the Securities and Exchange
Commission for their assistance. Mr. Bharara also thanked the Office of International Affairs and
Hong Kong law enforcement for their assistance in the arrest and apprehension of HONG. He added
that the investigation is continuing.

The charges were brought in connection with the President’s Financial Fraud Enforcement Task
Force. The task force was established to wage an aggressive, coordinated and proactive effort to
investigate and prosecute financial crimes. With more than 20 federal agencies, 94 U.S. attorneys’
offices, and state and local partners, it is the broadest coalition of law enforcement, investigatory and
regulatory agencies ever assembled to combat fraud. Since its formation, the task force has made
great strides in facilitating increased investigation and prosecution of financial crimes; enhancing
coordination and cooperation among federal, state and local authorities; addressing discrimination
in the lending and financial markets; and conducting outreach to the public, victims, financial
institutions and other organizations. Since fiscal year 2009, the Justice Department has filed over
18,000 financial fraud cases against more than 25,000 defendants. For more information on the
task force, please visit ​www.StopFraud.gov​.

This case is being handled by the Office’s Securities and Commodities Fraud Task Force and the
Complex Frauds and Cybercrime Unit. Assistant U.S. Attorneys Andrea M. Griswold, Daniel B.
Tehrani, and Kristy J. Greenberg are in charge of the prosecution.

The allegations contained in the Indictment are merely accusations, and the defendants are
presumed innocent unless and until proven guilty.
 Citizen of China Who Attempted Illegal Export of Advanced
Military Computer Chips is Sentenced

Deirdre M. Daly, United States Attorney for the District of Connecticut, and Mary B. McCord, Acting
Assistant Attorney General for National Security, announced that JIANG YAN, 34, of Shenzhen,
China, was sentenced today by U.S. District Judge Robert N. Chatigny in Hartford to approximately
12 months of imprisonment, time already served, for attempting to purchase and export to China
without a required license certain sophisticated integrated circuits used in military satellites and
missiles, and for conspiring to sell counterfeits of those same integrated circuits to a purchaser in the
United States.

According to court documents and statements made in court, YAN, Xianfeng Zuo, and Daofu Zhang
each operated businesses in China that bought and sold electronic components, including integrated
circuits (“ICs”). In the summer of 2015, Zuo asked YAN to locate and purchase several advanced ICs
made by Xilinx Corp., which owing to their radiation tolerance for uses in space, have military
applications in missiles and surveillance satellites. YAN then asked a U.S. individual to locate the
Xilinx ICs and sell them to YAN. The U.S. individual explained that the ICs cannot be shipped
outside the U.S. without an export license, but YAN still wished to make the purchase. When the
U.S. individual expressed concern that the desired ICs would have to be stolen from military
inventory, YAN proposed to supply the U.S. source with “fake” ICs that “look the same,” to replace
the ones to be stolen from the military.

In November 2015, Zhang shipped from China, to the U.S. individual, two packages containing a
total of eight counterfeit ICs, each bearing a counterfeit Xilinx brand label. After further discussions
between YAN and the U.S. individual, YAN, Zhang, and Zuo flew together from China to the U.S. in
early December 2015 to complete the Xilinx ICs purchase.

On December 10, 2015, the three conspirators drove to a location near Route 95 in Milford,
Connecticut, where they planned to meet the U.S. individual, make payment, and take custody of the
Xilinx ICs. Federal agents arrested all three at the meeting location.

YAN has been detained since his arrest. On March 7, 2016, he pleaded guilty to one count each of
conspiracy to traffic in counterfeit goods, and attempted unlicensed export of export-controlled
items.

As part of his sentence, YAN was ordered to forfeit $63,000 in cash seized incident to his arrest.
YAN will be transferred to the custody of the Department of Homeland Security and deported to
China.

Zhang and Zuo also pleaded guilty. They were each sentenced to 15 months of imprisonment on July
8, 2016, and November 4, 2016, respectively.

This matter was investigated by the Defense Criminal Investigative Service, the Department of
Homeland Security, the Department of Commerce, the Federal Bureau of Investigation, and the Air
Force Office of Special Investigations. The case was prosecuted by Assistant U.S. Attorney Henry
Kopel and National Security Division’s Counterintelligence and Export Control Section Trial
Attorneys Casey Arrowood and Thea Kendler.

Bahamas Man Sentenced To 5 Years In Prison For Cyber

Hacking Scheme To Steal Celebrities’ Personal And
Copyrighted Information

Preet Bharara, the United States Attorney for the Southern District of New York, announced that
ALONZO KNOWLES, a/k/a “Jeff Moxey,” was sentenced today to five years in prison for criminal
copyright infringement of scripts of movies and television shows that had not yet aired, as well as
theft of personally identifiable information, all of which KNOWLES obtained by hacking into the
email accounts of numerous individuals in the entertainment, sports, and media industries.
KNOWLES pled guilty on May 9, 2016, before U.S. District Judge Paul A. Engelmayer, who imposed
today’s sentence.

Manhattan U.S. Attorney Preet Bharara said: “Alonzo Knowles hacked into the private emails of
entertainment and sports celebrities, stole personal information and property, including unreleased
movie and television scripts, and attempted to sell them to the highest bidder. For his frightful
violation of privacy, Knowles has been sentenced to substantial term of imprisonment.”

According to the Indictment, other documents filed in Manhattan federal court, and statements
made at various proceedings in this case, including the guilty plea:

KNOWLES unlawfully accessed the personal email accounts of numerous individuals in the
entertainment, sports, and media industries (the “Victims”). As a result of this hacking scheme,
KNOWLES obtained Victims’ copyrighted and confidential documents, including scripts of movies
and television shows that had not yet been publicly released, personal identifying information such
as Social Security numbers, and private sexually explicit photographs and videos.
Over the course of two weeks in December 2015, KNOWLES and an undercover law enforcement
agent (the “UC”) communicated about the stolen materials KNOWLES sought to sell to the UC.
KNOWLES claimed to the UC that he had “exclusive content” that was “really profitable” and worth
“hundreds of thousands of dollars.” KNOWLES stated that he obtained the material directly from
the Victims without their knowledge, and claimed to be able to acquire such material from at least
some of the approximately 130 Victims whose email addresses and phone numbers he had in his
possession.

On December 21, 2015, KNOWLES met with the UC in New York, New York. During their meeting,
KNOWLES described two methods he used to hack each Victim’s email account. The easier method
involved sending a virus to the Victim’s computer that would enable KNOWLES to access it. The
more difficult method involved KNOWLES sending a false hacking notification to the Victim and
asking the Victim for his passcodes. Once KNOWLES had used the Victim’s passcodes to
successfully access the Victim’s email account, KNOWLES, unbeknownst to the Victim, would
change the settings in the Victim’s email account in order to continue to access to the email account.
In order to avoid detection from the Victim, KNOWLES would delete notifications from the email
service provider regarding changes to the settings of the Victim’s email account. On December 21,
2015, KNOWLES attempted to sell numerous movie and television scripts and personally identifiable
information that he had unlawfully obtained from the Victims to the UC in exchange for thousands of
dollars, whereupon KNOWLES was arrested.

KNOWLES possessed a laptop computer in the Bahamas (the “Computer”), which he did not bring to
New York in December 2015. According to KNOWLES, the Computer contained confidential
information, which he obtained via hacking, relating to various celebrities. KNOWLES intended to
sell this confidential information after serving a prison term for the instant offense. After his arrest
in December 2015 and before his sentencing, KNOWLES stated in his prison correspondence that he
was willing to serve additional time in prison in order to retain the Computer. Pursuant to a Consent
Preliminary Order of Forfeiture issued by Judge Engelmayer, KNOWLES produced a laptop
computer to a court-appointed receiver, which the receiver concluded was the Computer containing
stolen materials at issue in this case. Pursuant to Judge Engelmayer’s order, KNOWLES’s laptop has
been subsequently destroyed.

* * *

In addition to the prison term, KNOWLES, 24, of Freeport, Bahamas, was ordered to pay a $200
special assessment. A money judgment in the amount of $1,982.71 was also entered, and the
defendant’s right, title, and interest in specific property seized by the Department of Homeland
Security – including copyrighted materials, personally identifiable information of others, sexually
explicit content of others, an iPad, and a phone – were ordered to be forfeited to the United States.

Mr. Bharara praised the investigative work of the Department of Homeland Security.
The prosecution of this case is being handled by the Office’s Complex Frauds and Cybercrime Unit.
Assistant United States Attorney Kristy J. Greenberg is in charge of the prosecution.

‘AVALANCHE’ NETWORK DISMANTLED

IN INTERNATIONAL CYBER OPERATION

On 30 November 2016, after more than four years of investigation, the Public
Prosecutor’s Office Verden and the Lüneburg Police (Germany) in close
cooperation with the United States Attorney’s Office for the Western District of
Pennsylvania, the Department of Justice and the ​FBI​, ​Europol​, ​Eurojust​ and
global partners, dismantled an international criminal infrastructure platform
known as ‘Avalanche’.
The Avalanche network was used as a delivery platform to launch and
manage mass global malware attacks and money mule recruiting campaigns.
It has caused an estimated EUR 6 million in damages in concentrated
cyberattacks on online banking systems in Germany alone. In addition, the
monetary losses associated with malware attacks conducted over the
Avalanche network are estimated to be in the hundreds of millions of euros
worldwide, although exact calculations are difficult due to the high number of
malware families managed through the platform.
The global effort to take down this network involved the crucial support of
prosecutors and investigators from 30 countries. As a result, 5 individuals
were arrested, 37 premises were searched, and 39 servers were seized.
Victims of malware infections were identified in over 180 countries. Also, 221
servers were put offline through abuse notifications sent to the hosting
providers. The operation marks the largest-ever use of sinkholing​[1]​ to combat
botnet​[2]​ infrastructures and is unprecedented in its scale, with over 800 000
domains seized, sinkholed or blocked.
On the action day, Europol hosted a command post at its headquarters in The
Hague. From there, representatives of the involved countries worked together
with Europol’s ​European Cybercrime Centre​ (EC3) and Eurojust officials to
ensure the success of such a large-scale operation.
In addition Europol supported the German authorities throughout the entire
investigation by assisting with the identification of the suspects and the
exchange of information with other law enforcement authorities. Europol’s
cybercrime experts produced and delivered analytical products.
Eurojust’s Seconded National Expert for Cybercrime assisted by clarifying
difficult legal issues that arose during the course of the investigation. Several
operational and coordination meetings were also held at both Europol and
Eurojust.
Julian King, European Commissioner for the Security Union, said: "Avalanche
shows that we can only be successful in combating cybercrime when we work
closely together, across sectors and across borders. Cybersecurity and law
enforcement authorities need to work hand in hand with the private sector to
tackle continuously evolving criminal methods. The EU helps by ensuring that
the right legal frameworks are in place to enable such cooperation on a daily
basis".
Rob Wainwright, Europol Director, said: “Avalanche has been a highly
significant operation involving international law enforcement, prosecutors and
industry resources to tackle the global nature of cybercrime. The complex
trans-national nature of cyber investigations requires international cooperation
between public and private organisations at an unprecedented level to
successfully impact on top-level cybercriminals. Avalanche has shown that
through this cooperation we can collectively make the internet a safer place
for our businesses and citizens”.
Michèle Coninsx, President of Eurojust, said: “Today marks a significant
moment in the fight against serious organised cybercrime, and exemplifies the
practical and strategic importance of Eurojust in fostering international
cooperation. Together with the German and US authorities, our EU and
international partners, and with support from Eurojust and EC3, Avalanche,
one of the world’s largest and most malicious botnet infrastructures, has been
decisively neutralised in one of the biggest takedowns to date.”
The criminal groups have been using the Avalanche infrastructure since 2009
for conducting malware, phishing and spam activities. They sent more than 1
million e-mails with damaging attachments or links every week to
unsuspecting victims.
The investigations commenced in 2012 in Germany, after an encryption
ransomware​[3]​ (the so-called Windows Encryption Trojan), infected a
substantial number of computer systems, blocking users’ access. Millions of
private and business computer systems were also infected with malware,
enabling the criminals operating the network to harvest bank and e-mail
passwords.
With this information, the criminals were able to perform bank transfers from
the victims’ accounts. The proceeds were then redirected to the criminals
through a similar double fast flux​[4]​infrastructure, which was specifically
created to secure the proceeds of the criminal activity.
The loss of some of the network’s components was avoided with the help of
its sophisticated infrastructure, by redistributing the tasks of disrupted
components to still-active computer servers. The Avalanche network was
estimated to involve as many as 500,000 infected computers worldwide on a
daily basis.
What made the ’Avalanche’ infrastructure special was the use of the so-called
double fast flux technique. The complex setup of the Avalanche network was
popular amongst cybercriminals, because of the double fast flux technique
offering enhanced resilience to takedowns and law enforcement action.
Malware campaigns that were distributed through this network include around
20 different malware families such as goznym, marcher, matsnu, urlzone,
xswkit, and pandabanker. The money mule schemes operating over
Avalanche involved highly organised networks of “mules” that purchased
goods with stolen funds, enabling cyber-criminals to launder the money they
acquired through the malware attacks or other illegal means.
In preparation for this joint action, the ​German Federal Office for Information
Security (BSI)​ and the ​Fraunhofer-Institut für Kommunikation,
Informationsverarbeitung und Ergonomie​ (FKIE) analysed over 130 TB of
captured data and identified the server structure of the botnet, allowing for the
shut-down of thousands of servers and, effectively, the collapse of the entire
criminal network.
The successful takedown of this server infrastructure was supported by
INTERPOL​, the ​Shadowserver Foundation​, ​Registrar of Last Resort​, ​ICANN
and domain registries involved in the takedown phase. INTERPOL has also
facilitated the cooperation with domain registries. Several antivirus partners
provided support concerning victim remediation.
 Del Rio Man Sentenced to Federal Prison on Cyberstalking
and Child Pornography Charges

In Del Rio yesterday, 27-year-old Michael Martinez was sentenced to 120 months in federal prison
for online sextortion, cyberstalking and child exploitation announced United States Attorney Richard
L. Durbin, Jr., and Federal Bureau of Investigation Special Agent in Charge Christopher Combs, San
Antonio Division.

In addition to the prison term, United States District Judge Alia Moses ordered that Martinez pay a
$2,000.00 fine and be placed under supervised release for a period of 5 years after completing his
prison term. Martinez has remained in federal custody since his arrest on August 13, 2015.

In April 2016, Martinez pleaded guilty to two counts of cyberstalking and one count of receipt of
child pornography. By pleading guilty, Martinez admitted that from October 2013 to August 2014,
he caused emotional distress to multiple female victims--one of whom was a minor--by using a
fictitious Facebook account, email accounts and text messages to harass, threaten and intimidate
them. Furthermore, Martinez admittedly threatened to post nude photographs he had of the victims
on the Internet and send the photographs to their respective family and friends unless the victims
continued to supply him with additional sexually explicit photographs. The minor victim complied
with his threat and sent him nude photographs that he received and stored on multiple electronic
devices.

On August 21, 2014, FBI agents executed a search warrant at the defendant’s residence. During the
execution of the search warrant, investigators seized several computers, an assortment of computer
related storage devices and the defendant’s cell phone. A forensics examination of the seized items
revealed the presence of approximately a dozen images of the minor victim engaged in sexually
explicit conduct.

This case is being brought as part of Project Safe Childhood, a nationwide initiative launched in May
2006 by the Department of Justice to combat the growing epidemic of child sexual exploitation and
abuse. Led by the United States Attorneys’ Offices and the Criminal Division’s Child Exploitation and
Obscenity Section, Project Safe Childhood marshals federal, state, and local resources to locate,
apprehend, and prosecute individuals, who sexually exploit children, and to identify and rescue
victims. For more information about Project Safe Childhood, please visit ​http://www.justice.gov/psc​.

The case was investigated by the Federal Bureau of Investigation. Assistant United States Attorney
Ralph Paradiso prosecuted this case on behalf of the Government.

Oilpro.Com Founder Sentenced To Prison For Hacking Into

Competitor’s Computer System
Defendant Stole Resume Information From Over 700,000 Customer Accounts
Stored on a Competitor’s Database and Attempted to Sell Oilpro.com to the
Same Company Whose Database He Had Hacked

Joon H. Kim, the Acting United States Attorney for the Southern District of New York,
announced today that DAVID W. KENT, the founder of professional networking website
Oilpro.com (“Oilpro”), was sentenced today in Manhattan federal court to one year and one day
in prison for intentionally accessing a protected computer without authorization. The charge
stemmed from KENT’s role in repeatedly hacking into a competitor’s database to steal customer
information and attempting to sell Oilpro to the same company whose database KENT had
hacked. Today’s sentence was imposed by U.S. District Judge Denise L. Cote.

Acting Manhattan U.S. Attorney Joon H. Kim said: “David Kent admitted to hacking into a
competitor’s computer network and stealing client data to boost the value of Oilpro, a company
he founded. Kent then attempted to sell Oilpro – a company he grew using the stolen
information -- to the very company he had hacked. For his criminal attempts to gain an unfair
business edge, Kent has now been sentenced to prison.”

In sentencing DAVID W. KENT, Judge Cote said: “This was a betrayal of trust, a breach of
loyalty, and a level of deceit and dishonesty that was very sad and disappointing.”

According to the documents filed in this case and statements made in court proceedings:

In or about March 2000, KENT founded a website (“Website-1”) that provides, among other
things, networking services to professionals working in the oil and gas industry. Website-1
allows its members to create profiles, which includes personal and professional information. As
part of their profiles, members can also upload their resumes. The profiles are contained in a
database maintained by Website-1 (the “Members Database”). Members are assigned login
credentials (i.e., usernames and passwords) when they create their profiles. Members use these
login credentials to access their profiles.

In or around August 2010, KENT sold Website-1 for approximately $51 million to a publicly
traded company headquartered in New York, New York (“Company-1”). KENT entered into an
employment agreement with Company-1 and agreed to continue to serve as the President of
Website-1 after the acquisition. However, KENT left Website-1 in September 2011 and
launched Oilpro in October 2013. Like Website-1, Oilpro provides networking services to
professionals working in the oil and gas industry. Oilpro is headquartered in Houston, Texas.

Between October 2013 and February 2016, KENT conspired to access information belonging to
Website-1 without authorization and to defraud Company-1. KENT accessed the Website-1
Members Database without authorization and stole customer information, including information
from over 700,000 customer accounts. KENT then exploited this information by inviting
Website-1’s members to join Oilpro. Similarly, one of Kent’s employees at Oilpro who
previously worked for Website-1 (“CC-1”) accessed information in Website-1’s Google
Analytics account without authorization and forwarded the information to KENT. In the
meantime, KENT attempted to defraud Company-1 by misrepresenting during discussions about
a potential acquisition of Oilpro by Company-1 that Oilpro had increased its membership
through standard marketing methods.

* * *

In addition to the prison term, KENT, 41, of Spring, Texas, was sentenced to three years of
supervised release.

Mr. Kim praised and thanked the Federal Bureau of Investigation for their outstanding work.
Mr. Kim also thanked the Office of International Affairs and the United Kingdom’s National
Cyber Crime Unit (NCCU).

This case is being handled by the Office’s General Crimes Unit. Assistant United States
Attorneys Sidhardha Kamaraju and Andrew K. Chan are in charge of the prosecution.