This Post Continues A Series That Will Comprise The Entirety Of The Matthew Keys Sentencing Documents Filed By The Defense – Part 3
In the latter part of 2010, Matthew Keys entered an Internet chat room populated by high-level and highly skilled hackers belonging to the loosely knit hacking collective “Anonymous.” He was invited in as a journalist. He had been in another, larger chat room where people were discussing large scale attacks on Visa, Master Card, Amazon and PayPal as revenge for a banking blockade on the whistleblowing site WikiLeaks. There was no bigger Internet news in early December 2010 and as a journalist, Matthew wanted in on the ground floor of the story.
Though the hacking world, the language and the activities of Internet chat rooms were all foreign to Matthew, reporting was not. In 2004, at the age of 17, Mr. Keys started his own news network. At present, he has his own news network with numerous subscribers and followers. He has spent night and day since he was 17 dedicating himself to the pursuit of delivering the news to the public. Now, he faces an end to any reporting for potentially greater than 7 years, as recommended by the PSR.
The charges in this case stem from minor edits to the headline of a story on the Los Angeles Times website on December 14, 2010. That day, using the Los Angeles Times/Tribune Company’s content management system (“CMS”), the user “ngarcia” altered a paragraph of an latimes.com story. The article’s headline, deck and byline originally appeared as follows:
Pressure builds in House to pass tax-cut package
House Democratic leader Steny Hoyer sees ‘very good things’ in the tax-cut deal, which many representatives oppose. But with the bill set to clear the Senate, reluctant House Democrats are feeling the heat to pass it.
By Lisa Mascaro, Tribune Washington Bureau
After the minor edits by ngarcia, the article’s title and byline allegedly read:
Pressure builds in House to elect CHIPPY 1337
House Democratic leader Steny Hoyer sees ‘very good things’ in the deal cut which will see uber skid Chippy 1337 take his rightful place, as head of the Senate, reluctant House Democrats told to SUCK IT UP.
By CHIPPYS NO 1 FAN, Tribune Washington Bureau
No alterations were made to the text of the actual article, meaning that one who proceeded past the joke headline received the proper information about Steny Hoyer and the Democrats’ tax-cut deal. Website administrators restored the original in less than 40 minutes. For this, Matthew was convicted of three felony counts of violating the Computer Fraud and Abuse Act (CFAA).
Count one, the conspiracy under 18 USC § 371 in this case was largely due to logs showing that AESCracked passed credentials to an Anonymous member named “Sharpie” and while saying “go fuck some shit up.”
Count two, transmission of a code with the intent to cause unauthorized damage to a computer in violation of 18 U.S.C. 1030(a)(5)(A) also rests upon the evidence at trial that Matthew passed login credentials to the Tribune Co. content management system and the statement: “go fuck some shit up.”
Count three, attempt to cause damage to a computer, rested again on the same basic set of facts.
Sprinkled in for prejudicial flavor at trial were emails from email addresses based on “X-Files” characters to Matthews’ former employer, FOX40 in Sacramento. They made vague threats about exposing that FOX40’s give-away contests were fixed and that the computer security of the station was suspect.
Internet Feds and LulzSec, 2010-1011: Popular Culture and the Hacktivist as Celebrity
The CFAA violations and U.K.’s Computer Misuse Act (the U.K. analogue of the CFAA) violations committed by the members of “Internet Feds,” later to be named “LulzSec,” shed light on the instant crime as well as the times that this crime occurred. September 2010-March 2012 was marked by an explosion of aberrant computer hacking behavior, the likes of which the world had never seen; a behavior that became infectious, a matter of media curiosity, and behavior that was roundly cheered by the online community. It is important to see the zeitgeist of this period for what it is – the world being swept up in a world marked by a groupthink of hacking madness. The acts of this period had a social and political significance. They also spoke to a herd mentality – those that got swept up in the September 2010 to March 2012 era played to a popular and new ethos. The Internet was awash in hacker news. There was tremendous competition for publicity. There was tremendous publicity. Multiple documentary films were made. Books were written about the exploits – including one by Forbes Technology lead reporter, Parmy Olson. Matthew contributed his Internet Feds logs for her book.
Insight into this zeitgeist is found in Janet Maslin’s review of Olson’s book for the New York Times:
A lively, startling book that reads as ‘The Social Network’ for group hackers. As in that Facebook film the technological innovations created by a few people snowball wildly beyond expectation, until they have mass effect. But the human element – the mix of glee, malevolence, randomness, megalomania and just plain mischief that helped spawn these changes – is what Ms. Olson explores best…We Are Anonymous also captures the broad spectrum of reasons that Anonymous and LulzSec attracted followers.
Lulzsec Sentences Compared to Keys’ PSR Guideline Sentence
Lulzsec or “Lulz Security” were a small offshoot of Anonymous that gained their heights of fame in 2011 for “hacking the planet,” as the Internet community puts it. There were a series of high profile cyber-attacks carried out by Lulzsec beginning in May 2011. Targets included Sony Pictures’ internal database, the CIA’s website, the FBI’s contractor InfraGard, the British equivalent of the FBI, “SOCA,” the Westboro Baptist Church, Frontline, Fox News, and several of Rupert Murdoch’s properties. Although the group officially announced its retirement in June 2011 they reunited to hack Murdoch’s “Sun” newspaper in July 2011. Members of LulzSec included “Topiary” and “Palladium.” The Sun front page was defaced to show a photoshopped prone Murdoch, who had suddenly passed away in his topiary from a lethal dose of Palladium. Nonetheless, Matthew faces a much harsher sentence than those meted out to Lulzsec. All the members of LulzSec/Internet Feds combined received sentences in the aggregate that barely exceeded the recommended sentence in this sentence. Comparatively, Keys’ PSR guideline sentence of 87-108 months is excessive and disparate.
LulzSec periodically released stolen information from websites. They posted the stolen data on their website in .txt files, on the web app pastebin aka pastebin.com, in torrents on their page, or in downloadable files on the BitTorrent website the Pirate Bay. Releases often were posted on Fridays and thus they made a hash tag called “#fuckfbifriday” that they use to tweet with for their “fuck the FBI Fridays.” LulzSec, like Internet Feds before them, used Distributed Denial of Service actions and SQL injections to take down websites. The group was motivated in part by political causes related to economic and social justice, but also seemed to appreciate hacking for pure entertainment. (See also: #OpSony)
On May 5th, 2011, the earliest known hack attributed to Lulzsec began against Fox Broadcasting Company, which resulted in the breach of TV talent show X Factor contestant’s database and 73,000 applicants’ personal information. On May 10th, FOX.com’s sales database and users’ personal information was released.
Between late May and early June 2011, international media company Sony’s database was attacked by hackers who took thousands of users’ personal data including “names, passwords, e-mail addresses, home addresses dates of birth.” Lulzsec claimed that it used a SQL injection attack and was motivated by Sony’s legal action against the original iPhone jailbreak hacker George Hotz, who revealed similar information of Sony’s PlayStation 3 console in December 2010.
LulzSec breached databases include Sony Music Japan, Sony Pictures, SonyBMG Netherlands and SonyBMG Belgium. The group claimed to have compromised over 1,000,000 accounts, though Sony claims the real figure was around 37,500. Some of the compromised information has been reportedly used in scams.
On May 29th, 2011, LulzSec managed to compromise several PBS web properties including PBS’s official website and Twitter account. The PBS homepage was defaced with an image of famous Internet meme Nyan Cat and the words “all your base are belong to lulzsec” referencing another Internet meme: All Your Base Are Belong To Us. Lulzsec claimed it was in response to a biased documentary about Wikileaks that had aired on an episode of PBS Frontline. They also were responsible for an article which claimed that 2Pac, a rapper who died back in 1996, was still alive and was found living in New Zealand with another famous dead rapper, Biggie Smalls.
LulzSec took responsibility for taking down the United States Central Intelligence Agency website in a tweet on June 15th, 2011.
On June 15th, 2011, an article was posted to the website VentureBeat claiming that LulzSec was starting to attack users of the website 4chan.org and Anonymous. The sparring began when LulzSec initiated a “DDoS Party,” which was a set of large-scale distributed denial of service attacks on several gaming servers and websites that brought a lot of games offline. EVE Online, League of Legends and Minecraft all faced outages or significant latency problems.
On June 19th, 2011, LulzSec posted a statement on the pastebin website announcing that they will be teaming up Anonymous to attack government agencies:
Welcome to Operation Anti-Security (#AntiSec) – we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word “AntiSec” on any government website defacement or physical graffiti art. We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships.
On June 20th, 2011, LulzSec managed to take down the United Kingdom’s Serious Organized Crime Agency (SOCA) website with a DDoS attack as part of Operation Anti-Security.
On June 21st, 2011, a South American branch of Lulzsec group (@LulzSecBrazil) launched DDoS attacks against the portal of Brazilian government websites and the homepage of the President under the banner of Operation Anti-sec. The denial-of-service attacks came following the announcement on June 19th of a joint operation seeking to “steal and leak any classified government information, including email spools and documentation.”
From the onset of Operation Anti-sec, LulzSec’s support base expanded from small unknown groups to an international network of Anonymous activists and regional Lulzsec chapters in Brazil and Colombia, as well as the Iranian Cyber Army.
On June 23rd, Lulzsec released a new set dubbed “Chinga La Migra,” a Spanish phrase meaning “fuck the border patrol,” which reveals hundreds of private intelligence bulletins, personal information of police officers and confidential documents including training manuals and personal email correspondence. In the press release, the group cited the legislation of SB1070 (Support Our Law Enforcement and Safe Neighborhoods Act), a controversial anti-immigration law that was passed in the state of Arizona in April 2011, as their primary motive behind targeting the Department of Public Safety. The documents classified as “law enforcement sensitive”, “not for public distribution”, and “for official use only” are primarily related to border patrol and counter-terrorism operations and describe the use of informants to infiltrate various gangs, cartels, motorcycle clubs, Nazi groups, and protest movements.
On June 25th, 2011, LulzSec released a statement on pastebin saying that after 50 days of hacking, they will be going into retirement. The farewell statements were accompanied by about 458 MB of data from AOL, AT&T, Navy.mil, pilimited.com, and many other websites that they uploaded from their Pirate Bay account.
On July 13th, 2011, LulzSec announced that once the @pastebin Twitter account reached 75,000 users they would embark on a mystery operation that would “cause mayhem.” After their announcement, @pastebin received about 10,000 followers in 6 days.
On July 18th, 2011, the Lulzsec resumed its activities when they reportedly edited the entire homepage – the front page – of News International-owned The Sun to display a fake story about NewsCorp’s CEO Rupert Murdoch’s death from a drug overdose. As the volume of requests exploded on the news site, the group then redirected its homepage to their Twitter account. LulzSec also confirmed its responsibility for the hack and released a number of e-mails and passwords presumably associated with The Sun employees via Twitter. The tech blog Gizmodo also reported that one of the passwords tweeted out by “Anonymousabu” (Hector Monsegur) belongs to the arrested and now convicted (From the British phone hacking scandal) News International chief Rebekah Brooks: visited The Sun before we did this (may God have mercy on your soul) clear your cache so the redirect works. #MurdochMeltdownMonday.
“Both Sides of the Atlantic”
The Lulzsec members in England were charged under the U,K’s Computer Misuse Act. The language of the Computer Misuse Act and the conduct it prohibits are similar to the CFAA. Indeed, written in 1990, it appears Parliament reviewed the CFAA when drafting the Computer Misuse Act. Accordingly, the crimes for which British Internet Feds/LulzSec members were convicted are analogous to the crimes that American participants of these groups committed. The sentences are thus relevant to determine a comparison between what actions and crimes were undertaken by these groups and how the punishments for those crimes would compare to a 87-108 month sentence meted out to Matthew for conduct that is, by comparison, de minimus. As the prosecution admits, “[t]his is not the crime of the century.” Yet he faces a far more severe sentence than any member of Lulzsec served. 60 months, which the Government seeks, would be more than any person engaged in hacking crimes during this period – by about double!
Sentence of Lulzsec Member Hector Xavier “Sabu” Monsegur: 7 months
The most active member and the identified leader of both Internet Feds and LulzSec was Hector Xavier Monsegur, who was in his mid to late 20’s during his most active period. Monsegur is more famously known on the Internet as “Sabu.” He is the same Sabu from the Internet Feds chatroom. After being arrested by the FBI in 2011, he cooperated heavily with the FBI and took a plea. In his plea he admitted participating in the Los Angeles time story prank.
Indeed, in relation to Count 2 in his case, Sabu admitted to unlawful access of the Tribune Company’s CMS, along with “attacks” on HBGary, a cyber security firm. In the HBGary hack, Sabu and Internet Feds co-conspirators appropriated and publicly released 70,000 emails. They infiltrated all parts of the company by “rooting” or gaining root access to all of HBGary’s systems. The CEO of HBGary Federal, a division of HBGary, was fired. His personal iPhone, router, email, Twitter, Facebook, World of Warcraft and other accounts were appropriated. He also admitted to a hack of Fox’s website, accessing the contestant list for the X-Factor TV show and releasing tens of thousands of contestant’s information. The motivation for the hack was said to be that the CEO of HBGary Federal was going to meet with the FBI in an attempt to unmask members of Anonymous. This behavior relates to only count two of a twelve count complaint, and but one complaint of 4 across the country, including one in the Eastern District of California.
Sabu additionally admitted hacks unrelated to Anonymous or LulzSec where he stole from people’s bank accounts. He also admitted to selling drugs. Furthermore, he admitted participation and leadership in the following hacks: The Visa, MasterCard, PayPal and Amazon hacks called Operation Avenge Assange, attacks against the Tunisian Government in support of the Arab Spring uprising, attacks against the Algerian government as part of the Arab Spring uprising, attacks against the Yemeni government, again as part of the Arab Spring uprising, attacks against the Zimbabwean government, and the later “dump” all the Zimbabwean data into the public sphere, Sony (multiple times including Sony Music, Sony Pictures and several foreign Sony companies), PBS, video game company Nintendo, the Georgia division of Infraguard (Infraguard is an FBI contractor), Unveillance (a cybersecurity company), the United States Senate (confidential information was downloaded and shared with the public), video game company Bethesda Softworks, a hack of an automotive company in New York in which he, acting alone, was able to swindle the company out of 4 automobile engines worth approximately $3,500.00, fraud involving “dozens” of fraudulent or stolen credit cards upon which he personally made fraudulent charges, bank fraud committed upon the accounts of private citizens, and, finally, aggravated identity theft. The property crimes were not done in connection with Internet Feds or LulzSec.
Monsegur had 4 indictments total filed against him and dismissed in favor of the Southern District of New York plea. Monsegur pled guilty to 12 counts carrying with them a total maximum of 122 ½ years. Additionally, “Monsegur also admitted to hacking thousands of computers between 1999 and 2004, engaging in various hacktivism activities as well as carding activity — stealing and selling credit card information for financial gain or to pay off his own bills. He also admitting to selling a controlled substance, illegally possessing an unlicensed firearm, and purchasing stolen electronics and jewelry.”
Monsegur only served 7 months because of violation s of his supervised release including picking up a new charge (impersonating an FBI agent). He also violated his computer restrictions. But at sentencing he was given only 7 months with credit for 7 months served for violating the terms of his release.
Sentences for Lulzsec Members Darryn “PwnSauce” Martyn aka and Donncha “Palladium” O’Cerbagill: A $5,000.00 Euro Fine and a “Restorative Justice” class.
Lulzsec members Darryn Martin and Donncha O’Cerbagill were college students in Ireland at the time of their offenses. They were both around 19 years old. They pleaded guilty in July 2013 to criminal damage to the www.finegael2011.ie website. On January 9, 2011 the site was defaced, had its database stolen and was knocked offline for 24 hours – seven weeks before the general election.
Both Martin and O’Cerbagill were also indicted in the Southern District of New York for computer crimes involving Internet Feds and LulzSec. Neither have been extradited, nor has extradition been sought for them or any of the members of Internet Feds and LulzSec that were indicted in the US but live in Britain.
Both Martin and O’Cerbagill are currently finishing up their college degrees.
Sentence for Ryan Ackroyd “Kayla” 30 months of prison time.
Lulzsec member Ryan “Kayla” Ackroyd was co-defendants with fellow Lulzsec members Jake Davis, Mustafa Al-Bassam and Ryan Cleary in the U.K.’s prosecution for violations of the Computer Misuse Act. The British prosecution’s sentencing summary listed some of the hacks Ackroyd, then 25, and his co-defendant’s committed: The HBGary/HBGary Federal/Aaron Barr hack, Sony (multiple times including Sony Online Entertainment, Sony Music, Sony Pictures and several foreign Sony companies, resulting in 12 days of outage time and a $20 Million loss), the Westboro Baptist Church (website defaced), video game company Nintendo, the Georgia division of Infraguard (Infraguard is an FBI contractor), Unveillance (a cybersecurity company), the United States Senate (confidential information was downloaded and shared with the public), video game company Bethesda Softworks, News International (Rupert Murdoch) “stable of websites,” causing multiple high-profile news sites to go offline for hours and for harvesting data from those companies, including the deface of the Sun in which Murdoch was declared dead, the Pentagon, wherein administrators were unable to access their accounts, causing 5 people to work for one month to remedy the problem, $100,000.00 in economic loss and $50,000.00 in new equipment needed to be purchased, 20th Century Fox’s website, accessing the contestant list for the X-Factor TV show and releasing tens of thousands of contestants information, Eve Online, a gaming company, disrupting play for participants, SOCA, the British “Serious Organized Crimes Agency,” the CIA, the British National Health Service, The Arizona State Police, which unleashed secret police data and information about the officers and ongoing investigations, along with information about police informants, and this is not an exhaustive list.. Mustafa recently was invited to 10 Dowing Street, home of the British Prime Minister, as part of a organization that is a “network of most promising entrepreneurial talent in technology.”
Ackroyd was trained on computers during his time in the British Army. He had previously participated in hacking groups that downed other targets, most notably “gn0sis.” He had a virtual machine, and set up his equipment such that it would disable itself if a wire was touched. He was home when he was raided and tripped the wire himself. Scotland Yard was able to remove enough data from his virtual machine’s memory to point clearly to Ackroyd’s identity as “Kayla.” “Kayla” was an assumed identity of a 16 year old girl. It was effective in throwing people off his trail.
Additionally, many of LulzSec’s targets were taken out by Ryan Cleary (ViraL)’s use of a botnet. A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. A botnet is typically acquired by installing a “Trojan Horse” or “Trojan” on someone else’s computer. The most common way this is done is to send an email and have the recipient click on a link or open an attachment. Cleary’s botnet allegedly included 100,000 computers and was used to DDoS sites. It literally turned websites into smoking craters in cyberspace within seconds. This botnet was used on SOCA and the CIA, among other targets.
Ackroyd was sentenced to 30 months in prison. Ackroyd received a higher sentence than his co-defendants because he declined to wear an ankle monitor while on police bail (our equivalent of O.R.). Had he done so, his sentence would have been greatly reduced. British prison time is served at 50% if the prisoner is on good behavior. Additionally, Ackroyd was older and was a senior member of LulzSec, second only to Monsegur, and was considered Monsegur’s ‘Lieutenant.” He personally found most of the vulnerabilities in the websites attacked. He was trained by the army and was presumed to know better than to use his skills in this manner.
Acroyd and Keys fought in the Internet Feds chatroom, ultimately leading to Keys’ expulsion from the room. Keys was accused by many in the room of providing information to the media, thus violating the trust and security of the group.
Sentence for Jake Davis “Topiary” – 24 Months (half on probation)
LulzSec member Jake Davis was sentenced to a total of 24 months in the U.K., with 50% to serve in prison and 50% on probation. Electronic tag time knocked off all but 38 days of the first 50% prison time, hence 38 days remaining in prison, followed by 365 days on probation.
Davis was not a participant of Internet Feds at the time Matthew was in the chat room. Davis’s involvement began with the HBGary hack in February 2011. Davis was also convicted of all LulzSec Counts (aside from Monsegur no one in Internet Feds/LulzSec was involved in the conduct for which Keys was convicted). His computer had storage on it that included close to a million people’s personal information. None of that information had been released to the public.
Davis was responsible for LulzSec’s witty antics on Twitter and elsewhere. He was the so-called spokesman for Internet Feds / LulzSec. He wrote the press releases for all of the operations and was the public voice of LulzSec. He is now a student studying theater. Davis is doing very well in school and his future looks rather bright.
Sentences for Mustafa Al-Bassam “T-Flow” “Chronom” (Internet Feds) –2 years suspended sentence.
Lulzsec member Mustafa Al-Bassam was a brilliant young coder who was an integral part of Internet Feds and LulzSec. He was present for all of the LulzSec crimes. Al-Bassam’s crimes are almost identical to those of Ackroyd.
Matthew and Al-Bassam started to get along poorly in the Internet Feds’ chatroom. Along with “Kayla,” “Chronom” was a big reason that Keys’ access to the room was revoked.
Al-Bassam is now a student at a London University. Like Davis, he is doing very well in school and his future looks bright.
Because Al-Bassam was a minor at the time of his arrest, details of the events that led to his arrest were never released.
Lulzsec Member Ryan Cleary “ViraL” [LulzSsec botnet herder]-32 months for 2 separate cases
Ryan “ViraL” Cleary was with LulzSec for only a short while, but his emergence marked their most “destructive” period. He was responsible for being the “bot herder” that took down the SOCA and CIA sites. He was also said to be behind the U.S. Senate hack. Cleary was between 19 and 20 years old during the relevant periods.
Cleary rented his botnet out for cash. He allowed anyone to use it for any reason. Indeed, he had brokers taking a cut of the fee to help him keep it rented out. He had access to certain information involving true names behind XMPP handles and IP addresses for those that put up text on Pastebin.com. Cleary used that information to cause negative consequences to people. For example, when someone ran afoul of LulzSec, he gave personal information to Monsegur. The person’s home was raided and his personal identity as well as all identifying information was made public.
He was arrested shortly after the SOCA and CIA attacks. Cleary did surprisingly little to hide his identity. He was released on his own recognizance and sent back home. He was rearrested later in 2011 for contacting Monsegur, then an FBI informant and asking Monsegur to help rehabilitate his reputation. As Cleary made it clear that he intended to use his reputation online again, he was remanded into custody before doing any damage.
Cleary was also found with locked portions of his hard drive. Based upon searches of his browser history, police believed him to be in possession of child pornography. They were unable to unlock his encrypted files. Eventually, faced with the threat of significant prison time, Cleary decrypted the files. It was never made public whether unlawful images were located.
It was also revealed that Cleary was involved in many other types of hacking activities and other unlawful conduct on the internet not involving his botnet. For example, he had been buying narcotic pills online. Much of Cleary’s internet criminality was driven by his hatred of other Internet denizens.
Based upon the illegal pornographic images and the deadly botnet, along with Cleary’s other aggravating conduct, Cleary was sentenced to 30 months. He and Ackroyd received the harshest sentences – though they were well less than half of what is proposed for Matthew. This transcends the colloquialism “it hardly seems fair.”
Reports are that Cleary has grown up a lot since this incident, or at least he is trying. He has asked his co-defendants, who are all doing well, for help getting his life on track. One week prior to his arrest, Cleary was diagnosed with Asperger’s disease. He had been living in his room as a recluse for years. He did not attend school. He was on his computer all day and night. His windows were even covered with tinfoil.
He has since started making strides to a better existence. It will not be easy for Cleary, but he is seeking help. As with all of the other LulzSec and Anonymous defendants, he has rejoined society in a positive way.
No Charges for George David Sharpe aka “Sharpie”
George David “Sharpie”. Sharpie was the individual who actually accessed the Tribune Companies CMS and caused the damage Matthew was convicted for. Sharpe was never charged on either side of the Atlantic. He was visited once at his home in Scotland by the FBI and Scotland Yard. He spoke to them and that was the last of his contact with this case.
The PayPal 14
The original “Operation Payback,” discussed herein and at Keys’ trial was an Anonymous operation that sought to counter a DDoS campaign by an Indian company who was said to have been hired by the “Bollywood” companies who were displeased with sites that did not take down copyrighted material quickly enough for their tastes. The company hired by “Bollywood” launched sustained DDoS traffic against many different sites, including the torrent website the Pirate Bay, because the Pirate Bay allows some users to download copyrighted material. That “Op” began in September 2010. Foreign companies continued to DDoS the Pirate Bay other sites and Anons continued to counter-attack companies including law firms, the Recording Industry of America, and other pro-copyright sites. Op Payback lasted all the way until mid-December 2010.
In early December 2010, a banking blockade was formed with the intent that no donations were to be processed for the WikiLeaks “truth-telling” or “whistleblower” site. Op Payback quickly morphed into an action against donation payment processors PayPal, Visa, MasterCard and Amazon. Most people still called the DDoS protests against the banking blockade “Op Payback” but the operation was actually truly named “Op Avenge Assange,” though so-called by few. These terms were used interchangeably throughout Matthews’ trial, but were often just referenced as actions involving WikiLeaks or Assange.
Operation Payback members used a modified version of the Low Orbit Ion Cannon (LOIC) tool to execute the DDoS attacks. The LOIC operates by targeting a particular website with “junk” traffic. The user types the site’s URL into a bar on the LOIC and then clicks the “imma chargin mah lazer” button.  Junk packets are then sent to the target site. The net effect is that a website essentially refreshes itself over and over. By itself, the LOIC traffic is like throwing a pebble at a plate glass window. It is almost certain to do no damage. In September 2010, a “Hive Mind” mode was added to the LOIC. While in Hive Mind mode, the LOIC connects to an Internet Relay Chat room, where it can be controlled remotely. This allows computers with LOIC installed on them to behave as if they were a part of a botnet. Utilizing this tool, the coordinators of Operation Payback were able to quickly take down websites belonging to anti-piracy groups. While tossing one pebble at a plate glass window may do nothing, tossing between 8,000 and 30,000 at once will likely have effect.
In January 2011, 40 warrants were executed in America in relation to the PayPal DDoS. In July, charges were filed against 14 people under the CFAA for their roles in the PayPal DDoS protest. It is estimated that between 8,000 and 30,000 people took place in the PayPal protest.
The PayPal defendants pled guilty to one felony CFAA count. They were placed on supervised release for one year with only one condition – do not commit any new crimes. After a year, they were allowed to withdraw their felony plea. Misdemeanor pleas were entered. One or two of the defendants did not want to be placed on supervised release for a year, in that they had other criminal cases pending in State Courts in different jurisdictions, so they asked to be sentenced to 90 days in jail for an immediate misdemeanor. This plea was accepted by the District Court Judge in the Northern District of California. Other than that, no one did a day in jail for a 4 day DDoS on PayPal that caused the world’s largest online payment processor repeated outages during the holiday gift buying season. PayPal listed their damages at $5.6 million. The ultimate restitution figure settled on by the parties was just under $90,000.00, joint and several.
The members of the PayPal 14 that have remained in the public sphere all are doing well, and have mostly gone back to their lives as they were before.
Vincent Kershaw, after sentencing but while still on the one-year probation, bought his first house in Colorado. He has stayed in the family landscape design/install business which he will be taking over later this year when his father retires.
Mercedes Haefer is working for an IT repair/service company in Las Vegas, continuing her studies at UNLV and, according to one of her co-defendants “basically being awesome.”
Keith Downey roamed Europe looking for work for a few months but was unfortunately unlucky and didn’t find employment. He moved back to Florida and is working at a hardware store saving money to get back to Europe.
Unfortunately, PayPal 14 defendant Dennis Collins, described below in the Payback 13 prosecution, has passed away.
The original Operation Payback and PayPal (Avenge Assange) in England, 4 more defendants
According to his court conviction after a trial in England, Christopher “nerdo” Weatherhead played a large role in Operation Payback (aka Operation Avenge Assange), described above. According to news reports, Weatherhead reportedly was instrumental in bringing down PayPal, resulting in £3.5million in losses for the company. Weatherhead reportedly ran the AnonOps server. News reports alleged that some of the harmful packets that were sent to PayPal and others travelled through the servers he owned and operated. Per Weatherhead, it is not true that any harmful traffic travelled his servers, and this was not among the allegations levelled at him in his trial. If these news reports were correct, one would assume he would have been accused of those actions during his trial.
In January 2013, Weatherhead was sentenced to 18 months in prison for his part in the denial-of-service attacks on PayPal, Visa and MasterCard in December 2010, as well as attacks on music, movie and other pro-copyright websites.
Also sentenced by the same English judge was Ashley Rhodes, 28. Rhodes was sentenced to seven months in prison for his role. A third man, Peter Gibson, 24, was given a suspended six-month prison sentence for his part in the Anonymous operations. The sentencing of a fourth man, Jake Burchall, 18, was adjourned.
The four men were each convicted of attacking anti-piracy and financial companies between August 2010 and January 2011. “Prosecuting, Joel Smith, said the four men were “not simply involved in the attacks, but played roles in maintaining the infrastructure used by other Anonymous members to coordinate attacks”.”
Weatherhead was described during his trial as a high-ranking member of Anonymous who owned two servers, ran private chat rooms and acted as a press spokesman to the world’s media, including the BBC and Al Jazeera. The court heard that Weatherhead enjoyed such seniority that he held an election of Anonymous members to decide who or what would be the hackers’ next target.
Weatherhead is gainfully employed and had no issues with the law since being released from prison.
2 years after the PayPal 14 case first came to court, and after the re-pleader plea agreement was reached, the DOJ filed charges against 13 individuals in connection with the Visa and MasterCard DDoS protests in the Eastern District of Virginia. Pleas of 24-months prison time per defendant were offered to all 13 defendants. When the Judge Liam O’Grady was advised of the proposed pleas he erupted in anger at the government, demanding to know why the same crime would not be similarly punished as those in the Paypal 14 prosecution.  Weeks later, all 13 “Payback” defendants had pled guilty to a felony. The plea included a provision that after a year of supervised release wherein the only term was to not commit any new offenses, the felony plea would be withdrawn and a misdemeanor substituted therefor. The damage in that case was reportedly $8,917,010.82. No one went to prison in that case.
Adam Bennett aka “Lorax”; Anonymous Australia Website Hacks, November 5, 2012
Over in Australia, Adam John Bennett, 42, who went by the handle “Lorax” was given a two year suspended sentence earlier this month (March 3, 2016) for six charges including aiding another person to cause the unauthorized impairment of electronic communications. In his case he admitted to charges that there were plans for a “mass defacement” of sites planned to mark Guy Fawkes’ Day in 2012. At sentencing the court was told Bennett helped an Australian juvenile dubbed ‘Juzzy’ to hack into a variety of sites, including those operated by the Australian Agency for Education and Training, the Australian Film Institute, Anchor Foods, and the Food Industries Association of Queensland. When the public tried to access a hacked sites, they found a message from the group in red text on a black background.
Prosecutor Patricia Aloi told the court “the plan was to get a much larger number of sites”. She said the “impact could be described as a nuisance, could be described as lost productivity”, and such offending could escalate.
Bennett will end up doing 200 hours of community service for his juvenile nuisance behavior. The case in Australian bears many similarities to that of the instant case. This is especially so in light of the fact that “[Count 6] involved the website of Bennett’s employer Cancer Support WA and that of HotCopper.” Bennett tested the sites for vulnerability to the Heartbleed security bug, and tried to access confidential information.
Like the members of Internet Feds/LulzSec, minus Monsegur, Bennett is a high-profile and quite beloved member of Anonymous. He hosts a very popular talk “Lorax Live” show on AnonOps Radio.
Jonathan Cowden; Op Free Palestine
Jonathan Cowden, 27, was convicted in Federal Court in St. Louis, MO in 2013 for using online tools to attack Nefesh B’Nefesh, an Israeli organization started by and named for an Israeli rapper that assists immigrants to that country, between November 2011 and Jan. 17, 2012, and of hacking the Mayor of St. Louis. Cowden admitted he stole data, damaged computers and boasted about his exploits on Twitter as “_AnonymouSTL_” and elsewhere. Cowden worked for a company that advertises its ability to keep companies’ online data safe. In at least one online profile, he bills himself as a “White Hat” hacker, someone who helps organizations identify security vulnerabilities.
Cowden, for all of his various hacking activities detailed below, was sentenced to serve 15 months in a Federal prison and pay $22,000.000 in restitution. He gave an interview to Anonymous prison support network FreeAnons:
Question: Hi Jon, can you tell us about your case that resulted in your arrest and incarceration? Was your arrest related to OpPalestine?
Answer: I was arrested and charged with one count of Computer Fraud – Access to a protected Computer causing $5,000 or more in damage. I plead to two infractions under that statute. One was for the attack on Nefesh B’ Nefesh and one was for hacking Mayor Francis Slay. Nefesh B’Nefesh was part of a “fire sale” hacking campaign that I, myself completed against the Nation State of Israel. I also hacked TopLinks (Major News and Marketing),The Bar-Ilan University’s Geography and Environment Department (Land, Oil, Diamonds and GPS) The Israel Institute of Technology: Techinon and their Cancer and Vascular Biology Research Center (Technology and Health ILAN (Charity Foundation – PsyOps) and SNIP (more news). What was not mentioned was that I also hacked SALT.IL (their LARGEST export) as well as the Israeli site of ARCO Oil. (Another of the TOP exports.) So you can see… I attacked LAND (GPS, Geology), Exports (SALT and Oil), Technology (Institute of Tech), Struck Fear (Charity) and took down News (Toplinks and SNIP). My hacking was not related to OpFreePalestine. As you trace back on Hackmageddon I WAS OpFreePalestine in the beginning.
The hack on Mayor Slay of St. Louis was to demand the control of his officers during the eviction of the Occupy camp after the Occupy camps of Oakland, LA, and NY all went south. Being that St. Louis officers are notorious for brutality [ ] I felt it was required of me. It worked… Only a handful were peacefully arrested and released that night.
Cowden got 15 months, yet Matthew’s guideline range is between 70 and 87 months and his PSR states that no Booker variance is appropriate. This interview should cause the Court to reject the guidelines entirely and start thinking about what type of Booker variance is appropriate. The comparative analysis of like cases shows that Keys’ conduct was de minimus.
Cowden violated the terms of his supervised release by having an internet-accessible tablet and a pocket knife. He was returned to custody. As one newspaper put it: “Jon explained to us at one point that even McDonalds wouldn’t hire him because they use computers and they would have to be monitored. His self-confidence was squashed in prison and he suffered PTSD also as a result of his incarceration. [Cowden had many mental health issues prior to entering prison, and is now participating in counselling] Jon was beginning to feel better about himself. With the help of his beloved dog Chazz, an incredibly supportive girlfriend and a job in the works, life was finally looking up for our Anon that the world had forgotten. All of that came to an abrupt halt on 10/25/2015 when Jon was arrested for violation of probation for being in possession of a pocket knife and a tablet computer.
Monsegur and Cleary violated terms of their pre-trial releases. Cowden is the only one that has violated terms of his supervised release and been returned to custody. It is rather noteworthy that everyone involved with Anonymous-related computer crime has returned to a happy and productive life. The recidivism rates among non-Anons and Anons are widely disparate. Recidivism rates in California are 61%. Anons are, thus far, one out of dozens. That Keys has every prospect of living a crime-free, law-abiding life militates toward a conclusion that it is unnecessary to imprison him for any period of time. Keys’ contrast with Cowden is among the starkest of contrasts that we will see in this comparative section.
Other instances of digital intrusions on Tribune Company
The alleged computer intrusion of December 2010 involving the LA Times compares with another type of intrusion that struck the Tribune Company more than 20 years earlier.
On November 22, 1987, the broadcast signal of Tribune-owned WGN-TV was briefly interrupted during a late evening newscast when a video pirate hijacked the signal to air videotape of a satirical parody involving a well-known television character known as Max Headroom.
According to engineers at WGN-TV as retold by the Chicago Tribune, an unidentified individual overpowered the television station’s broadcast signal — likely through the use of sophisticated transmission equipment and technical knowledge of radio frequencies — gaining brief control of WGN-TV’s airwaves. The intruder replaced WGN-TV’s signal with his own, airing a videotape of someone dressed in a Max Headroom costume for about 30 seconds before WGN-TV’s engineers were able to retain control of their airwaves. More precisely, during highlights from the Chicago Bears’ 30–10 home victory over the Detroit Lions that afternoon in the sports report, the screen went black for 15 seconds, then returned with a person wearing a Max Headroom mask and sunglasses, moving around and jumping. His head was in front of a sheet of moving corrugated metal, which imitated the background effect used in the Max Headroom TV and movie appearances. There was no audio other than a buzzing noise and an oscillating sound.
The incident left sports anchor Dan Roan bemused, saying, “Well, if you’re wondering what’s happened, so am I.” He then unsuccessfully tried to repeat what he was saying before the incident occurred, having succumbed to laughter.
The Max Headroom incident made national headlines and was reported on the CBS Evening News the next day. Not long after the incident, WMAQ-TV humorously inserted clips of the hijacking into a newscast during Mark Giangreco’s sports highlights. “A lot of people thought it was real – the pirate cutting into our broadcast. We got all kinds of calls about it,” said Giangreco.
A few hours after the WGN-TV signal intrusion, another signal hijacking occurred, this time on public broadcaster WTTW during the airing of an episode of “Doctor Who.” This time, the individual was able to gain control of WTTW’s airwaves for close to two minutes (WTTW would later acknowledge it had no engineers on staff at the time who were capable of overriding the pirate’s signal). Because Doctor Who was a popular program at the time, a number of people had taped the episode involving the signal interruption; copies of the incident were made available to local news broadcasters in the days to come, and have been preserved in recent years on websites like YouTube.
The so-called “Max Headroom pirate incident” was dismissed by the Chicago Tribune newspaper as a “silly stunt involving a parody of a parody,” and the alleged pirate was referred to as a “joker” with a “strange sense of humor.” But the Federal Communications Commission, the federal agency in charge of regulating television broadcasts among other things, did not find it to be strange or humorous: An immediate investigation was launched to determine the source of the signal intrusion and to identify those responsible for it.
The Max Headroom incident is still the subject of prankster-fueled comedy. The most famous usage of the incident is probably when parts of the video were included in some episodes of the animated talk show, Space Ghost Coast to Coast. One can see the bobbing figure of the Max Headroom intruder going by when Moltar, a character in the show who is a kind of assistant to the main character , is switching feeds to get Space Ghost, the talk show host, his next guest.
Though these intrusions were then and are now seen as harmless pranks, broadcast signal intrusions — in many ways, a form of television “hacking” — can have serious consequences. Had a local, state or national emergency occurred at the time of the signal intrusion, the two broadcasters in question who were hijacked would likely not have been able to invoke the Emergency Broadcast System, which could have jeopardized the safety and security of their viewers. Additionally, because signal intrusions at the time required pirates to overpower a frequency with more radiative power, the possibility of damaging broadcast equipment in this case was very real (neither broadcaster, in this case, reported damage to their equipment and, in fact, continued broadcasting as normal after the signal intrusion). Unlike hijacking a TV signal, altering the content of one LA Times article did not render the rest of the website inaccessible, posed no immediate or future danger or threat to the public and did not — by the government’s own admission — cause any lasting damage to the computer equipment used to operate the website or the website itself.
Although the Max Headroom pirates were never found, their punishments would have likely mirrored that of another signal pirate: One year earlier, satellite engineer John R. MacDougall briefly overpowered the broadcast signal of the Home Box Office (HBO) as protest to the network’s decision to begin charging satellite customers for HBO by encryption what had otherwise been a freely-available channel to them.
The incident became known as the “Captain Midnight signal intrusion” because of MacDougall’s use of the moniker Captain Midnight. MacDougall used his position as a broadcast engineer and his advanced technical skill of signals and frequencies to overpower HBO’s broadcast in the evening of April 27, 1986, causing customers to lose access to HBO programming for a few seconds.
MacDougall was arrested following a year-long FBI investigation. Despite the FBI and FCC’s assertion at the time that broadcast signal intrusions were serious crimes that carried severe consequences and threatened national security, MacDougall was sentenced to serve one year of probation and ordered to pay a $5,000 fine. In a phone interview 25 years after the signal intrusion, he offered no remorse for his actions, saying he did “not regret trying to get the message out to corporate America about unfair pricing and restrictive trade practices.”
These pranks, while potentially serious, highlight an important dichotomy. There is a difference in intent. Monsegur had malice in his heart when he stole engines and used citizen’s credit cards. Though there were consequences to Tribune Co. from the intrusion in this case, it came at a time and place where pranks were the norm. The very essence of “Chippy 1337” is, at its heart, a joke. In contrast to the WGN signal intrusion, the LA Times edit would have been lost to history if the LA Times themselves did not print an article with a screen capture of the initial edit.
Attorney Jay Leiderman has surveyed every prosecution and sentence for a member of Anonymous globally that he could find. None come near the recommended PSR sentence for Matthew. Besides this glaring fact, other factors argue for a downward departure from the guidelines range.
Keys did not believe the login credentials used to access the LA Times would work
While barely awake, Keys gave an interview to the FBI. He was under the influence of medication. Still, per the government he was able to accurately describe events. If that is so, it is important to note the following from the recorded interview as transcribed in the FBI’s “302” report on the interrogation:
John Cauthen (JC): “You were not a hacker, per se, but at the end of the day, you did take e-mails from FOX40 that you shouldn’t have, OK? And screw with them and cause them consternation.”
Matthew Keys (MK): “Hey, I really didn’t take —”
JC: “Well, stop for a second.” (continues)
JC: “I don’t know all of the details, so, we’re going, I mean, what we’d like to do—”
MK: “I, unfortunately, don’t remember all of the details.”
JC: “We’ll refresh your memory of what we know.”
MK: “I…told him that I had credentials for their CMS…and he asked for them…and I gave them to him…um…”
JC: “Why did you do that?”
MK: “Because I thought they didn’t work.”
Use of a VPN (Overplay)
Matthew did have access to a VPN service, but he used that service primarily in his capacity as a journalist for FOX40. The program, called Overplay, was installed on at least two computers at FOX40, and may have been installed on other computers. The program was also, for a time, installed on Keys’ home computer. As far as Matthew knows, the program was not removed from any of FOX40’s computers upon his exit, and because the account remained active, it is reasonable to assume that someone at FOX40 could have accessed it in the way they accessed any other program on the computer.
This illustrated that Overplay was not used solely for nefarious purposes. There are many legitimate uses for a VPN, and the installation of Overplay at FOX40 shows legitimate use. Overplay was software Matthew used during the course of his employment at FOX40 in order to watch geoblocked news channels from other countries.
One thing that no one can dispute is that Matthew is a massive news junkie, and that he spends all day every day searching the four corners of the Earth to find and scoop a story.
Per the Government’s objections to the PSR: “Keys further admitted taking screenshots of Internet chats he wished to retain, and acknowledged participating in the chat referenced in the search warrant application.”
This is part true. He did create screenshots of his observation of Anonymous from various online chat rooms, including “Internet Feds.” He also accepted logs — including screen shots — taken by others as part of his research into the story. He also downloaded logs that had been made freely available on the Internet that referenced activity that he had not observed.  Some of these logs were accessible on an external hard drive that was seized by the FBI in October 2010; some of them were not kept after his story ended in 2011 and are presumed gone for good. However, the FBI has also produced logs and screenshots it claims he created and/or had on an external hard drive seized that he had not seen before, including logs that reference the criminal allegations against him.
Keys wrote stories or provided information to journalists about Internet Feds
Matthew, as a serious journalist, was in the Internet Feds chat room to gather information for a news story. His access to the upper echelon of Anonymous was unprecedented. The information he passed on to other news sites was valuable in helping the world understand who these mysterious politically-motivated pranksters were. Additionally, he provided information to Parmy Olson, a Forbes journalist, for her aforementioned book on Anonymous and LulzSec. His provision of this information is what initially brought the FBI to his door. As a journalist he declined to reveal his sources for whom he granted protection as a condition of receiving information for his reporting. Matthew has made plain in the press that he believes this is what made him a target for prosecution.
For the PBS NewsHour, Matthew provided three pages of documents taken from a Pastebin.com file that circulated in the InternetFeds chatroom. On the Gawker.com story, Matthew provided background information — based on what he knew — about a computer intrusion involving Gawker’s comment database, but he did not provide any logs or material documents to Gawker. For Reuters, Matthew filed a story one day after it was announced that Monsegur and others had been arrested at the request of a Reuters editor. A second editor re-wrote the majority of the story; he appears uncredited.
FOX News is not related to FOX40 Sacramento
Matthew worked for FOX40, the Sacramento affiliate of Fox. As was explained at trial, it is not a Fox station. FOX40 used Fox programming that it purchased from FOX. It had local news and had no relation to Fox News. As we know, FOX40 was owned by Tribune Media Company.
It was stated at trial that Matthew said in Internet Feds: “[i]f you want to attack FOX News, pm me, I have a user [name and] password for their CMS.”
But Matthew never worked for FOX News, and did not have access to their CMS, except for access to a video distribution system provided to affiliates that was only accessible on a special computer connected to an internal network.
Keys statement to the FBI accepts responsibility
During his interview with Agent Cauthen, Matthew explained why he wanted to talk with the FBI: “This is one of the reasons why I’m talking to you as opposed to saying, you know, I want a lawyer or I want to talk to, you know, counsel at Tribune or — again, I’m sorry, counsel at Reuters — or anything like that is because, you know, I did it.”
The edited LA Times.com story was never unavailable in its original form
The contention has been made by the Government that: “Defendant fails to address the fact that when he conspired to alter the contents of the Los Angeles Times, the original, unaltered content was therefore unavailable to the newspaper’s readers.”
This is incorrect. Articles that appear on the Los Angeles Times website also, at that time, appeared in syndication on every Tribune website property. An alteration to an article on one website did not impair the ability to read the articles on other websites. In any case, articles that appear on the Los Angeles Times website also appear on non-Tribune websites (through the Tribune Wire Services), in print (both in the Los Angeles Times and other papers both owned and not owned by the Los Angeles Times) and elsewhere (on their phones, in apps, etc.) where the article would have presented in its original form. Unless users have a special internet connection that forces them to read Los Angeles Times stories on the Los Angeles Times website, they are free to access the same story elsewhere and in other forms.
Matthew told FBI agents that he had selected the moniker AESCracked in order to appear authentic or knowledgeable to hackers…and although he did not know what AES was, he knew that Anonymous would.
This is true. He did use “AESCracked” in some of his interactions with members of Anonymous, and especially in the Internet Feds chatroom. He also used various other nicknames. None of the nicknames were locked with a password, meaning they were freely available for anyone to use on that particular IRC network. For most public IRC networks, using a password with a nickname — “reserving” — is optional, and that was the case here; he did not set a password because he did not believe other people would use it, though other people were certainly free to use it if they wished. He later learned, because of this case, that employees at Tribune Company who had administrative access to all websites were also mingling among Anonymous members. The allegation is not that Tribune employees had anything to do with AESCracked, but simply that the monker was available for anyone who wished to use it.
FBI Agent John Cauthen
Based on trial testimony, FBI Agent John Cauthen attempted to contact Matthew at his apartment in Sacramento, then attempted to gain entry to the apartment and collect information on Matthew by visiting the leasing office. When that failed, Cauthen called Matthew while he was en route to his new home (coincidentally, Matthew was moving the day Cauthen came to his apartment, and the apartment was vacated by the time he arrived).
During the phone call, Cauthen advised Matthew he was conducting an investigation and was interested in speaking with him. When Matthew asked what the investigation was about, Cauthen said he could not say. When Matthew ventured a guess and asked if it was about recent news reports he had worked on concerning Anonymous, Cauthen again said he could not say.
During the call, Cauthen asked if Matthew would be able to meet with him in his office or at another location, whichever was convenient for Matthew. He asked if Matthew could bring his computer for examination because Cauthen felt it might be able to assist with an active FBI investigation. When Matthew told him he would be unable to provide Cauthen any material concerning any reports for which Keys provided sources confidentiality, Matthew again asked if Keys would be willing to meet him with his computer.
At that point, Matthew told Cauthen he would have to end the phone call because he was driving, but that Keys would be happy to assist him if Matthew could provide some information about his investigation and so long as it did not involve violating journalistic ethics. A few hours later, KGO-TV contacted Matthew regarding an application of employment, and Keys forgot about Cauthen’s call.
Cauthen e-mailed Matthew a few weeks later to ask about a home address and other contact information for Matthew. Matthew opened the e-mail while he was at work, and intended to respond when he got home, but forgot about the message.
In March 2012, the dat it was revealed that Hector Monsegur had been cooperating with the Government for the better part of a year, Matthew learned that six suspected members of Anonymous had been arrested, including some he recognized from Internet Feds. Some of the conduct alleged included an attack on a computer system based in Sacramento belonging to a government contractor. In an attempt to get more information as part of his job duties at Reuters, he e-mailed Cauthen from his work e-mail address to inquire about the arrests and investigation in Sacramento. Cauthen did not respond.
Cauthen was present when the search warrant was executed, and asked many of the questions during the 2.5 hour interview/interrogation of Matthew. Cauthen recorded portions of the interview, and did not record other portions, including a portion during which Cauthen shadowed Matthew as he made a written statement.
No criminality before or since
The acts for which Matthew was convicted stem from the end of 2010. This brief is dated March 9, 2016. 5½ years later. Matthew has no criminal record and is a criminal history category zero. In the interceding 5 ½ years Matthew has committed no crimes. He has appeared in this Court every time he was required to, complied with every order, and never violated the terms of his supervised release. This militates strongly toward the conclusion that Matthew needs no custodial sanction.
The CFAA is flawed and punishments are disproportionate to the crimes themselves and the true harm caused; true, this is “Not the case of the century.”
Based upon enhancement levels for loss, sentences for CFAA crimes that may otherwise seem de minimus, like this case, for example, are beset with guideline ranges that are grossly disproportionate to the actual crime itself. The crime, in that it leaves such unfettered discretion and carries such harsh penalties, has been referred to privately as the “Prosecutor’s best friend”.
According to Digital rights group and the leading authority on cyber-law, the Electronic Frontier Foundation, commonly known as the EFF: “One of the basic tenets of a civilized society is that the punishment should be proportionate with the crime. What essentially amounts to vandalism should not result in even the remote possibility of a 25-year jail sentence. But that very possibility is on the table in the government’s case against journalist Matthew Keys, whose sentencing hearing is about one month off. The case is an illustration of prosecutorial discretion run amok—and once again shows why reform of the federal anti-hacking statute, the Computer Fraud and Abuse Act (CFAA), is long overdue.”
The EFF op-ed piece goes on to state, as Assistant U.S. Attorney Matthew Segal put it:
“This is not the crime of the century.” But the government still charged Keys with three federal felony violations of the CFAA …. Keys was convicted … and faces a maximum punishment of 25 years in federal prison—10 years each for the first two offenses and 5 years for the third. This case underscores how computer crimes are prosecuted much more harshly than analogous crimes in the physical world.”
“It’s true that Matthew Keys’ actual potential jail sentence could be significantly less than 25 years. The government has actually signaled—but not promised—that it will “likely” seek less than 5 years. And it’s conventional wisdom that maximum punishments may sometimes be a ploy to capture the public’s attention …. But as [the EFF has] explained before, the maximum punishment can impact calculations pursuant to the United States Sentencing Guidelines. For instance, many prosecutors and judges use the maximum punishment as an indicator of how serious the crime is. They also ratchet up pressure on defendants to plea bargain or settle—after all someone facing 25 years is more likely to agree to serve five than someone facing a maximum of five year penalty.”
Such is the case here. Matthew took not only a great risk, but a courageous stand in taking this case to trial. It is everyone’s right to take a case to trial. It is a constitutional right to put the Government to their burden of proof. Matthew should not suffer additional consequences for putting the Government to task. If the Government believes this is a just law, that it is something they should stand behind, and they should be proud to take the case to trial and defend the law as written. Moreover, it is not logical to assume that one who takes a case to trial will, before an appeal is heard, will express an acceptance of responsibility. If the case is remanded for a new trial, Matthew would be stuck with his statements of remorse and contrition. He intends to appeal, and intends not to do anything to harm his chances on appeal.
To be sure, the Government will likely argue that his failure to plead guilty evinces a lack of an acceptance of responsibility. But in the face of an unjust, out of date law with punishments far exceeding the nature of the crime, it is the duty of conscientious Americans to challenge the law. One does so by taking the case to trial. This is hardly failing to accept responsibility; it is taking on a greater responsibility. It is sacrificing ones’ self at the altar at liberty to draw attention to a manifest injustice. THE CFAA seems to change with each appeal. Matthew’s case should be no different. Whether his case helps him or not, it will help clarify a muddy, out of date law.
The CFAA was written in 1984, largely as a response to the movie “War Games.” It was written when the internet was in its nascency. In 1984, one had to use a modem to dial up a particular computer network to access their information. To gain information from, for example, Stanford University, you had to seek out the University itself, dial it up like a telephone number, and access it, and only it. You were, in essence, going to a stand-alone store to shop.
In 1991, http protocol was invented. At that time, one could simply type Stanford.edu into a browser and – bingo – your computer was connected to Stanford University. HTTP protocol and browsers made the internet more akin to shopping at a mall, one could roam from store to store freely and conveniently. 1984 was a whole different world than March 2016, or even December 2010. Yet the harsh online civilization of 1984 is still being revisited in 2016 via the CFAA. Despite the wild variance in the types of crimes committed in 1984 and 2010, the elements of the crimes and the punishments remain the same. Again and again, computer criminals are treated like thought criminals and are sent off to the proverbial Room 101.
These inequitable penological results are a direct correlation to the fact that we are using horse and buggy laws to handle a jet plane society. On that fact alone Matthew deserves a Booker variance.
 All facts relating to the hackers discussed throughout this brief have been checked the person at issue except for: Hector Monsegur (A journalist familiar with Monsegur verified Monsegur’s present employment), Ryan Ackroyd, Ryan Cleary (though their co-defendants verified the facts related to both the case and to them personally), some of the PayPal 14, all but one of the Payback 13, Christopher Weatherhead’s co-defendants in the English PayPal case, John Borell, Jon Cowden (facts verified by his girlfriend as correct), Jeremy Hammond (though Attorney Leiderman consulted on the case and knows the facts to be true), and Cody Kretsinger (due to Leiderman’s representation of Royal Rivera, Kretsinger’s co-defendant, Leiderman knows the facts to be accurate).
 The Skylark Network. See http://skylark1348.tripod.com/id12.html
 The original article is still available on the Los Angeles Times website, See Lisa Mascaro, “Pressure builds in House to pass tax-cut package.” Los Angles Times (December 14, 2010), available at http://articles.latimes.com/2010/dec/14/news/la-pn-hoyer-tax-vote-20101215
 Parmy Olsen, “We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency.”
 Janet Maslin “The Secret Lives of Dangerous Hackers: ‘We Are Anonymous’ by Parmy Olson.” New York Times (May 31, 2012), available at http://www.nytimes.com/2012/06/01/books/we-are-anonymous-by-parmy-olson.html?_r=0.
 See, e.g., “LulzSec Hackers Handed Down Prison Terms, Suspended Sentence, In Britian.” RT (May 16, 2013), available at https://www.rt.com/news/lulzsec-sentence-jail-davis-376/.
 This tactic, known as a DDoS, overwhelms a website with traffic such that it collapses under the weight of the DDoS. While it does no lasting harm to a website, it can knock a website offline for minutes, hours or days.
 SQL or sequel injections are incursions into a website after a vulnerability has been discovered. A sequel injection can lead to the compromise of an entire website. On multiple occasions, LulzSec used SQL injections to harvest databases and all of the contents of websites.
 Many news agencies incorrectly reported that LulzSec was responsible for the more damaging and headline-grabbing Sony Play Station intrusion. A few days before the Sony Pictures intrusion charged herein, Play Station was breached. A reported 77 million accounts were compromised. The damage was so extensive that Play Station was offline for approximately six weeks. See the website “Absolute Sownage” for a chart and explanation of the Sony hacks that surrounded this case. There were so many that a score sheet literally became necessary. http://attrition.org/security/rant/sony_aka_sownage.html
 Internet Feds hacking activities began in December 2010, the time that Keys was in the chatroom.
 Keys’ attorney Jay Leiderman represented one of the people charged in this SQL injection case. The true number is less than 37,000. Though there was over $600,000.00 in damage and personal credit information was posted publicly, Matthew faces over 7 times the punishment given out to the two defendants in Los Angeles.
 There was never any proof of this claim, and Leiderman was privy to the discovery in that case.
 Compare, Computer Misuse Act 1990, available at http://www.legislation.gov.uk/ukpga/1990/18/contents, with 18 U.S.C. § 1030 (CFAA).
 Amul Kalia, “The Punishment Should Fit the Crime: Matthew Keys and the CFAA” Electronic Frontier Foundation, available at https://www.eff.org/deeplinks/2015/12/punishment-should-fit-crime-matthew-keys-and-cfaa.
 See, e.g. Anna Merlin, “Former Hacker Hector “Saabu” Monsegur Gets Time Served After “Extraordinary” Cooperation with Feds” Village Voice (May 28, 2014), available at http://www.villagevoice.com/news/former-hacker-hector-sabu-monsegur-gets-time-served-after-extraordinary-cooperation-with-feds-6718582.
 See generally, United States v. Hector Xavier Monsegur, 11-CR-666 (LAP) (S.D.N.Y.), and exhibita 2 and 3.
 Operation Avenge Assange was mentioned in Matthew’s trial and was discussed as a substantial motivating factor for Matthew wanting to report on, and joining Internet Feds. He was invited into the room by Sabu.
 This act was also occurring during Matthews’ time in Internet Feds. Though not discussed at trial, this event was also very newsworthy and Matthew was attempting to get information about these politically motivated acts.
 Monsegur was not charged with the CIA or Britain’s Serious Organized Crime Agency hacks.
 See, e.g., Nate Anderson “Great Personal Danger: Inside Hacker Sabu’s Guilty Plea Hearing” Arstechnica (May 9, 2012), available at http://arstechnica.com/tech-policy/2012/03/great-personal-danger-inside-hacker-sabus-guilty-plea-hearing/.
 See Kim Zetter, “Government Seeks Seven-Month Sentence for LulzSec Leader ‘Sabu,’” Wired (May 24, 2014), available at http://www.wired.com/2014/05/sabu-time-served-sentence/.
 See, e.g., “Fine Gael website hackers spared jail sentences” RTE News (October 8, 2013), available at http://www.rte.ie/news/2013/1008/479105-fg-website-hackers-spared-jail-sentences/
 But See Jake Davis’ statement: It was very[,] very unfortunate that Ryan Ackroyd did not wear a tag too for all of his police bail as he would have served considerably less. But the tag is highly disagreeable so I don’t blame him one bit.
 In contrast to Keys, who never downed a network, but, rather, was convicted of aiding in a 40 minute edit of a minor article.
 Mustafa Al-Bassam, Twitter Feed (6:22am Mar. 4, 2016), available at https://twitter.com/musalbas/status/705715136393297920.
 Email from Jake Davis to Jay Leiderman.
 One who wields a botnet.
 Extensible Messaging and Presence Protocol (XMPP) is a communications protocol, much like IRC. People can chat privately or securely or small groups can have chats. People use handles in XMPP that look like email addresses, as opposed to IRC, where just the handle itself is used. For example, if AESCracked wanted to use XMPP he or she may choose AESCracked@jabber.ccc.de. Or AESCracked@duck.go or any other extension compatible with XMPP.
 Reports from the time of sentencing: Cleary, 21, who also pleaded guilty to possession of images showing child abuse, was sentenced to 32 months, of which he will serve half. He also pleaded guilty to hacking and multiple counts of launching cyber-attacks against organizations, including the CIA and the UK’s Serious Organized Crime Agency (SOCA), as well as hacking into US Air Force computers at the Pentagon; see generally, “LulzSec hackers handed down prison terms, suspended sentence in Britain” (May 16, 2013) Russia Today, (May 16, 2013), available at http://rt.com/news/lulzsec-sentence-jail-davis-376/; Susan Watts “Former Lulzsec hacker Jake Davis on his motivations” BBC News (May 16, 2013), available at http://www.bbc.co.uk/news/technology-22526021.
 The colloquialism for those that self-identify as members of Anonymous
 When one clicks on a link, a website is typically being asked to engage in a “handshake” with the requesting site. Then the requesting site may access the content of the linked site. Junk packets seek no handshake, they just cause the website’s attention to be turned toward nothing of import.
 The tech staff at the Tribune Company at one point created their own DDoS tool called “bees with machine guns” that functioned in the exact same way as LOIC. Not only did they create it, they released it publicly with reckless abandon and even an acknowledgement that it could be used for illicit activities. (See “Bees with machine guns! Low-cost, distributed load-testing using EC2” Chicago Tribune, New Apps Blog, available at http://blog.apps.chicagotribune.com/2010/07/08/bees-with-machine-guns/.
 Many Anonymous chat logs during this period have the refrain “you have angered the hive.”
 The estimated number of participants in the PayPal DDoSings.
 See, e.g., Ryan J. Reilly “PayPal 14 Plea Deal Lets Hacktivists Avoid Felonies, Which is Pretty Much the Best They Could Hope For” The Huffington Post (Dec. 5, 2013), available at http://www.huffingtonpost.com/2013/12/05/paypal-14-plea-deal_n_4392521.html.
 According to Christopher Weatherhead, discussed below in the British PayPal prosecutions, “$4.2 million was consultancy fees, $185,000 was operational losses of the $5.6 million quoted by PayPal.”
 This tracks with the $5.6M figure PayPal provided in the US case.
 It appears that news reports might have that fact wrong, as all evidence points to the Anonymous activity beginning on September 21, 2010.
 See Josh Holiday “Anonymous hackers jailed for cyber attacks” The Guardian (Jan. 24, 2013), available at http://www.theguardian.com/technology/2013/jan/24/anonymous-hackers-jailed-cyber-attacks.
 See, e.g., “Felony charges? Harsh! Alleged Anon hackers lead guilty to misdemeanours” The Register (Aug. 20, 2014), available at http://www.theregister.co.uk/2014/08/20/anonymous_hackers_guilty_misdemeanours/; Attorney Leiderman has confirmed this with attendants of the hearing.
 See, e.g., “Payback 13: Last of Anonymous anti-copyright hacktivists sentenced in Virginia” RT (Feb. 20, 2015), available at https://www.rt.com/usa/234191-anonymous-payback-collins-blake/.
 Guy Fawkes Day, November 5th, is a day celebrated by Anonymous as sort-of “their holiday.” Many “ops” are set for the 5th of November. The date stems less from British traitor Fawkes himself, but rather from the movie “”V” for Vendetta.”
 See “Former Anonymous member Adam John Bennett given suspended sentence for website hacking” ABC News Australia (Mar. 3, 2016), available at http://www.abc.net.au/news/2016-03-03/accused-hacker-adam-john-bennett-suspended-sentence/7217466
 Robert Patrick “Feds say St. Louis man hacked Israeli group’s data” St. Louis Post-Dispatch (Feb. 1, 2013), available at http://www.stltoday.com/news/local/crime-and-courts/feds-say-st-louis-man-hacked-israeli-group-s-data/article_f220d5ab-8b8e-5d50-b87b-3fb63d7465c9.html
 Freeanons, “Welcome Home Jon Cowden: Life after Prison #OpPalestine ” Freeanons.org (November 3, 2014), available at https://freeanons.org/welcome-home-jon-cowden-aka-_anonymousstl_-life-prison/
 Per an email from Cowden’s girlfriend: “With respect to recidivism (not sure if this helps your case or not) his only actual violation was that the pocket knife that was in my office (we weren’t dating at the time – I’d set up an air mattress in there for him while he needed a place to stay) was slightly over the maximum length. He was allowed to have internet accessible devices (and he was allowed internet access) – he just had to have some spyware on whatever devices he used to access the Internet.” The spyware to which she was referring was the monitoring software used by Supervised Release. He failed to inform supervised release of his new device.
 Per the same email: “So plenty of non-Anonymous factors that would have made him more likely to re-offend/differentiate himself from Keys.” See note 85 as support of this claim.
 Cowden is known as the “Forgotten Anon” because his case received so little publicity in the Anon community. Through the work of FreeAnons, people have come to know who he is. As stated in an email by his girlfriend: “And for what it’s worth, Jon’s been dubbed “The Forgotten Anon” because no one knew about his initial arrest & incarceration until after he was released. So the only recidivist happens to be the only one who didn’t have any support or contact with Anonymous from his arrest until after his release.” Though Keys has no Anonymous support, the journalism community has been there for him, as has his amazing grandmother. His support network, primarily, is his work. He has always been there for journalism, and it has always been there for him.
 Department of Corrections And Rehabilitation – State of California, “2013 Outcome Evaluation Report” Office of Research (January, 2014), available at http://www.cdcr.ca.gov/Adult_Research_Branch/Research_Documents/ARB_FY_0809_Recidivism_Report_02.10.14.pdf
 See “WTTW Chicago – The Max Headroom Pirating Incident.” YouTube. The Museum of Classic Chicago Television, 22 Nov. 1987. Web. 09 Mar. 2016. https://www.youtube.com/watch?v=cycVTXtm0U0 ; see also “Captain Midnight, HBO, 1986.” YouTube. N.p., 27 Apr. 1986. Web. 09 Mar. 2016. <https://www.youtube.com/watch?v=lbruOe6Yii0> ; see also “ABC News Report on HBO’s “Captain Midnight”” YouTube. ABC, Apr. 1986. Web. 09 Mar. 2016. https://www.youtube.com/watch?v=xcQHc1zASDw .
 See “Dr. Who And The Electronic Pirate” Chicago Tribune (November 30, 1987), available at http://articles.chicagotribune.com/1987-11-30/news/8703300133_1_max-headroom-stunt-invader.
 This illustrates a true use of a “special skill” within the meaning of the sentencing guidelines.
 Paul McNamara, “Captain Midnight: ‘No regrets’ about jamming HBO back in ’86,” Networkworld (April 26, 2011), available at http://www.networkworld.com/article/2229101/security/captain-midnight—no-regrets–about-jamming-hbo-back-in–86.html
 See the more extensive white paper, attached hereto as Exhibit 1.
 A person named Laurelai Bailey logged a section of the chats in Internet Feds and released them publicly. “Bailey says Lulz Security hackers hold a grudge against her for leaking logs from the secret chat room in which they planned the HBGary hack—which she says she did in retaliation for them harassing some of her friends.” http://www.wired.com/2011/06/lulzraid/
 See Hari Sreenivasan “Gawker Data Breach Could Lead to Attacks on Government Agencies” PBS NewsHour (Dec. 12, 2010), available at http://www.pbs.org/newshour/rundown/gawker-data-breach-could-lead-to-attacks-on-government-agencies/; John Cook and Adrian Chen “Inside Anonymous’ Secret War Room” Gawker (Mar. 18, 2011), available at http://gawker.com/5783173/inside-anonymous-secret-war-room; Matthew Keys “The InternetFeds: Inside hacker Sabu’s war room” Reuters (Mar. 7, 2012), available at http://webcache.googleusercontent.com/search?q=cache:THzn_4yj1b8J:blogs.reuters.com/matthew-keys/2012/03/07/the-internetfeds-inside-hacker-sabus-war-room/+&cd=1&hl=en&ct=clnk&gl=us&client=opera.
 See, e.g., Kim Zetter “Hacker Lexicon: What is the Computer Fraud and Abuse Act?” Wired (Nov. 28, 2014), available at http://www.wired.com/2014/11/hacker-lexicon-computer-fraud-abuse-act/.
 Amul Kalia “The Punishment Should Fit the Crime: Matthew Keys and the CFAA” Electronic Frontier Foundation (Dec. 16, 2015), available at https://www.eff.org/deeplinks/2015/12/punishment-should-fit-crime-matthew-keys-and-cfaa.
 See Andrew Auernheimer’s speech as he’s going to prison in “The Hacker Wars,” a documentary on hactivists: https://www.youtube.com/watch?v=ku9edEKvGuY Matthew declined to be interviewed for the movie. Though Auernheimer is seen by many as less than a great individual, the quote is apropos.
California State Bar Certified Criminal Law Specialist Attorney Jay Leiderman and Matthew Keys leaving Federal Court in Sacramento California