Science and Technology News

Sunday, January 19, 2020

Georgia Man Admits Engaging In Distributed Denial Of Service Attacks Against Company


NEWARK, N.J. – A Georgia man today admitted his role in initiating a cyberattack known as a Distributed Denial of Service (DDoS) against a company that maintained servers in New Jersey, U.S. Attorney Craig Carpenito announced.

Tucker Preston, 22, of Macon, Georgia, pleaded guilty before U.S. District Judge William J. Martini in Newark federal court to an information charging him with one count of damaging protected computers by transmission of a program, code or command.

According to documents filed in this case and statements made in court:

DDoS is a type of cyberattack that purposefully directs such a large volume of superfluous traffic to a victim’s web server or other computer system that it can slow or shut down service. In or around December 2015, Preston arranged for an entity that engages in DDoS attacks to initiate attacks against a company. The entity directed DDoS attacks against the victim company, causing damage and disrupting the victim’s business.

The count to which Preston pleaded guilty is punishable by a maximum penalty of 10 years in prison and a fine of up to $250,000 or twice the gross gain or loss from the offense. Sentencing is scheduled for May 7, 2020.

U.S. Attorney Carpenito credited special agents of the FBI, under the direction of Special Agent in Charge Gregory W. Ehrie in Newark, with the investigation leading to today’s guilty plea.

The government is represented by Assistant U.S. Attorney David E. Malagold of the U.S. Attorney’s Office Criminal Division.

Defense counsel: Ijeoma Eke Esq., Assistant Federal Public Defender, Newark

Saturday, January 18, 2020

Pasadena Man Pleads Guilty to Federal Charges for Cyberstalking and Causing Intentional Damage to a Protected Computer


Executed a Scheme to Harass a Former Romantic Partner Resulting in the Victim Being Wrongfully Arrested and Incarcerated on Multiple Occasions

Baltimore, Maryland – Ahmad Kazzelbach, age 26, of Pasadena, Maryland, pleaded guilty today to federal charges of cyberstalking and intentional damage to a protected computer.

The guilty plea was announced by United States Attorney for the District of Maryland Robert K. Hur; Special Agent in Charge Jennifer C. Boone of the Federal Bureau of Investigation, Baltimore Field Office; Chief Melissa R. Hyatt of the Baltimore County Police Department, and Anne Arundel County State’s Attorney Anne Colt Leitess.

According to Kazzelbach’s plea agreement, beginning in June 2015, Kazzelbach and the victim both worked at Company A, an insurance broker located in Glen Burnie, Maryland, and in December 2015 began a romantic relationship, moving into a shared apartment.  In late May 2016, the victim ended her relationship with Kazzelbach.  Although Kazzelbach moved out of their shared apartment, he subsequently began a year-long scheme to harass the victim by compromising her personal online accounts, forging policy cancellation letters on behalf of her clients, and filing false reports with law enforcement that ultimately resulted in the victim being wrongfully arrested and incarcerated on multiple occasions.

Specifically, on July 25, 2016, Kazzelbach created an e-mail account that mimicked the victim’s real e-mail address and within 10 minutes, changed the name on the victim’s Apple account to the fake e-mail address he had created.  Two days later, Kazzelbach initiated a password reset, locking the victim out of the account which controlled certain settings on her iPhone, as well as access to the photos, music, and videos associated with her account.  Kazzelbach also accessed the victim’s Instagram account and changed a portion of her user name to “whore,” and accessed the victim’s online student loan account and changed the account e-mail address to the fake address he had created.

Kazzelbach also admitted that in late August 2016, he used a fax machine at Company A to send two letters purporting to cancel supplemental health insurance policies belonging to two of the victim’s clients, whose information Kazzelbach had accessed through his position at Company A.  On August 28, 2016, Kazzelbach accessed the victim’s own online health insurance account, to which she had previously given Kazzelbach limited access for initiation purposes, and made unauthorized changes to the victim’s race, pregnancy status, and income.  The change in income resulted in the victim being disqualified from the plan in which she had enrolled, potentially modifying or impairing her medical care.

On September 1 and October 1, 2016, Kazzelbach attempted to access the victim’s bank account and tax-filing account, respectively, using a proxy server, which can be used to hide an electronic device’s true location or identity.  However, investigators were able to identify the true Internet Protocol (IP) address from which the attempts were made and determine that the account was subscribed to by Kazzelbach’s father at a residence where Kazzelbach was then residing.

On September 30, 2016, Kazzelbach sent a text message to the victim in which he disguised his real identity by using a “spoofing” program, which used computer software to make it appear as though the message originated from a Florida-based cell phone number that did not belong to Kazzelbach.  In the message, Kazzelbach wrote, “Prepare yourself for what’s coming…the last 3 months were just the beginning.  I have bigger plans for you…I love how easily manipulated you can be.”

As detailed in his plea agreement, Kazzelbach filed a petition for a protective order against the victim on December 10, 2016, in the District Court of Maryland for Anne Arundel County, falsely alleging that the victim had physically abused him and made violent threats in text messages and on social media.  A temporary protective order was granted on December 13 and a hearing on a final protective order was scheduled for December 29, 2016.  Between December 13 and December 29, Kazzelbach contacted Anne Arundel County on four occasions to falsely report that the victim was continuing to harass and threaten him in violation of the temporary protective order.  Based on Kazzelbach’s sworn statement, and text messages and phone calls on Kazzelbach’s phone that he had spoofed to make it appear that the victim had contacted him, when in fact, she had not, the court issued four arrest warrants for the victim.  On December 29, 2016, the final protective order against the victim was granted, effective for a period of one year.  Then, between December 29, 2016 and June 2017, Kazzelbach made 14 additional false reports to law enforcement, causing 7 more criminal actions to be filed against the victim in Anne Arundel and Baltimore Counties, and resulting in her false imprisonment for four nights.

In March 2017, the Anne Arundel County prosecutor handling Kazzelbach’s case asked for Kazzelbach’s consent to download the contents of his iPhone, but Kazzelbach refused.  The prosecutor told Kazzelbach that if he did not permit a full search of his phone, the Anne Arundel charges against the victim would be dismissed.  In response, Kazzelbach began making false reports to Baltimore County instead.  In May 2017, the Anne Arundel charges against the victim were dismissed.  Baltimore County Police officers subsequently began their own investigation and determined that no attempted or completed text messages were sent from any of the victim’s accounts on the dates and times alleged by Kazzelbach.

Kazzelbach faces a maximum sentence of five years in federal prison for cyberstalking and a maximum of 10 years in federal prison for intentional damage to a protected computer.   Actual sentences for federal crimes are typically less than the maximum penalties. A federal district court judge will determine any sentence after taking into account the U.S. Sentencing Guidelines and other statutory factors.  Chief U.S. District Judge James K. Bredar has scheduled sentencing for May 1, 2020 at 10:00 a.m.

United States Attorney Robert K. Hur commended the FBI Baltimore Joint Terrorism Task Force (JTTF), the Baltimore County Police Department, and the Anne Arundel County State’s Attorney’s Office for their work in the investigation.  Mr. Hur thanked Assistant U.S. Attorneys Jeffrey J. Izant and P. Michael Cunningham, who are prosecuting the case.

WeLeakInfo.com Domain Name Seized


Site Had Sold Access to Hacked Personal Information and Account Logins

            WASHINGTON – Today, the Federal Bureau of Investigation and the U.S. Department of Justice announced that they have seized the internet domain name weleakinfo.com.  The announcement was made by U.S. Attorney Jessie K. Liu of the District of Columbia and Special Agent in Charge Timothy M. Dunham of the FBI’s Washington Field Office.

            The website had claimed to provide its users a search engine to review and obtain the personal information illegally obtained in over 10,000 data breaches containing over 12 billion indexed records – including, for example, names, email addresses, usernames, phone numbers, and passwords for online accounts.  The website sold subscriptions so that any user could access the results of these data breaches, with subscriptions providing unlimited searches and access during the subscription period (one day, one week, one month, or three months).

            With execution of the warrant, the seized domain name – weleakinfo.com – is now in the custody of the federal government, effectively suspending the website’s operation.  Visitors to the site will now find a seizure banner that notifies them that the domain name has been seized by federal authorities.  The U.S. District Court for the District of Columbia issued the seizure warrant.

            Any persons having information concerning weleakinfo.com or its owners and operators are encouraged to provide that information by filing a complaint (referencing #weleakinfo in the “Description of Incident” field) with the FBI’s Internet Crime Complaint Center (IC3) at https://www.ic3.gov/complaint/default.aspx.

            The seizure is part of a comprehensive law enforcement action taken by the FBI, the U.S. Attorney’s Office for the District of Columbia, and the Department of Justice’s Computer Crime and Intellectual Property Section, along with international law enforcement, including the United Kingdom’s National Crime Agency, the Netherlands National Police Corps, the German Bundeskriminalamt (the Federal Criminal Police Office of Germany), and the Police Service of Northern Ireland.