Académique Documents
Professionnel Documents
Culture Documents
- OBTAINED PERSUANT TO SEALED COURT ORDER; Page 3 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 4 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 5 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 6 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 7 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 8 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 9 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 10 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 11 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 12 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 13 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 14 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 15 - OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; Page 16 - b6; b7C; OTHER - OBTAINED PERSUANT TO SEALED COURT ORDER; XXXXXXXXXXXXXXXXXXXXXXXX X Deleted Page(s) X X No Duplication Fee X X For this Page X XXXXXXXXXXXXXXXXXXXXXXXX
FEDERAL BUREAU OF INVESTIGATION FOI/PA DELETED PAGE INFORMATION SHEET FOI/PA# 1204913-0 Total Deleted Page(s) 32 Page 13 b6 ; b7C; b7E; Page 14 b7E; Page 15 b7E; Page 16 b6 ; b7C; b7E; Page 17 b6 ; b7C; b7E; Page 18 b7E; Page 19 b7E; Page 25 b6 ; b7C; b7E; Page 26 b6 ; b7C; b7E; Page 27 b6 ; b7C; b7E; Page 28 b6 ; b7C; b7E; Page 29 b6 ; b7C; b7E; Page 30 b6 ; b7C; b7E; Page 31 b6 ; b7C; b7E; Page 32 b6 ; b7C; b7E; Page 33 b6 ; b7C; b7E; Page 34 b6 ; b7C; b7E; Page 35 b6 ; b7C; b7E; Page 36 b6 ; b7C; b7E; Page 37 b6 ; b7C; b7E; Page 38 b6 ; b7C; b7E; Page 39 b6 ; b7C; b7E; Page 40 b6 ; b7C; b7E; Page 41 b6 ; b7C; b7E; Page 42 b6 ; b7C; b7E; Page 44 b6 ; b7C; Page 49 b3; b6 ; b7C; Page 50 b3; b6 ; b7C; Page 51 b3; b6 ; b7C; Page 52 b3; b6 ; b7C; Page 53 b3; b6 ; b7C; Page 54 b3; b6 ; b7C;
b6 b7C
(Rev. 05-01-2008)
UNCLASSIFIED
ROUTINE
Date:
12/01/2011
:::: r~
9' /
~ ~
SA
Approved By: Drafted By: Case ID #: 288A-SD-NEW Title: UNSUB (S); #ANTISEC;
b6 b7C
ICOMPUTER
Synopsis:
INTRUSI dN
e opened on captioned investigation.
Request case
Details: On 11/18/2011, retired California Department of Justice Special Agent Supervisor I I advised that he received text messages from his own Google telephone number indicating that he had been "owned". On 11/18/2011, a YouTube video was posted with the title "#AntiSec Fuck FBI Friday V - Cybercrime Investigator com:m; ons" from the YouTube user account I __ ~ I. The video was 6:03 long and stated the following information, which was also posted as text below the video:
:ati
b6 b7C
"Greetings Pirates, and welcome to another exciting #FuckFBIFriday release. As part of our ongoing effort to expose and humiliate our white hat enemies, we targeted a Special Agent Supervisor of the CA Department of Justice in charge of We are leaking over 38,000 private emails which contain detailed computer forensics techniques, investigation protocols as well as highly embarrassing personal information. We are confident these gifts will bring smiles to the faces of our black hat brothers and sisters (especially those who have been targeted by these scurvy dogs) while also making a mockery of "security professionals" who whore their "skills" to law enforcement to protect tyrannical corporativism and the status quo we aim to destroy.
b6 b7C
UNCLASSIFIED
UNCLASSIFIED
To: Re:
We hijacked two gmail accounts belonging tol ~ho has been a cop for[],ears, dumping h~ orival email correspondence as well as several dozen voicemails and SMS text message logs. While just yesterda was having a private BBQ with hisl high computer crime task force friends, we were reviewing their detailed internal operation plans and proc_~documents. We also couldn't overlook the boatloads of embarrassing personal information about our cop friendl IWe lulzed as we listened tol I
We also abused his google voice account, making surd'1.r-_.....Lrfl;l;r.:.::ie::lon~d~s b6 L..a-n~d~f~am~il~yk-n-e-w-h~o-w.....,.h-a-rd.,...,..he-w-a-s-o-w-n-e...,d,... . ...Ipossibly the most interesting content in his emails are thd I b7C I 1 b7E I IThe information in these emails will prove essential to those who want to protect themselves from the techniques and procedures cyber crime investigators use to build cases. If you have ever been busted for computer crimes, you should check to see if your case is being discussed here. There are discussions aboud
---I--.,...._...J
These cybercrime investigators are supposed to be the cream of the crop, but we reveal the totality of their ignorance of all matters related to computer security. For months, we have owned several dozen white hat and law enforcement targets-- getting in and out of whichever high profile government and corporate system we please and despite all the active FBI investigations and several billion dollars of funding, they have not been able to stop us or get anywhere nearus. Even worse, they bust a few dozen people who are alleged!} part of an "anonymous computer hacking conspiracy" but who have only used kindergarten-level this isn't even hacking, but a form of electronic civil disobedience.
b7E
We often hear these "professionals" preach about "full-disclosure," but we are sure these people are angrily sending out DMCA takedown notices and serving subpoenas as we speak. They call us criminals, script kiddies, and terrorists, but their entire livelihood depends on us, trying desperately to study our techniques and failing miserably at preventing future attacks. See we're cut from an entirely different kind of cloth. Corporate security professionals like Thomas Ryan and Aaron Barr think they're doing something noble by "leaking" the public email discussion lists of Occupy Wall Street and profiling the "leaders" of Anonymous. Wannabe player haters drop shitty dox and leak partial chat logs about other hackers, doing free work for law enforcement. Then you got people like Peiter "Mudge" Zatko who back in the day used to be old schoollOphtlcDc only now to sell out to DARPA going around to hacker conventions encouraging others to work for the feds. Let this be a warning to aspiring white hat "hacker" sellouts and police collaborators: stay out the game or get owned and exposed. You want to keep mass arresting and brutalizing the 99%? We'll have to keep owning your boxes and torrenting your mail spools, plastering your personal information all over teh internets. Hackers, join us and rise up against our common oppressors - the white hats, the 1%'s 'private' police, the corrupt banks and corporations and make 2011 the year of leaks and revolutions! We are Anti-Security, We are the 99% We do not forgive. We do not forget. Expect Us!"
UNCLASSIFIED 2
,"
.UNCLASSIFIED To: Re: San Diego From: San Diego 288A-SD-NEW, 12/01/2011
I;
A link was also provided on the YouTube page to the documents that were taken from I recount. The n forma tj on Wi3 S J oca t ed at L...---I
L...-
dditionallY, some of The information contained within ~_account was posted atl 1
b6 b7C b7E
On 11/30/2011, California Department of Justice pr?vided the with a CD-ROM disc containing the files located atl . These files are contained in a 1-A envelope to thjs fjle and are password protected with the following password:
FiI
UNCLASSIFIED 3
(Rev. 05-01-2008)
UNCLASSIFIED
Date: 12/05/2011
b6 b7C
Approved
Drafted By: Case ID #: 288A-SD-73148 Title: UNSUB (S); #ANTISECj COMPUTER INTRUSION collection ofl
(Pending)
J J\
~
I
~I
~ VICTIM;
~------~IGmail files from
Synopsis:
~I
Document
Details: On 12/01/2011, following a determination that the CDROM disc obtained from the California Department of Justice had become corru ted, SA visited the website and downloaded the torrent L.c-o-n""7t-a-l:"'"' n-g-':""t";""h-e-c-o-n-:t-e-n-t:-"s--o""f---=-tTh_je Gmail files exfiltrated from I accounts. The contents included one zipped file
b6 b7C
=r
I-
The zipped file was placed on a CD-ROM disc and placed in the 1-A file .
,,,-
...
--.,.~
~~
UNCLASSIFIED
----- -'
_
...
12/07/2011
date of birth I L social securi ty a .... c-c-o-u-n-t-n-u-mb-=-e-r"""T"1 ....L....., was in tervi ewed at the San Diego Division of the Federal Bureau of Investigation. Also attending the interview were ITCFEI land IA After being advised of the identity of the interviewing Agent and the nature of the interview, I Ivolunteered the following information:
b6 b7C
referred to the written statement he had previously submitted and advised that the information provided within was accurate. A copy of the written statement is contained in a 1-A envelope in the file.
On 11/18/2011, at approximately 7:00 am PST, began receiving text messages on his cellular telephone from the telephone number associated with his Google Voice account, b6 I I The text messages were statements similar to "We'='"""I:h~a:"'::'v you" and "IoTe ox:m vpu". Additional text messages were received that b7C directed ~o enter an IRC chat rqom to disCllSS the matter with the indivlduals that had taken overt accounts. advised that he did not reply to these messages and does not recall the exact context of the messages or the name of the IRC chat room that they were directing him to. stated that he has deleted the text messages and has no record of them.
Shortly after receiving the text messages from the individuals claiming they had compromised his accounts, ....I __~ ~ began receiving telephone calls from friends and family members who advised him that they were receiving suspicious messages ff~m him on Facebook. The individuals also advised that there were_ and other out of character posts on his Facebook feed.
accounts. telephone
.__
Pllmber
........... I
By noonl had recovered and locked down all of his Text messages continued arriving on his cellular b6 that appeared to be from his Google Voice telephone b7C Fearing that his Google account was still compromised, deleted the Google account ..
Following the recovery of his accounts, received a text message that stated that it wasn't over and a text message that made a reference to the tough economic times and financial
Investigation on File # by
12/06/2011 ---~~--------
at
San Diego, CA
Date dictated
288A-SD-73148
;...2
SAl
b6 b7C
This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; it and its contents are not to be distributed outside your agency.
- ~-,
FD-302a (Rev. 10-6-95)
_ ........ .....L
288A-SD-73148
Continuation of FD-302 of
,On
12/06/2011
,Page __
2;;;...._.._
b6 issues. I Ichecked his credit crrds and discovered that a fraudulent charge had been made on hisL Icard from R~i~t~z~ __ ~ b7C camera. The item was set t~to his old address. The I card that was used ended inL_____j ~---~
believed that the compromise could be related to his Android cellular telephone, which he had "rooted". One of the consequences of rooting the telephone was that other programs that normally would not have access to the files "Shared Preferences" and "Accounts.db" could now access those files. The files contain information such as from the telephone. A few days prior to the individuals advising I 1 that he had been compromisedl Ihad downloaded and installed a program called "atorrent" from the Android store. This program allowed a ufer to dOjN;nlOad torrent files onto your cellular telephone. _ _stated that he used the program several times to test it, downloading music and a movie. lalso stated that his laptop could have been a potential source of the compromise, but did not believe that it could have been his desktop computer.
b6 b7C
b6 b7C
AlthOllgh #AntiSec claimed to compromise two Gmail accounts, I believed that the second account compromised may have been his Yahoo! account,! I since he had to ! Istated that he was unsure how the would have determined that he was the owner of the Yahoo! account L.:-----,;----::---......,..-"........"......---r---------I was unaware 1f t e Gma i account he had create~~~-~~~-~-~had been compromised. Additionally, did not remember the exact name of that account or the password for it.
b6 b7C
ladvised that he has wiped the hard drives of both his laptop and desktop computers. He also stated that he has deleted his Google account that was compromised and reset his
--L
__j---------
288A-SD-73148
b6 b7C
Continuation of FD-302 of
,On
12/06/2011
,Page
_J_
which removed Android cellular telephone ......."._.."....__ .....,...._.."....----' all of the text messages he had received.
b6 b7C
01(05(2012
On 12(31(2011, an individual posted information regarding' the compromise of the California State Law Enforcement Association (www.cslea.com) on www.pastebin.com. The information provided an explanation for the attack, e-mail communications from CSLEA personnel discussing the security of their website, as well as name, address, password, and credit card information for individuals related to CSLEA. Additionally, the message stated that the compromise of CSLEA was "how Special Agent I I at the California DOJI IUnit got humiliated last month". The referenced information has been printed out and attached to this document.
b6 b7C
Investigation on
01(05(2012 ----~~-------I
F~#
by
288A-SD-73148
, 5.~ .
at
San Diego, CA
Date dictated
SAl ----~.~------------------~-------------------------------------------------
b6 b7C ~e!
This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is 10a~our it and its contents are not to be distributed outside your agency.
,;;z2394,-",SD _ Y] 31 V [3/ ~
agency;
1/5/12
PASTEBIN
~~
API
AR01IVf
Follow@pastebin
search.
SIGNUP
Untitled
BY: A GUEST I DEC 31ST, 2011 I SYNTAX:NONE I SIZE: 71.51 KB I HITS: 2,862 I EXPIRES:NEVER COPY TO CLIPBOARD I DOWNLOAD I RAW I EMBED I REPORTABUSE
Database 34 seca~ 1. 2. 3. 4. 5. Hello comrades and thanks for joining us for the final phase of our cross country hacker crime spree, our contribution to prOj3kt m4yh3m. We're still preparing the torrents, mail spools, as well as our final txt zine release which will surely bring humiliation and embarrassment to many white hats and sysadmins. But this New Years Eve, we bringing yall some party favors to keep 6. you raging all night. Did you remember a month ago when the mayors and piggies
inserting 54 sec al Untitled 1 minag Untitled 1 min ag Untitled 2 minag Selecting 3 minag
7. across the US conspired to attack protesters in public parks? We sure do, so we 8. have been planning a retaliatory raid of our own. Bring it, NOAA. Bring it,
9. SOPA. We are snipers with one hell of a scope! Takin out a cop or two, they 10. can't cope with us!
11.
LAYOUT WI
12. 13.
14.
15.
16.
17. 18. Soundtrack to the Rev Track: The Coup - Five Million Ways to Kill a CEO 19. http://Wl-IW.youtube.comll~atch ?v=lJotps9V4as 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44.1 I'm from the land where the Panthers grew You know the city and the avenue If you the boss we be smabbin through And we'll be grabbin' you To say "What's up with the revenue?" Most everybody already knows that we don't like police very much. Shit, just about everybody hates them, everybody except for the rich and powerful who depend on their protection. But which state got the most blood on their hands? Well we already owned pigs in Texas and Arizona, and many many others; guess its time to ride on the California police.
33. From the murder of Oscar Grant, the repression of the occupation movement, the assassination of George Jackson in San Quinten prison, the prosecution of our anonymous comrades in San Jose, and the dehumanizing conditions in California jails and prisons today, California police have a notorious history of brutality and therefore have been on our hitlist for a good minute now. So we wenc ahead and owned the California State Law Enforcement Association (CSLEA.COM), defacing their website and giving out live backdoors. We dumped a few of their mail spools and forum databases, and we did get a few laughs out of reading years of their private email correspondence (sucrras CSLEA's Legislative and policel
-,
I But what
b6 b7C
SHARE PAS'
pastebin.com/MSaBvt9R
1/25
1/5/12
Hello comrades and thanks for joining us for the final phase of our cross count - Pastebin.com
45. included the cleartext passwor82500 of their ~mbers," guaranteeing the 46. ownage of many more California pigs to come. 47. 48. "But waitl Cops are people tool Part of the 99%1" orly? When these soulless 49. traitors voluntarily chose to cross the picket line and side with the bosses and 50. bureaucrats, they burned all bridges with working class. As the bootboys for 5l. capitalism they do not protect us, instead choosing to serve the interests and 52. assets of the rich ruling class, the 1%. Many Occupiers are learning what many 53. of us already know about the role of police in society when they violently 54. attacked protesters occupying public parks. Now it's time to turn the table and 55. start firing shots off in the right direction. Problem, officer? 56. 57. Interestingly, CSLEA members have discussed some of our previous hacks against 58. police targets, raising concern for the security of their own systems. However 59. c::=Jdeliberately made some rather amusing lies as to their security. He 60. repeatedly denied having been hacked up until web hosts atl IShowed him 6l. some of the backdoors and other evidence of having dumped their databases. We 62. were reading their entire email exchange including when they realized that 63. credit card and password information was stored in cleartext. This is about the 64. timec:::]changed his email password, but not before receiving a copy of the 65. 'shopper' table which contained all the CCs. Too lateJ.~ ~ 66. 67. In all fairness, they did make an effort to secure their systems after discovery 68. of the breach. 1 69 70
71 72
4.8k
b6 b7C
1 b6 b7C b7E
73 74. 75. 76. 77. 78. 79. 80. 8l. 82. 83. 84. 85. 86. 87. 88. 89. 90. 9l. 92. 93. 94. 95. 96. 97. 98. 99. 100. 10l. 102. 103.
But we still had and were stealthily checking out the many other websites on the server, while also helping ourselves to thousands of police usernames and passwords (it's how Special Agent at the California DOJI ~nit got humiliated last month). For two months, we passed around their private password list amongst our black hat comrades like it was a fat blunt of the dank shit, and now it's time to dump that shit for the world to use and abuse. Did you see that there were hundreds of @doj.ca.gov passwords? Happy new years I I
b6 b7D b7E
/*******************************************************************************
LIST OF SITES HOSTED BY CSLEA, NOW WIPED OFF THE NET III
*******************************************************************************/
Association of Conservation Employees (ACE) Association of Criminalists-DOJ (AC-DOJ) Association of Deputy Commissioners (ADC) Association of Motor Carrier Operations Specialists (AMCOS) Association of Motor Vehicle Investigators of California (AMVIC) Association of Special Agents-DOJ (ASA-DOJ) california Association of criminal Investigators (CACI) California Association of Food and Drug Investigators (CAFDI) California Association of Fraud Investigators (CAFI) California Association of Regulatory Investigators and Inspectors (CARlI) California Association of State Investigators (CASI) California Organization of Licensing Registration Examiners (COLRE) California Association of Law Enforcement Employees (CALEE) California Highway Patrol Public Safety Dispatchers Association (CHP-PSDA) Fire Marshal and Emergency Services Association (FMESA) Hospital Police Association of California (HPAC)
"
pastebin.com/MSaBvt9R
2/25
1/5/12 104. 105. 106. 107. 108. 109. 110. 11!. 112. 113. 114. 115. 116. 117. 118. 119. 120. 12!. 122. 123. 124. 125. 126. 127. 128. 129. 130. 13!. 132. 133. 134. 135. 136. 137. 138. 139. 140. 14!. 142. 143. 144. 145. 146. 147. 148. 149. 150. 15!. 152. 153. 154. 155. 156. 157. 158. 159. 160. 16!. 162.
Hello comrades and thanks for joining us for the final phase of our crosscount- Pastebin.com
Resource Protection Peace OffiJilt Association (~POA) state Employed Fire Fighters Association (SEFFA) ".
4IIt
/*******************************************************************************
OUR FAVORITE SECTION IN ANY GOOD HACKING ZINE - EXPOSING THE CLUELESSNESS OF WHITE HAT SYSADMINS IN THEIR OWN WORDS. OUR STORY BEGINS IN AUGUST WHEN CSLEA TAKES NOTICES OF OUR PREVIOU~ ATTACKS ON POLICE SYSTEMS. IS ANYONE SAFE?I
*******************************************************************************/
,
b6 b7C
pastebin.com/MSaBvt9R
3/25
1/5/12
Hello comrades and than~r .225 . 226 . 227 . 228 . 229 . 230 . 231.232 . 233. .234. .235. .236 . 237 . 238 . 239. .240 . 241.242 . 243.
b6 b7C
b7E
.244. /******************************************************************************* .245. LOLOLOL so MUCH FOR "ENCRYPTED MEMBER DATA". DAMDou DID HALF THE WORK .246. FOR us. AND DESPITE BEING AWARE OF THE BREACH, YOU STILL COULD NOT KEEP US OUT. .247. ON TO THE NEXT TARGET NEW YORK POLICE CHIEFS, OWNED AND EXPOSED III .248 *******************************************************************************/ . 249. .250. Soundtrack to the Rev #3: cop Killer by Ice-T .251http://www.youtube.com/watch?v=p5gRlud57jQ .252 . 253. I got my black shirt on . 254. I got my black gloves on . 255. I got my ski mask on . 256. This shit's been too long . 257 . 258. I got my twelve gauge sawed off. .259. I got my headlights turned off. .260. I'm 'bout to bust some shots off. .261I'm 'bout to dust some cops off. .262. .263. I'm a cop killer, better you than me. .264. Cop killer, fuck police brutality I .265 Cop killer, I know your family's grieving, (fuck 'eml) . 266. Cop killer, but tonight we get even, ha ha . 267. .268 For our next owning we bring you multiple law enforcement targets in the state . 269. of New York, who has been on our crosshairs for some time due to their brutal .270. repression of Occupy Wall Street. We also want to bring attention to the 1971 .271- riots at Attica where in response to the murder of George Jackson, convicts took .272. over the priso, demanding humane living conditions. It is in this same spirit of . 273 cross-country solidarity that we attacked police targets in NY . 274 . 275. We're dropping the md5-hashed passwords and residential addresses for over 300 .276. Police Chiefs in the state of New York. We are also sharing several private mail .277. spools of a few NY police chiefs. While most of the contents of these emails .278. involve boring day to day office work and blonde joke chain emails, there were .279. also treasure troves of embarrassing personal information as well as several .280 "For Official Use Only" and "Law Enforcement Sensitive" documents discussing . 281- police methods to combat protesters . 282. .283. Subject: Mid Hudson Chiefs Fwd: Demonstrators
b6 b7C
,
pastebin.com/MSaBvt9R 22/25
1/5/12
.343 .344. 345.
1....---
Hello comrades and thanks for joining us for the final phase of our cross count - Pastebin.com
-----11
e
.
but the thought of betraying our comrades under the gun of the prison industrial complex never crossed our minds .348. But how about sum moar private police documents?? We dropped these on Bradley .349 Manning's birthday:
.350. .351. .352 .353 .354 .355 .356 .357 .358. 359. .360.
b6 b7C b7E
// THATS ALL FOR NOW KIDDIESI EXPECT A BADASS ZINE AND TORRENT COMING SOONl!I!I!
~----------------------------------------------------------,
b6 b7C
PASTEBIN.COM TOOLS
a APPLICATIONS
FIREFOX CHROME IPHONE a IPAD WEBOS ANDROID MAC OPERA
WINDOWS DESKTOP
cue
pastebin.com/MSaBvt9R
24/25
-,
1/5/12
PASTEBIN.COM
Hello comrades and thanks for joining us for the final phase of our cross count - Pastebin.com
CREATE NEW PASTE DOMAINS CENTER
I APIINOS
~"t OUR SITES: HOSTLOGR I TINYSUBS I URLSPY I FILESHUT I MORE... TIME: 0.01265
pastebin.com/MSaBvt9R
25/25
Date of transcription
01/11/2012
__
The results have been printed out and are attached to this document for the file.
Investigation on Fil,'
01/11/2012
28 8A-SD-7 314 8 t
SA
ce
at
San Diego, CA
_.:.:__:_.;:_::....::..:...:....::::....:.....:..___:_----D-a-te-d-ic-ta-te-d------------.
by
b6 b7C
This documentcontainsneitherrecommendations nor conclusionsof the FBI. It is the propertyof the FBI and is lo~nd to your agency; it and its contentsare not to be distributedoutsideyour agency.
,
r.
~
(Rev. 05-01-2008)
UNCLASSIFIED
Date:
b6 b7C
01/26/2012
SA L...____1
____J
Approved Drafted
By: By:
L-I
11....-
...,
-J
(Pending)
b6 b7C
Synopsis: Details:
On November 18, 2011, ~etired California Department of Justice Special Agent Supervisor IL.....II advised that he received text messages from his own Google telephone number indicating that he had been "owned". On November 18, 2011, a YouTube video was posted with the title "#AntiSec Fuck FBI Friday V - Cybercrime Investigator Cormnunications"from the YouTube user account The video was 6:03 long and stated the following information, which was also posted as text below the video:
"Greetings Pirates, and welcome to another exciting #FuckFBIFriday release. As part of our ongoing effort to expose and humiliate our white hat enemies, we targeted a Special Agent Supervisor of the CA Department of Justice in charge od I We are leaking over 38,000 private emails which contain detailed computer forensics techniques, investigation protocols as well as highly embarrassing personal information. We are confident these gifts will bring smiles to the faces of our black hat brothers and sisters (especially those who have been targeted by these scurvy dogs) while also making a mockery of "security professionals" who whore their "skills" to law enforcement to protect tyrannical corporativism and the status quo we aim to destroy. \ b6 b7C
b6 b7C
UNCLASSIFIED
\\
~\~
UNCLASSIFIED
To: Re:
We hijacked two gmail accounts belonging td Iwhohas been a cop fonyears, dumping hislprivar email correspondence as well as several dozen voicemails and SMS text message lo~~hile just yesterday was having a private BBQ with hisl Ifriends, we were reviewing their detailed internal operation plans and procedure documents. We also couldn't overlook the boatloads of embarrassing ersonal information about our co friend e lulzed as we listened to an r voicemails fro We turned on his 00 Ie web history and watched him look UpL,--,. _ ___,J L---IWe also abused his google voice account, making sureL.r-_...&.l..l=, and family knew how hard he was owned. Possibl the most interestin content in his emails are the internal email list archives (2005-2011) which L...;-__ -:--:--_-:-_-:-_-:-_-:--:__ .JThe information in these emails will prove essential to those who want to protect themselves from the techniques and procedures cyber crime investigators use to build cases. If you have ever been busted for com uter crimes, ou should check to see if our case is being discussed here. There are discussions abou b6 b7C b7E
These cybercrime investigators are supposed to be the cream of the crop, but we reveal the totality of their ignorance of all matters related to computer security. For months, we have owned several dozen white hat and law enforcement targets-- getting in and out of whichever high profile government and corporate system we please and despite all the active FBI investigations and several billion dollars of funding, they have not been able to stop us or get anywhere near us. Even worse, they bust a few dozen people whl are a!1egedly ~art of an "anonymous computer hacking conspiracy" but who have only used kindergarten-Ieve this isn't even hacking, but a form of electronic civil disobedience. We often hear these "professionals" preach about "full-disclosure," but we are sure these people are angrily sending out DMCA takedown notices and serving subpoenas as we speak. They call us criminals, script kiddies, and terrorists, but their entire livelihood depends on us, trying desperately to study our techniques and failing miserably at preventing future attacks. See we're cut from an entirely different kind of cloth. Corporate security professionals like Thomas Ryan and Aaron Barr think they're doing something noble by "leaking" the public email discussion lists of Occupy Wall Street and profiling the "leaders" of Anonymous. Wannabe player haters drop shitty dox and leak partial chat logs about other hackers, doing free work for law enforcement. Then you got people like Peiter "Mudge" Zatko who back in the day used to be old schoollOphtlcDc only now to sell out to DARPA going around to hacker conventions encouraging others to work for the feds. Let this be a warning to aspiring white hat "hacker" sellouts and police collaborators: stay out the game or get owned and exposed. You want to keep mass arresting and brutalizing the 99%? We'll have to keep owning your boxes and torrenting your mail spools, plastering your personal information all over teh internets. Hackers, join us and rise up against our common oppressors - the white hats, the 1%'s 'private' police, the corrupt banks and corporations and make 2011 the year of leaks and revolutions! We are Anti-Security, We are the 99% We do not forgive. We do not forget. Expect Us!"
b7E
UNCLASSIFIED
2
To: Re:
UNCLASSIFIED
A link was also provided on the YouTube page to the documents that were taken from account. The jnformatjon was located at
1....-
...1.
b6 b7C b7E
On November 30, 2011, California Department of Justice pr1:i:~~ t:: ~BI with a CD-ROM disc containing the files located atr These files are contained in a 1-A envelope to thed are password protected with the following password: On
c"h ...... nc,.,'" ;
CC'
I
ICr'l ;,.,
b3 b6 b7C
UNCLASSIFIED
b6 b7C
FD-302 (Rev. 10-6-95)
Date of transcription
01/26/2012
e-mail address was ~ terviewed telephonicall~ter the identity of the interviewing Agent, L____j following information:
b3 b6 b7C
Investigation on File #
01/24/2012 at ----~--~---=~-
288A-SD-73148 I
San Diego, CA
Date dictated
(telephonically)
by~S=A~I
b6 b7C
This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loan~ it and its contents are not to be distributed outside your agency.
~eBA --SaD
_I) '?J 14 6
i (J
your agency;
'II
,
1
Ii
i
"1
I
i I
,
i
1,_,__
-------------------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-----~-------------------------------------------------------------------------------------------------------------------------------------------------------
-............--~~~
---------------------------------------
')
FD-340 (Rev. 4-11-03)
File Number
~
_
_-"-L.J-.l.
-::3==~"----------------
I 2. I/OltJ
12.0\ l
(Name 01 COlillibUlOl/llilviewee)
(Address)
b6 b7C
By
s~1
0 0
Yes DYes
I
I
IZ( No
~No
To Be Returned
Receipt Given Yes ~No Grand Jury Material- Disseminate Only Pursuant to Rule 6 (e) Federal Rules of Criminal Procedure Fedenil Taxpayer Information (FTI) DYes Title: LJ N S U1> ( ~)'
J
itA('l.TI S.Ec...'
1
C.O.,\llu"Ta'Jt
'
1-., (..IL,c.1.~
1f\1~OS.loN
Reference:
Description:
~~
r---~~~----_j------t..
. I
.;
i
I
----
-----~--,
.
.--'
1
,I
--
!
~E"t ..~\Lcz.~~'"
t.
c....... "'~
~_.
~%!
y.,_~
Q.e~~
~d 7
..LM
+-
~l:~
~k.~
.... ~
. 'i?
,l _(
.~~~e.."
I....)
~r'ifO~c1
..."k.~
~y.J..rwofAL.C..-'::.
1k~~
'I
II
,j
:j
l(j~~
otite......
')1"J')Q,r....us. c_..
~ec:....s....
L\.a..",
l~-br.,~I/ Gwt;A
b6 b7C
'.-. S~
....
II
11 ,..~:'
-.)1
I1 -;) ...
I
0( .... '"c.M u
o.t\
ph lMJZ.
c.,._lls
1~,
a.i.c..A- -po-S;f-s
\,_,lL-l 1.... .-
t
I
It
II
. c..l'Y\.+.:'~
-\-t'~f\"itw. '3:.\M.,,\c.kh.,.
oJ
'-.I
.9-~
r-..u...,.:!:i/;i
"~-hJJ~ ,
, \Jh~tll rr.f~
~lI~~L~("
.J
~~T ~
t;~1
c;l
J
a.cc.
4'(1
'\)
-h ~.,..,.,,;{ ~hf)1\-t
J I
[4,m+ Q?I
v ......
~t'ta
t:1tfl-;Lt
U
-..J
I.dA
II
,
"II.,..
II
- ---
-----~-----
.. .--
IW
. Dv-Jweck
I
c~~
'1'::.
~c -II
r1r.>r'(c~
b6 b7C I
i I
I
i
I
..0 v J e,..-J
.t...w... ~, +z.
~r;.M
HC<.
(~n-Jc.-~\ ,
-I
--
.>
>
,~
Statement regarding the hijacking of my personal accounts: On Friday 11-18-2011, at approximately 0700 hours I was getting in my car and began receivina text ressages on my phone from my own Gooale telephone number of
This number is associated with my bccount of I , The messages stated that in essence, the senders had taken over my account and hat they "owned" me. The messages were also directing me to a specific chat room (I already deleted the text) to contact them, otherwise they were going to post my email and personal information all over the Internet. I ignored them and they continued to harass me with incoming text messages. I checked via my smart Android based cell phone, and immediately noticed I no longer had access to my Google account, my Facebook account that was assotated with the same email address, and the yahoo account that was linked to my I The perpetrators continued to prod me to go to the chat room with threats of releasing the information, but I continued to ignore them. When I arrived home at approximately 0730 hours, I went onto the Internet from what I believed to be a secure computer and via the specific providers websites followed their online protocols for recovering compromised accounts. It took approximately 1 hour, but I was successful in gaining access to all the compromised accounts and changed the passwords several times to prevent the intruders from following the same protocols. In the Google account, they harassed many of the contacts contained in my phone book with a variety of text messages. They posted personal emails from the email accounts around the In erne and m d Id s atements about compromising a Department of Justic Some ofthe email in m sent folder included They logged into my Facebook account and deleted most of my photos, changed configuration settings, posted numerous offensive comments and personal messages to various friends, as well as impersonated me in various chats. . I received a phone call from a Huffington Post reporter (didn't get his name but seemed legitimate, b at approximately 1400 hours the same day. He was excited when he initially called, like he was at the forefront of a big breaking story. He asked if I wanted to comment on the compromise that happened to me and told me he learned of it from people in a chat room. It appears he thought I was going to be some high ranking manager of a computer crimes unit and there were going to be damning things in the data they stole. I quickly deflated his enthusiasm as I told himl I ....._ __~and that whatever they got was personal, but not embarrassing and I was not going to give in to their threats and intimidation by contacting them. I further told him that in the overall scheme of things, I was really nobody and it was insignificant to terrorize me for their cause.
b6 b7C
b6 b7C
b6 b7C
Following my recovery of the accounts, the perpetrators texted me and said it was not over yet. They made a comment about how tough economic times were and I should beware of my financial status. I made a check of my assorted banking and credit
~~~--
-----
I
[
account that I deal with online and discovered a fraudulent charge made th~ RiIz camera for app~XimatelY $896.95. The purchase was made with my and was sc~eduled to ship to an old mailing address a
to
b6 b7C
I contacted I and they are cancelling the transaction and the account. There are no other know discrepancies at this time and have since place a credit block on my personal information.
They continued to harass me via text and said they were releasing my telephone number to 150,000 followers on twitter, and hoped I wasn't busy. I received a few calls, but did only answered a few just to see what the callers had to say. 'Most just made ignorant comments and hun u . I disabled the mail account, to avoid a backlo of voicemail as m hone i I believe this tactic, along with not acknowledging them in the text or chat rooms frustrated them and kept them from calling or texting too much. There were a couple of texts from I khat appeared to be sympathetic to me, wishing me well and hoping the hackers would be brought to justice. I ignored them as well, suspicious that the perpetrators were just testing to see if I was receiving their other harassment texts. I received only a few additional phone calls from mysterious numbers and harassment texts over the weekend. I desire prosecution.
b6 b7C
BUREAU
OF INVESTIGATION SHEET
Deleted
Page Page Page Page Page Page Page Page Page Page Page
16 17 18 19 20 24 25 30 31 36 37
11
b6 ; b6 ; b6 ; b6 ; b6 ; b6 ; b6 ; b6 ; b6 ; b6 ; b6 ;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
b7E; b7E; b7E; b7E; b7E; b7E; b7E; b7E; b7E; b7E; b7E; XXXXXXXXXXXXXXXXXXXXXXXX X Deleted Page(s) X X No Duplication Fee X X For this Page X XXXXXXXXXXXXXXXXXXXXXXXX
J ..
I' ,
(Rev. 0131.2063)
~recedence:To:-
ROUtlNE
ATTN:-
Date:-
.10/ 08/2009
Cyber Division
SSA
From:- San Fr-ancisc-o Contact:Approved ;By:: Drafted.By} ~ __ ~__ ~~~~
Computer Intrusion'
Unit #2
Squ-ad CY-2/Sa',U-~~~I.LSA
__
b6 b7C
288A-SF-NtW-G'J (Pending) ..... ' ANT-I-SEC; UNSU-B (S), et al; -IMAGESHAC-K :-:-VICT'IM; COMPUTER I:NTROS'ION f_i_les.
/t
on October 8, 20 9, Special Agent A) met w"ith employee_s of IMAG at 23 rtfi Sant-a Cru-z Avenue, Los Gatos, California, 95030, to Lscuss two rec _ c-omputer i,ntrusions of IMAGESHACK sezvexs , -IMAGES'HACK is a company which provldes i,oternet "image host,i_ng. IMAGE_SHACK advis-ed s'AI I t.hat the f_i,r-st comput e r intr"tlsion occur-red on July 10, 2009 at approxima_te_ly 7 pm Paci_fic St'andard 'rime (PST)._ A group by the n_ameof ANtI-SEC gai_ned hack-er (s) access-ed contafned I
b6 b7C
d
~
b6 b7C b7E
able
to I
on th e t,he hacker (s) posted a mess-age I In addition, - intet:net which claims the ANTI-SEC .is a ,movement ded.lcated to the er-adic-at-ion of full disclosure. Their mess-age _further explained they plan to achiev-e tbis "t,hrough t,he fulJ and unrele,nting, unmerciful elimination of all supporters of fulJ-disclosu-re and t,be security industr-y in its 'present form." b6
b7C
To:
Re:
b7C b7E
IMAGESHACK advised this computer intrusion affected approximately 50 million images and every user that was on their site at the time viewing :images. IMAGESHACK .Ls steill ot su e ~ ...., got into t~eir database but believe.""=."......,,,,.,,,...,,. b6
On August 2, 2009, :IMAGESHACK believes the same hacke_r(s) came back and gained access to their servers again. IMAGESHACK has -full and complete logs. 'It.is apparent the hackerls)1 I
b6 b7C b7E
b6 b7C b7E
IMAGESHACK estimates their losses at approximately $26,000. :It is requested that t.he folJowlng subfiles be opened e Grand Jury SUS GJ
b6 b7C
It is .requested that the new casy and subf_i:lesbe opened and a.ssigned to SA ...1 __.J
- --
_--
_cc--cc-_-=--_c_-"--=_c_
cc-==
-=--__:_:--:_:_:--c=_- -=--cc_-
_--,----~
-----
---
of case s Acqui_red:Disp.osit-i.on:Acquired
'FD-192
Property Acgui_red:-
ICMt~ROl Page l
b6 b7C
Anticipated
I
Desc_ript,i.on_ of Pr.operty: .1B 1
.srx (6 )
HAEDDRIVE'S: '-THREE (3) WES-TEEN DIGlTAL S/r::; WMAP4,123996-4, S/ij W~KI{12S207'1 AND SiN WMAKE-2_1S'3028 -TWO (2) }{tT~Cl{I: SiN CKC4U'9S'E, SIN C~t-5'H4ME -ONE(1) S'N{SQNGSiN S09QJ1'OL218644 ONE( 1 ) f!tTAcHt Bare'ode: E4189643 10/09/2009
,
-FD-_1_92 of Case:Aequi_red:: Source f_rom wb,ich Property SV-~CJ"L Disposition: Acquired
BYi
Ae_qui_red:Case Agent:-
ICMI:IiROl Page 1
Date
Property
08/19/2010 -Anticipated
b6 b7C
.
Description
l_B 2
~I
of Prope_rty:-
Date Enee_red
_Loe-ation:- S_JECR
'PRESS3
08/19/2010
288~-SF-~4_5486S~ FRANCISCO
ot8~ t\ -
Sf - '46
1~' -
mY~ k-'"
10. 2.
..
FD302 (R~v.10-6-95)
..
1
Date of tratlSCription
1 Q L Q ~ L2 0 Q 9
On October 8, 2009,~1 was interviewed at his place of employment, ,IMAGESHbCK, located at '236 North San Cruz Avenue, Suite ,100, Los Gatos, California, 95030, telephone number 40S-836'-8579. Afte~ advised of the identity of the interviewing agent, L______j provided the fOl_lowing information: On July 10, 2009 at approximately 7: 00 p.m., U1AGESHACK servers were hacked. The hacker(s) ,we:e able 'to qet into the ~~~~~~~~~~~~~~~~~~lnsl L.....__ ....-----------___.....,I I -indicated the user This sever also contained
L-----:,---:-I indicated 'IMAGESHACK does not ~~~~formation~~~~~~-~~~~~~~----~~~~~~ ave a that from that server, the Ultimatel
--------------~I
b6 b7C b7E
~~_~advised this affected every ~~~O~-,o:"Tl~:"""'TlIT'7C~-.,.;~'=""I:'7C, ~ and approximately 50 million images. He -indicated IMAGESHbCK user images were replaced with this propaganda message for several hours. I I said this caused quite a stir on the internet as it affected many website backgrounds as well. I ladvised a group named ANTI-SEC c Latmed responsibil.ity for ,the hack of IMbGESHACK on the internet. 1 1 said the technical team at IMAGESHACK believed the hack was a result of an I I He ~~ifi~p~ that after 'the hack. the technical team at IMAGESHACK I
I
II
back. On August 2, 2009,1 1indicated the hacker (s) came He advised ,the staff at IMAGESHACK believes it was the same
0
b6 b7C b7E
({'ss ))wb::;l;se they L h~yised that at the time it appeared the I haaCckkeerr
I
*
I '
lov~stigation fil~ by
on
09/08/2009
28 8A-S F-14 5 4 86 SA
;;:r
?t
....;;;.L.;.o.::.s_G.;;..-:;;,a.;.to.;..::.s~, _C.;.a=l;;;;,i;;;;,fo.;..::.rn;.;;,;;.ia;;_ _
Dat~ 4iate4
.;.,N..;;.;A;..._ _
b6 b7C
This doo.nn~nt contains f1cith feOmme~ions fIOI' con?tusions of th~ fBI. It is t~ ptoprty of the FBI a.n4 is ~e4 it w its CQfItents ar~ I\Ot to be dlstriblolte4 outMe your ~ency.
to your ~geny:
288}J.-SF-145486
:~L ---"---------'
On
ContinuationotfD3'0201
Q9/0B 120 09
.Page
b6 b7C b7E
During tb~ second ,attAyk, tb,e bac~went J tben I J 'and tben "'__---;::::::==::::::;---'
$26',450.
!--:-.......-- ........... I provided one compucer Di,sk (CD) -LabeLed IMAGESHAC~ 'ANtI SEC which he did not want .recurned that cont-ained copies of an ovezvd ew of the hac~';, 'Mitt-S'EC jpg. ,image posted to t,he
server's, email ',froml'reg'ardi,ng tbe identity of tbe hacker t s), ana chat ' o9srqm : t1AGE:S'HACK st'aff dur.in_g t he bugust ,2009 at t'ack ,
L...-
th;
2,
b6 b7C
---....II'provided 'six, hard, drlv'es to S,~ I and signed 'an FD-941 Consent to Syarc,h Corciputer(s ) form for t,hese six hard drives. I J was al so 'provided and si9ned an FD597 On,ited St'ates Depart,Inent of Justice, Feder'al Bur-eau of , Investig'at:ion, Rece,ipt For Prope r ty Received. 'I'be, fd-941 and FD-' 597 and CD have been placed Ln a lA .enve'Iope and, sent 'to the ,file.
(Rev.OS"()1.ZOO8)
bl b3
S~A-l _ S
... case tD
#u:ml b3 ~(~O~)~~2~88~J~-~S~F~-~1~4~1~8~90~----------~(~p-e-n-d~in-g~) (U) ...-288A-SF-145486_ _ --~ DEATHIS COMING.FROM THE EAST; 'ONSOB (S) ; C.I/CT - TNtI WORLD DEE-'ACE&S,
~==========~----------~ I
~========::::::;-~
I.
b6 b7C
bl
'ritle:- .~
W)
J:s<
UNSUB(S) ;
CT - TNt!
M.
~
Ide_nti_ficat-ion
of possible
f()Un~ing member of
bl b3
(5) l.___
------ll
uummumuS~INOFOR~m' mmul
+S)
S~/INOFORN~
To:
(5)
San Francisco
L..
From;
San Francisco
....J
Re:1
bl b3
(3)
/
(U) Open jource searches provide no information that Anti-Sec hacked. I San Francisco division
b7E
\
The hackers changed the server settings to redirect every image to a hacker logo. The hackers posted a message claiming that the Anti-Sec group is dedicated to the eradication of full disclosure by eliminating the cyber security industry. (288A-SF-145486-,Ser:ial : 1)
(U)
b6 b7C b7E
I.
An identified
stated.tnat Ant 1. -sec IaOrl.Ca~e--cr the claim ofl.~~ ~ ~ ~ ~l White-Hat Hacker and Cyber Security Communities. Open source rese~rch r~yealed that several -large web hosting companies consl.deredl~. ~ ~ ~I (800A-HQ-C1591622-NOADMIN, Serial : 20010).
b7E
1
I I
b7E
(S)
bl b3
.
To:-
(3)
Francisco
S~IINOFOl!N~
Re:
bl b3
~/
/NOFORN~L....-----I
bl b3
(3)
To:~e:
Franei seQ
~lINOFORN~
FrOm-
San
Francjsco
bl b3
SAN FRANCISCO
AT SAN JOSE
++
bl b3
iPrecedence::
,UNCLASSIFIED
Date:: 1_1/10/200Q
Rou'tINE
---.
b6 b7C
~--~---------~ '0,
I
----JI
(pendingVt.t
'Title:-'
ANtI-SEC;
(JNSOB(S);
JMAGES,HACK _' 'VICTIM; COMPUtER 'lNTRO$ION
'Synopsis:-
operii_ng .'
:Details::
On October ,9, 2009, Special }J.gent (SA) ~I=-:---:-_~_~ e~a,i:le,d Chief, A~'s,ist,-ant, _Un_i~ed St-~t'e,y Attorney ,(AOS'A);,fo,r,-t.,he Computer Int,rusl.on and ,ij,ackl.ng Un,l.t"L Ire,gardl.,ng concur renee ,for new capt.Lcned :investigation. ,rbe e-mail ccncafned a surn.rnarY'-oi'the case informat,ion., ~AI lwas ccntact ed t'elephonica11y and g,ran:ted ,~oncu'r_'rence regarding cC'aptioned i,nvestigation -and advised ,that !.AusA jt;tould be as'sLqned t,he -case ,
b6 b7C
'
..
to ,AUSA
-Attached
and-made a,'part
-UNCLASSIFIED
"
fDS42 (Rev.o3-i3-20(9)
UNCLASSIFIED
Date:-
11/13/2009
To:-
From:-
Approved Dr'afted
----!I
___,f
b6 b7C
288_A-SF-1A:S486 (pendi_n~
'7
~NTJ-SEC; UNS-UB (S), et ali .IH~GES.HAC}{ - VICT-I~; COMiOTER INTJ~USION To Claim Statist_ics.
Synopsis:: Detai_ls:-
On September -16', 2009, Special Ag-e~t (S]J.) te_lephonic-ally spoke to ,the vict_im company, Imag-esh..... a-c"""k-, -------, .re,g-arding c-aptioned rnat t er and set a date to meet in per~son. On October 8, 2009, SAlimet wit.ol lof Image_shack and obta med the de~:i_nfoI:mation about the capt Lcned comput er i,nt:rusions. ,Possible s'ubj ect (s) have been :identified. On Noyember 13, 2009,
b6 b7C b7E
SAl
UNCLASSIFIED
- ---
-~ -
-~-- ---
"
~---
-':__c--''---
--==:__::___::_____---=--=
UNCLASSIFIED
e.
To: Re:-
Accomplishment
Information:-
Number:- 2 -Type:- CI? 2703 (f) ORDER SERVED ITU:- crs -tTU:- :LIAISON WtTH OTHER AGENCY' Claimed ~y :-1 SSN.Name:Squad :-~C=Y=2O:-----___' Number e 2 Type:err SUBJECT IDENTI FlED ITU: err ITU:- LJAISON WITH OTHER AGENCY Claimed By '1 SSN: Name:- L...-...."..".".,..... ...... Squad:CY2 Number:- 2 Type:C1P VIC'tIM CON'I'ACTE-D/INTERVIEWED ITU:- bGENT :INTERvtEW -ITU:- CIP tTU: INDIVIDUAL/NON-INFORMANT ITU:- .LIAISON WI'tH OTHER AGENCY Clairn_ed SSN: Name e Squad :L...-C~Y~2";------"'"
b6 b7C
BY:I
++
UNCLASSIFIED
~'a
a
. 'aforement;:ipned ..lac'simi,le' tb,i,s. documerrt ,
"~t
I>~e, of trltlseriptiQo
12L Q 2_L 20
0 ;1
b6 b7C b7E
~~
~.
"
InvestigatiQo File. #
Oft,
12/08/2009
,288A-~F~145486:'~
~
-NA
by,_
b6 b7C
'Thi$ ~t.m'lent oontains neither recomrnendatiol:ls flOf >n~I\lsiOtl$of the FBI. 11i$ the property of the "it an~ its ontcnU are t.IOC to be distribute4 ou'tsi~ yOUtage~y. . ;
fBI aM
"
,.
.
. 1
Date of tr~siption
0 3/ 0 Z /2 0 1 0
b6 b7C b7E
The abov~ referenced letter had been attached and 1s made a part of thi~sdocument.
Investigation on File /I
by
01/23/2010
at
CamEbell, California
Date d ietated
(via .facsimile)
NA
288A-SF-145486 ~ SAl
,?-
b6 b7C
Z2b~
This durnent cootains nej~r r~ndations II ~ its contents are not to be 4istri~ted
not conlI,lSionsof the FBI. It is the property of the FBI an4 is lQaned to your .ge~y; OIortSide your agelXy.
To: .san Fr'ancJsco ;From:
UNCLASSIFIED
:Date~
"FEDERAL;BUREAU OF INVESTIGATION
01/14/2010
Jose .RA'
,SA,
~----~------------------~
b6 b7C
(pendingvY
'SynoI>sis:
Details:
'Or),October 8, 200.9, :Ima_geshac,k provided sA !-ol_ 'hard drtves and consent; 'to search t,bose hard drives.
UNCLASSIFIED
b6 b7C
Accomplishment_ Information::
NurrlbeI':1-
type:- CIP 27-03 (f) 'ORDE:R SERVED I1'U:- crs iTU:: LJAISON' WI_TH,otHE"R ,A~tNC'.(
Claimed
SSN:
BY',:
'8
Name:: .__--==--==----_
squads
C';'2
......
Nuinbe_r-:Claime.d
ssa.
'~:I
'Squad
Name:-
::L...-,,....C'""x2.,....-----
.....
'
..
UNCLASStFIED
2
1.
0:i
Pate ohl'ao~iption
L 2 7 12 0 1.2
b6 b7C
Agent I I returned six hard, d~ive.s tol at hi_s plac-e of empkoyment; .IMAGESAACK, 2_36 Sant:a Cruz Avenue, L9S G_atos, Ca~_ifornia, 95030. A c-opy of th~ signed :0"0-597 Unit-ed -St-at-es Department of Justice Fed~r-al 'bure-au of Investigation Receipt :for t>_roperty Rec-eived/R~tu~ned/Released/Sei_zed had been placed in a l~ enveIop and sent to the f_ile.
On April
lnvestigatiotlce file by
4/27/2012 S6
2 S SA - SF -1454
'S~
cl
I
at
'_'.;;.N,;.;;.A~
_
b6 b7C
nus loWXIent CQfttlinS ncithet te>mmen4atiol:l$ not eon~h.lSions 01 the fBI. It is the property it an\i its contents ate not to be distribl.lte4 Ol.l'tsi4eyow .g~y.
'(>( the
(Rev.OS..QlZOO8)
UNCLASSIFIED
Date:
04/27/2012
Case 1D #: 288A-SF-14S486 Title: ANT~-SEC; UNSUB(S), et ali IMAGESHACK - VICTIM COMPUTER INTRUSION To Close Captioned
Synopsis:
Case.
Details: l\ssistant
Special Agent (SA) have discussed captioned investigat~ on -~nd l.S s atus on _numerous occasions. On March 16-, 2012, AU?Al I jn)IUir~d via emai_; -if captioned investig-ati<?n could be closed. SA_ Jadvl.sed that Sl.nce there are no good sUbJect inte_rnet protocol (IP) addresses and no good follow-up leads or information from cu,;rent sources, captioned -investigation shou14-be closed. The' evidence obtained i_n this -investigation did not de_,;i ve e_nough probable c-ause to result -in the identif_i~of a subject for a prosecuteable of_fense. On Ap,;i_l 18, 2012, SA~received a lette:r from the United States Attot:ney I S Off_ice st-atl.~g that th_eir off_ice has closed the investigat_ion. The abovementioned letter has been attached and _is made a part of this document. On Apri_l 27, 201_2, S~ I prcvd.ded by Imagesha~k as evidence victim company. evidence I.retut:ned the hard drives -in capt_ioned case back to t_he
b6 b7C
I and
It is -recommended that capt_ioned c-ase be closed and that col_lected on c-aptioned case be destcroyed and/of -retut:ned UNCLASSIFIED
~
ct~>~o-': u e l\z~~J-.\\.
~
~00ll2-
UNCLASSIFIED
put~suant ,to' Eo"Bt policy., -';['he:te~ 'axe 'no pending leads inves tigat,ion: re9:uired:' on capt Ioned case ,
01:',f"urthe1:'
++
,UNCLASsIFIED
2,
,.
.'
Aprfl'18', 2012'
Special Agent Federal Bureau of Investigation ;1919 S>Bascom Avenue, Sulte'400 'Campbell, CA 95008 RE': 'JmageShack'Intrusion,
b6 b7C
"
'pear Special-Agent
CJ
1
This letteris to confirm that my office-has closedthe investigation intothe ImageShack .intrusion by agroup known as Anti-Sec, Based on our conversations, you have conducted an ,exhaustive investigation and have been unable to identify the individual responsible for the intrusion .. If'you find new,evidence, 'please re-submitthe casefor prosecution, I appreciate allof'your. work on tlie case. .Please do not hesitate to contact me if you have any questions. Lean be reached a~ I ,Very.truly ours, ',MEcINDAJIAAG
.,
"
"
.. j
, I '
.,
BUREAU
OF INVESTIGATION SHEET
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
7 8 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 43
29
b6; b7C; b7E; b7E; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; XXXXXXXXXXXXXXXXXXXXXXXX X Deleted Page(s) X X No Duplication Fee X X For this Page X XXXXXXXXXXXXXXXXXXXXXXXX
SF
1
! !
ORIGINAL NOTES RE INTERVIEW OF~I ~ FD-597 RECEIPT FOR PROPERTY; FD-941 CONSENT TO SEARCH COMPUTERS; ONE CD WITH PRINTED COPIES
SF
2 ! SILICON VALLEY RCFL REPORT OF EXAMINATION DATED 11/17/2009; ! AND 08/09/2010 AND RETURN TO AGENCY RECEIPT DATED 08/19/2010 .! (NO REFERENCE SERIAL) 3 ! -ORIGINAL PACKAGE COPY FD192 (CHAINS OF CUSTODY) lA'D ! -ORIGINAL 1B2 ENCLOSED
b7C
!
-----------------------------------------------------------------------------b6
!
SF
4 ! -ORIGINAL PACKAGE COPY FD-192 OF 1B1 (EVIDENCE RETURNED) ! -COPY OF A SIGNED FD-597 ----------------------------------------~-------------------------------------! SF 5 ! FD-597 RECEIPT FOR PROPERTY RETURNED Tol ! IMAGESHACK ON 4/27/12 (REF SERIAL 14) ~. ----------~~
!
SF
,~ .
------------------------------------------------------
--------------------~---~'
----------~------------------------------7------~------------------------------
,..:
.
Ml'tllitEl
~!
f''''';'''''''''-'''''
, ' 1 ;!
'. 'J.
j
'&
')
it
"
';
:J' U$$
~ Uti w.."
:
P,
I \:::;
~
f ,,!
"
;
I
1o
<;
" ,! ,!
, "
o
FD-340b (ReV. 4-11'()3)
o
!
;.
.
r
_
'
I I
1 1
Fale Number
.g(t+~r-)t45tf~b.
I'
",'
'1 1
.1
j
,.
Date Received From ,i
~ < .. ,
,
1
f51,c
ofContribuwrllnterYiewee)
k.. JI'-a.e VA
"'
.,
'
!1
~
,1
By
5(:(1.
0
Yes
To Be Returned
,,
..e:( No
" ; ,
r \ s
I
i:
I'
Receipt Given. 0 Yes ffNo Grand Jury Material- Disseminate Only Pursuant to Rule 6 (e) Federal Rules of Criminal Procedure
Yes, Yes
'
~o
, 1
Title:
"
ld"" No
Po-lll--5f"v; Ut(!~J
1: SV\ A"Q. fi-rlA"tt-
!VJ7 Nt
Reference:
D~~"~\.('~~
(Communice.1ion En.closillg Material)
b6 b7C
Descriptioll:
6!f
Originalnotes Ie interview of
oj
t
,~I
..
,
c ....... "','."'~"" .. ".~ ..
J
, ,
"'_~"~
..... "',"''''''''''''o-__.~.'~<.Q.i;.I~rt
. .... _j
'.
File #
U.S. GPO:2004-307-714/90013
- --"
-- --~
Page
of
--
UNITED STATES DEPARTMENT OF JUSTICE FEDERAL BUREAU OF INVESTIGATION Receipt for Property Received/Returned/Released/Seized
On (date)
(Name)~L----.---_-----,:-----;-_J-1
__
~---=-_~~-=--_
.::_<'
--=L=-=:-'?_(~~~;4:l-....1fu~s:......,.., __;(?I..:.....!..::A-~_
_fj.,.;:,5:::>.-.J,;.O~a~D.t_--------------:..-_
Description of Item(s): ~
~
h.l.
b6 b7C b7E
.,.-
L
Received
/"
->
-> .>
->
->
.>
./
Received From:
b6 b7C
FD-941 (2-26-01)
Federal Bureau ofInvestigation (FBI) to permit a complete search by the FBI or its designees of any and all computers, any electronic and/or optical data storage and/or retrieval system or medium, and any related computer peripherals, described below:
"HPr(2..'O~-Je
(
:
b6
~r~p~TljIS4~2~kie:b~4~Q~dejC8~rJ~e~d~2rl~~I~,,~m~b~er~(~jfE?~1~'2~jl~9~bl~e~\:::::::::::::::::::::::::::::::I~~lr_--_-_-_-_-_-_-_
~".' "RrlrimJ M,d;, CnmmJfe""ripbmJ,
control, and/or have access to, for any evidence ofa crime or other violation of the law. The required passwords, logins, and/or specific directions for computer entry are as follows: I have been advised of my right to refuse to consent to this search, and I give permission for this search, freely and voluntarily, and not as the result of threats or promises of any kind. I authorize those Agents to take any evidence discovered during this search, together with the medium in/on which _
JU)
Date
OR")
a..D\)~
Date
b6 b7C
Location
iI
They posted this message after the attach on multiple security threads: This message linked back to the antisec's website:
On Thu, 23 JuI 2009 we received an email froml'provided some information on his site which was also hacked by the same group. email_from email from] attachment: '-------
_..~ which he
b6 b7C b7E
.....
I
Anti-Sec info
The group we believe has at least two members
I ._______.
,.
August 2 Hack
On August 2 early in the morning about 12:50am pst we were compromised again. They were unable to effect users as we stop them in time. We have chat logs of our employee included.
Chat logs:
b6 b7C b7E
Estimated
company loses
\__\ I __ \1 C---- I \1
_____ I I_I __ I I \ __ \ I
\
I
______ I I I \ I I I
I
II __ \_I \ \\ I\ \ _
>\ \1 >\ \1 > \1
I__ I I __ I \1
C-)
'_ , _\ I _' II _' II _\' I __ I II I
I I__
___ I
I I I I I I I C-I I C-I I __ I x., \ I I I C-I I C--I I_I_I I_I I_I\ __ ,_I\ __ , I\ I I I I_I I_I\ __ ,_I\
\_\
I
I_I
__ I I I
Anti-sec. We're a movement dedicated to the eradication of full-disclosure. We wanted to give everyone an image of what we're all about. Full-disclosure is the disclosure of exploits publicly - anywhere. The security industry uses full-disclosure to profit and develop scare-tactics to convince people into buying their firewalls, anti-virus software, and auditing services. Meanwhile, script kiddies copy and paste these exploits and compile them, ready to strike any and all vulnerable servers they can get a hold of. If whitehats were truly about security this stuff would not be published, not even exploits with silly edits to make them slightly unusable. As an added bonus, if publication wasn't enough, these exploits are mirrored and distributed widely across the Internet with a nice little advertisement embedded in them for the crew or website which first
,I
exposed the vulnerability to the public. It's about money. While the world is difficult to change, and money will certainly continue to be a very important in the eyes of many, our battle is that of the removal of full-disclosure for the purpose of making it harder for the security industry to exploit its consequences. It is our goal that, through mayhem and the destruction of all exploitive and detrimental communities, companies, and individuals, full-disclosure will be abandoned and the security industry will be forced to reform. How do we plan to achieve this? Through the full and unrelenting, unmerciful.elimination of all supporters of full-disclosure and the security industry in its present form. If you own a security blog, an exploit publication website or you distribute any exploits ... "you are a target and you will be rm'd. Only a matter of time." This isn't like before. This time everyone and everything is getting owned.
Signed: The Anti-sec Movement "No images were harmed in the making of this ... image."
b7E
b7E
If you think that we oppose your website, our advise is to pack it up and shut it down, because we're coming for you. - anti-sec.
to the
i
eradiCation of -
everyone a~ jm8g~ of what wet'reall abo4t FuH-disclosJre is the disclosure of exploi~ publicly - anywhere. e secu'rity industry uses fulldiSClosure:t? profit :and develop scare-tactics to convince into bUying their f rewalis. anti-virus software, and alldi~ing services. '
Meanwhi~e" knpt ~ddies copy and pasaeiihese expJoits and vulnerable Servers lthey can gat a hold ofl If whitehats were published. 'riot. exploits with silly edits to make them
I
. ~ :
'
I~ th.J. ready to strike any and all about se;curitythis stuff would nof ut:'lusable. .-
'
a nice little advertisement embedded' inbility to the publ'b.,' '-. .:';, ~,-. .
_-.
mirrq.red and distributed for the crew or website ... ' .... ',..,n.
!
I"'AI~l.n;I\I
:;iciu wmi~'
o
FO-340 (Rev. 4-11-03)
/1+{pJ
I 'J\:) ~
_-";";::~=-_-'__ --' __ -'_
I
I , ,
f
File Number
~'f't=<:;='-:
I.
i
I
-:-
_ --'-_
'.1,
~)<j
_"\.::..~_:;' ;._I::.-;D:::;.__
(Name ofContribu'ltTlfnitrviewee)
I.
f
!
i
&J;
Sv,. Gu.,40-CkP
,<Vh.
ili~ :.f2e.=
I.
,
I.
!
'(Address)
II
!.
I
!
I'
t
'By
!
i
---S--4A-::::::;'
LI
CJ...NO
I----~~c
j,
, ,
. 1
To Be Returned
Receipt Given !J'1ifo Grand Jury Material - DisseminateOnly Pursuant to Rule 6 (e) Federal Rules of CriminalProcedure DYes FederalTaxpayer Information (fTI) DYes
0 Yes 0 Yes
! ,.
I
\
'
'.. 1
. I
g,.NO
I I.
T1.
.
V)
I
Reference:
!,
!
~ .'No. ~
CJ\
!l"-..:....-_
.(Corillnunication Enclosing Material)
i
I i
.
.;
~,
I
).
I Description:
'f: '
.... J \..../.
,~
'"
.'
,t
'
0 Originalnotes re interview of
;:
I i
('J.
S;;'0:
VL
I~ ~
~7~-)-.R B,".,;-~;:
i
!.
-\--. ~ 4
E>Dzlo=
'-t
. fkea, '~;y
& c.,!4{
R/ I f ,/:l-O{ I>
~\'
, ,
t
--~~---
_---
18-1 (Re'~1-26-2007)
/' e-
' '--
REPORT OF EXAMINATION
To:
Date:
August 9, 2010
b6 b7C
SAlL-
____~
Lab No.:
SV-09-0162
Reference:
Communication (Request for Service) dated October 20, 2009 Imaging Report dated November 17, 2009
N/A
Ref No.:
Title:
Specimens:
b6 b7C b7E
Request:
On October 20,2009, Special Agent! Federal Bureau of Investigation, requested that the above noted specimens, property of ImageShack, be examined pursuant to a signed consent form. She requested that the following items be searched for, identified (if present), documented, and reported on by the SVRCFL: 1) Hacking rootkits and logs
Summary of Examination:
Attached and made part of this report is Imaging Report dated November 17, 2009. While this report addresses the examination processes, the attached Imaging Report addresses the imaging of the submitted evidence. 0 Page 1 of3
Enclosures:
1
2
These files were exported to a digital report. The other hard drives provided did not contain anything that appeared to be relevant.
Details of Examination:
SAl I provided thd I Legal authority for the examination was provided as a signed consent form that was reviewed by the examiner prior to starting the examination. ~ used the examination image for review. The following processes were performed: 1
2
b6 b7C b7E
Disposition of Evidence:
3) ~~ __ ~~ __ ~ __ ~ __ ~~~ ~ until its released to the investigator with this report. 4) Special handling instructions include: a. All files contained on this DVD have the potential to contain viruses and other malicious code exported from the examined computer media. Therefore, this DVD should not be viewed on any networked computer OR any computer connected to the Internet. It is recommended this DVD only be viewed on a standalone workstation designed for the purpose of evidence review. Please consult your systems administrator for assistance and guidance. b. In certain investigations, files and information containing contraband such as pornographic images and trade secrets may have been discovered and copied onto this DVD. This can also include pornographic and obscene images of children. Extraordinary care must be taken to safeguard this material and properly secure it when not being used for investigative or legal purposes. The SVRCFL recommends this DVD be secured in appropriate storage, such as an evidence facility, when not being reviewed by the investigator. c. File attributes such as time/date stamps are dependent on several factors such as computer date/time settings and time zones. Where possible and feasible, dateitime attributes have been preserved and details can be found in the electronic report contained herein. d. THIS DVD SHOULD NOT BE DUPLICATED or DISSEMINATED to parties outside of the requesting law enforcement agency or prosecutor's office without first consulting with Silicon Valley RCFL. e. This DVD is intended primarily for law enforcement and prosecution use. It is not recommended that this DVD work product be used for evidentiary hearings, trials, or other official proceedings. If any contents of this DVD are needed for a legal proceeding, the Silicon Valley RCFL should be contacted so that the relevant items can be provided in a form suitable for these purposes.
b7E
b6 b7C Examiner:
Silicon Valley Regional Computer Forensic Lab Computer Analysis Response Team
"
'"
Silicon Valley Regional Computer Forensic Laboratory
4600 Bohannon Drive Suite 200 Menlo Park, CA 94025
REPORT OF EXAMINATION
To:
Date:
November 17,2009
b6 b7C
----'
CaseIDNo.:288A-SF-145486
Lab No.:
SV-09-0162
Ref.No.:
Title:
Datespecimens received:
Specimens:r------------------------------,
Refer to the final Report of Examination for information on services requested. This report relates to the imaging processes only.
Summary of Examination:
Digital evidence media items were imaged to media to be retained as archives, and to staging media for future forensic examination by an assigned forensic examiner.
Enclosures: 0
Details of Examination:
Prior to conducting any forensic process, I reviewed the legal authority, presented as a "Consent to Search" form. Upon submission to the SVRCL, each submitted item was inventoried. As part of the inventory process, each item was assigned a unique SVRCFL bar code, and was entered into the SVRCFL evidence system. Where appropriate, make, model, and serial number for each imaged item was recorded, and each item was digitally photographed. To preserve the original evidence and minimize any risk of damage to the original, an exact copy of the user-accessible data located on the evidentiary items was created onto staging media. (The exact copy will hereafter be referred to as an image.) The images were created using approved and appropriate forensic imaging software to write to forensically clean staging media prepared for use in an examination. Unless otherwise noted, the original evidence was write-protected using a hardware-write protection device to prevent any unintentional or accidental destruction or modification of the original evidence. An archive copy was also made using approved and appropriate software. The staging media will be used in the examination phase to further satisfy the request, while the archive copy will be retained in the SVRCFL evidence control room in order to preserve the evidence should it be required in the future for authentication or court processes.
b7E
.....I1
L...-__
All the original evidence was returned to the SVRCFL evidence control
room. The following processes were performed during imaging of the original evidence: Physical Examination of Evidentiary items Write Protect Media Hardware Geometry and System Information Create Image
b7E
NlA
--------------------------------------------
2.
3. 4.
5.
6. Derivative Evidence (DE) generated during the course of this examination includes thefollro~~~n~ _,
1.
2.
3.
b7E
4. 5. 6.
Stagin media used durin the course of this examination includes the following:
1.
Disposition of Evidence:
All original evidence items returned to the SVRCFL evidence control room. All DE items will be retained in the SVRCFL evidence control room for a period of five years in order to preserve the evidence in the event additional forensic processes or legal proceedings require its use. After this time, the DE will be returned to the requestor's agency for disposition. This imaging of this case is complete. The staging media will be given to an examiner for additional forensic processing.
b6 b7C
Silicon Valley Regional Compter Forensics Lab Computer Analysis Response Team
N/A
Description: MediaContainer:AccordionFolder StorageLocation:[Undetermined] Make: Serial Number: Model: Case 10 I Lab number: SV-09-0162 i.an Designation, lJeslgnatlon t:xpl.: Not Examined(NE), [No designation explanation) ECF Container I Seal: PlasticBag I Heat Seal Tracking Number:
SVE028018
Agency Case Number: 288A-SF-145486 Intake Container I Seal: None I None Intake Damage: [No damagerecorded] Description: Hard Drive:HOD StorageLocation:[Undetermined]
riliJh~
I
I
Model:
I
Intake Packagmg: [Not recorded)
Case 10 I Lab number: SV-09-0162 Lab Designation / Designation Expl.: Ouestioned(0), [No designationexplanation] ECF Contamer I Seal I Packaging: [Not recorded) Tracking Number:
SVE028019
b7E
I
I
Mode'
SVE028020
Agency Case Number: 288A-SF-145486 Intake Packaging: [Not recorded] Intake Damage: [No damagerecorded)
Lab Designation, Designation Expl.: Ouestioned(0), [No designationexplanalion] ECF Container I Seal I Packaging: [Not recorded] Tracking Number:
Released sy
Received sy
tI
't
r~VRCFL
(Phone: OOO'()O()'OOOO)'
NnmclQ aepCY
~FBI(Phone:
b6 b7C
Indlcates the WJtne:ss Ole
=
SV-09-0162 Evidence Details
Total numberof evidenceitems processedon this receipt:9
Make
Serial Number: Agency case rmmDer: 288A-SF-145486 lntake Packaqing: [Not recorded] Intake Damage: [No damagerecorded] Description: Hard Drive:HDD StorageLocation:[Undetermined]
I
I
Mode:
SVE028021
Lab DeSignation I Designation Expl.: Ouestioned(0), [No designationexplanation] ECF Contamer I Seal I Packaging: [Not recorded] Tracking Number:
I
I
I
I
lntake PacKagmg: [Not recorded]
Model:
SVE028022
b7E
I
I
Make-
Ser al Numoer:
I
I
I
Case 10 I Lao nurneer: SV-09-01B2 Lab Designation I Designation Expl.: Questioned(0), [No designationexplanation] ECF Contamer I Seal I PacKagmg: (Not recorded] Tracking Number:
SVE028023
Agency Case Number: 288A-SF-145486 Intake Pacl<agmg: [Not recorded] Intake Damage: [No damagerecorded]
KeleaseCl sy
RecelveClBy
Name/OgeDe"
OOQ..O()().OOOO)
IFBI (Phon.:
I
Sig
b6 b7C
"""""
I
I
lntake PacKaging: [Not recorded]
I
I
Agency Case Number: 288A-SF-145486
b7E
SVE028024
SV-09-0162 Lab Designation I Designation Expl.: Questioned(Q), [No designationexplanation] ECF Container I Seal I PacKaging: [Not recorded] Tracking Number:
Intake Damage: [No damagerecorded] Description: MediaContainer:plasticbag StorageLocation:[Undetermined] Make: sertat Numller:
Model: Case 10 I Lao numner: SV-09-0162 Lab Designation I Designation Expl.: Not Examined(NE). [No designation explanation] ECF Container I Seal: Paper Bag I Heat Seal Tracking Number:
SVE030246
Agency Case Number: [No AgencyCase Number] Intake Container I Seal: None I None Intake Damage: [No damagerecorded] Description: DVD: digitalreport StorageLocation:[Undetermined] MaKe: Serial Number:
MOclel: Case 10 I Lab number: SV-09-0162 Lab Designation I Designation Expl.: DerivativeEvidence(DE).[No designation explanation] ECF Container I Seal I Packaging: [Not recorded] Tracking Number:
SVE029747
Agency Case Number: [No AgencyCase Number] Intake PacKagmg: [Not recorded] Intakeuamage: [No damagerecorded]
Ke easeo tly
NamclAgency Jann Hayes, SVRCFL (Phone: 000-000-0000) Name/Agency 408-99~633)
b6 b7C
-Indicates the Witness Dele
f3 10
"~f'...,
\'
, ,
Q
FD-340 (Rev. 4-11-03)
File Number
J:>%2> A
~f- t4'5~Ab
--_.:::3"".ctF---'-------------_
-,
_.
_ ' _,...
I fJ - ~
L
.
_ (Address)
, r
\.
...;1:,
(Name'of Contributor/Interviewee)
:.
BYL_
To Be Returned
~--_r--------------------------0 0
Yes
b6 b7C
Receipt Given Yes No Grand Jury Material- Disseminate Only Pursuant to Rule 6 (e) FederalRules ofCriminalProcedtire No DYes .:
0 0
No
,I
0'
Ti~e:
Yes
ONo
~t\
--If """'-p
: :,_.':".;:;:_.;...
0 ~ /'I
.~,
....
. :'
Rererence: ~-----------------------(Communication Enclpsing Material)
.,{:
i,:.
'"
/'
;,
I!i "
1,
.~ .
I'
. '". ~
.;;.
08/19/10 19:29:55
Title and Character of Case: ANTI SEC Date Property Acquired: 08/19/2010 Anticipated Disposition: Acquired By: Case Agent:
b6 b7C
I
Description of Property: 1B 2 ONE (1) CD LABELED SV-09-0162 (DERIVATIVE EVIDENCE OF 1B1) Barcode: E4189947 Location: SJECR PRESS3 08/19/2010 Date Entered
r,,1 ,
t1 .....
v-,
'
..
I' .".,
.....
.."I
'
....'
.j.iC.'
EVIDENCE CHAIN-OF-CUSTODY
Evidence Type:
o General
)Zf CART
o Drug
nValuable
o Firearm/Weapon o Firearm/Other
Initial Receipt Date and Time
o o o o
o o
FGJ Refrigerate
11)~)lu
)J.,SVf"""
Relinquished Custody
Accepted Custody
Signature: PrintedNam Reason:
~)1 /J;)
do
~ \~l
Reason:--r.:;-
1~/'.dt2.-v
3.?y_
2.../
S\~
~~3er'
b6 b7C
\0
. Relinquished Custody
Signature: Printed Narr Reason:
Accepted Custody
Sign
t-
4/.11(12/0 l-rt
Date and Time
l L/'27/1z
rJD-l3/
Date and Time
~,~I
Relinquished Custody
://4-,'01
Accepted Custody
Relinquished Custody
Signature: Printed Name: Reason:
Accepted Custody
Relinquished Custody
Signature: Printed Name: Reason: Firearms Certification: Printed Name: CaseID:
Accepted Custody
Signature:
Date:
Barcode:_"""'E~4,-.;...>\R1....---,---I-?4-1-r_-q--
.,
1~'
')1,1
..
;'"
'.
File Number
.From
(Name of Contributorllntcrviewee)
t-~-~
I-
B~
~L:---------I~r No .
b6
I.
f
b7C
-c
.'.
To Be Returned DYes 0 NQ Receipt Given 0 'Yes 0 'Grand Jury Material" Disseminate Only Pursuant to Rule 6 (e) ....~ed~ral Rules of Criminal Procedure -, . , DYes No
No
Title:
.flAJ T( .. TI\
. '.:
Referencee .-,/
~~-':--:----_
(Communication Enclosing .tcri~I)'
P""'P.OOI
.. ,.~~
f;O
I.
...
' ..
.--
A'
"
'';-10/21/09 12:08:07 Title and Character of Case: ANTI SEC Date Property Acquired: 10/08/2009
FD-192
ICMIPR01 Page 1
Source from WhiTh Property Acquired: IMAGESHACK, C/O_ 1263 N. SANTA CRUZ 263 N SANTA CRUZ AVE #100 LOS GATOS CA 95030 Case Agent: Date Enteredb6
b7C b7E
I
Description of Property: 1B 1
Barcode: E4189643
Location: SJECR
PRESS3
10/09/2009
(Ib/)
FEDERALBUREAUOF INVESTIGATION
EVIDENCE CHAIN-OF-CUSTODY
o Drug o Valuable
o Firearm/Weapon o Firearm/Other
Initial Receipt Date and Time
o o o o
Batteries
HAZMAT
Req. Charging Other
o o
FOI
Refrigerate
I
Accepted Custody
l-
/0/Dft')IJ7
/ : ~Pr-...
Date and Time
Reason: Collected
Relinquished. Custody
~
Printed Name] Reason:
-r:
r
bJ'" "JJ2..r.r
if.
10)"/d7
Io A-tv-.
Date and Time
IO{'l/1J4
(OOnn
..
Relinquished Custody
signat~ Printed Name Reason:~
AccepVed Custody
~
Printed Name Reason: T~/'J._~i:::tLo .. ;t--::k;_....&dZCJ!!l
I
SA- J
lolz{/o~
l )O/2A/b7
711-iYL
Date and Time Accepted Custody
q~
Date and' Tim~
b6 b7C
Relinquished Custody
Signature: Printed Name: Reason:
_.......
Relinquished Custody
SignaJ
7
----
aAf.?OulJ'l J
Accepted Custody
loft-l/rYj
(tJCJ~ Date and Time'
l
(t"]i?/.),-
g"/l<1)
Signature:
,0
I
Accep~edCustody
printedNa~
v/I~I
(0
['.K@
Date and Time'
II
Relinquished Custody
Signaturel Printed Name: Reason:
1
rn I
'to
4/~1(Itl I
Signature: 1B: __
IO.~..o.....
'/)2))z. L
lD~~
...) {)
e-: .r.:>_...J
Date: Barcode:
---=S~f---L!=14::::J=..-.=.5......:A~R:0L.=... _
~=__
--.l..::t:::.....4-4-R1'f~Cj~r;:::....::4'=f--"'):...._
.. EVIDENCE
Continuation Page Relinquished Custody
Signa~ Printed Name: Reason:
CHAIN-OF-CUSTODY
Accepted Custody
Signature: Printed Name: Reason:
I
r:.....j
QO.11
2=
~/~II~
IJ-'cg;_
Date and Time
Relinquished Custody
Signature: Printed Name: Reason:
Accepted Custody
Signature: Printed Name: Reason:
...
, Relinquished Custody
Accepted Custody
Signature: Printed Name: Reason:
.
,
, Relinquished Custody
Signature: Printed Name: Reason: ;
Accepted Custody
Relinquished Custody
Signature: Printed Name: Reason: '
Accepted Custody
~
...
"
Relinquished Custody
Accepted Custody
Case ID: _
__.,2L=--,-+-~
. O.fLf
r:
/4C"4 _,__J __
-'-~-=-F-;___~
w-
IB:
-1-
Barcode:
"
EVIDENCE CHAIN-OF-CUSTODY
Continuation Page Relinquished Custody
, Signature: Printed Name: Reason:
Accepted Custody
Relinquished Custody
Signature: Printed Name: Reason:
Accepted Custody
, Relinquished
~,
Custody
Accepted Custody
Signature: Printed Name: Reason:
, Relinquished
:
Custody
Accepted Custody
RelinquisoeaCiIstody
- -
- - Daian-dTime
--
..
Datearrd+l
Time
~
---AccepfectCiistody
Relinquished
'""'" ,
Signature: Printed Name: Reason: .
Custody
Accepted Custody
Signature: Printed Name: Reason:
-.
, .
Case ID: __
. _._~-~'---=.-__ - ..:.. __
-'--
IB:
-'--
Barcode:
--,
- :
I'"
Page
_-I-' __ r
of
UNITED STATES DEPARTMENT OF JUSTICE FEDERAL BUREAU OF INVESTIGATION Receipt for Property Received/Returned/Released/Seized
o o o
(Name)JL
-r-_j---:---/7n~--\--:----------'-~'
_
Description of Item(s):
b6 b7C b7E
"
t ..
b6 b7C
Received By:
Received Fr
---------~------~--~==---
'(
o
FO-340 (Rev. 4-11-03)
o
-~~J---_-r-
18[)
File Number __
-=2=--~~-l-tt.!_,.......::n:.....J6=~----!..t--lI.f:......5~-Vc':p~L...:.'1-,:s......,---
_
_
Field Office Acquiring Evidence Serial # of Originating Docrment Date Received From _
Sc
ILf
By
~I
.Q-NO
.....Q.No
To Be Returned 0 Yes -B-1'io Receipt Given 0 Yes ..g-,q:o Grand Jury Material- Disseminate Only Pursuant to Rule 6 (e) Federal Rules ofCrirninal Procedure
/'
Description:
.;:.
ru-6-!]
f2e.Mte-, Iff? __ /
I~
&Jb::-;~
I?
tA-CS)
, ..
FEDERAL FOI/PA DELETED FOI/PA# Total Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
BUREAU
OF INVESTIGATION SHEET
Deleted Page (s) 9 - b3; b6; b7C; 11 - b3; b6; b7C; 18 - b3; b6; b7C; 20 - b3; b6; b7C; 26 - b3; b6; b7C; 27 - b3; b6; b7C; 28 - b3; b6; b7C; 29 - b3; b6; b7C; 35 - b3; b6; b7C; 38 - b3; b6; b7C; 39 - b3; b6; b7C; 40 - b3; b6; b7C; 43 - b3; b6; b7C; 44 b3;
19
45 47 50 55 57
b6 ; b6 ; b6 ; b6 ; b6 ;
b7C; b7C; b7C; b7C; b7C; XXXXXXXXXXXXXXXXXXXXXXXX X Deleted Page(s) X X No Duplication Fee X X For this Page X XXXXXXXXXXXXXXXXXXXXXXXX
....(!<$"'~ 0\1.31-2003)
Precedence: To:
ROUTINE SSA
Date:
10/08/2009
Cyber Division
From:
~ ~
b6 b7C
Approved Drafted
/4Slfmt5
Case ID #: 288A-SF-~
Title:
ANTI-SEC; UNSUB(S), et ai; IMAGESHACK - VICTIM; COMPUTER INTRUSION To Open'Case and subfiles.
Synopsis: Details:
On October 8, 2009, Special Agent (SA)I with employees of IMAGESHACK located at 236 North Santa Cruz Avenue, Los Gatos, California, 95030, to discuss two recent computer intrusions of IMAGESHACK servers. IMAGESHACK is a company which provides internet image hosting.
I met
IMAGESHACK advised SAl Ithat the first computer intrusion occurred on July 10, 2009 at approximately 7 pm Pacific Standard Time (PST). A group by the name of ANTI-SEC gained access to one of t~e company database servers. The server the hacker(s) accessed_ I for IMAGESHACK customers to include I I
b6 b7C
b7E
~~I. In addition, the ac er s pos e a message on e internet which claims the ANTI-SEC is a movement dedicated to the eradication of full disclosure. Their message further explained they plan to achieve this "through the full and unrelenting, unmerciful elimination of all supporters of full-disclosure and the security industry in its present form."
()41t {OIOOl
/fPt
/)U
b6 b7C
t... To:
Re:
IMAGESHACK advised this computer intrusion affected aRproximately 50 million images and every user that was on their
On August 2, 2009, IMAGESHACK believes the same hacker(s) came back and gained access to their servers again. IMAGESHACK has full and com lete 10 s. It is a arent the hacker s
Jui
b6 b7C b7E
IMAGESHACK estimates
able
to
It is requested
It is requested that the new case and subfiles be opened and assigned to SAl I
b6 b7C
:J
,",
.~,
u.s. Department
of Justice
288A-SF-145486-GJ~~
450 Golden Gate Ave. San Francisco, CA 94102 (415) 553-7400 Nov.embe r 10, 2009
Honorable Joseph P. Russoniello United States Attorney Northern District of California 450 Golden Gate Avenue San Francisco, California 94102 Attention: Assistant United States Attorney ANTI-SEC; UNSUB(S), et ali IMAGESHACK - VICTIM; COMPUTER INTRUSION Dear Sir: Pursuant to the above captioned investigation, the Federal Bureau of Investigation (FBI) requests that the below listed individuals be placed on the Federal Grand Jury 6E list, in as much as they may require access to grand jury information during the course of the investigation: NAME AGENCY FBI FBI FBI FBI FBI FBI FBI FBI FBI FBI FBI FBI POSITION Special Agent Special Agent Special Agent Special Agent Special Agent Special Agent Special Agent Supervisory Special Agent Intelligence Analyst SST Evidence Control Technician Evidence Control Technician
b6 b7C
b6 b7C
Should you have any questions regarding this matter, please do not hesitate to contact r-=s""'A_,_,_I San Jose Resident Agency, telephone number ....I ___,
-...J1
b6 b7C
By:
Supervisory Special Agent
b6 b7C
'.
-
'
.
- 1-
Date of transcription
12/14/2009
- DISSEMINATE
PURSUANT
TO RULE 6(e)
On December 14, 2009, Spectal Agent~(~S~A~,)_~I served a Grand Jurv subpoena via. facsimile tol
I
~1
r
I
The subooena I
b3 b6 b7C
attached
The file copy of the Grand Jury Subpoena and is made a part of this document.
has been
Investigation on File # by
(via facsimile)_
288A-SF-145486-GJ
""?:
I
Date dictated'
NA
SAl
.1
b6 b7C
This document contains neither recommendations nor conclusions of-the FBI. It is the property of the FBI and is loaned to your agency; it and its contents, are not to be distributed outside your agency.
d(
.~-
and Jury
.'.
CALIFORNIA
r
PLACE
b3
YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of the United States.District Court at the place, date and time specified below.
COURTROOM
As directed by the court
United States District Court 280 South First Street San Jose, CA 95113
DATEANDTIME
January 6, 2010 at 9:30 a.m.
YOU AREALSO COMMANDED to bring with you the following document(s) or object(s):*
Please see attachment. Compliance with this subpoena will be deemed satisfactory when you provide all the materials to the agent serving this subpoena and no appearance will be necessary.
(';.
December 11, 2009
b6 b7C
U.S. ATTORNEY
'AOll0
(Rev. 12/89)
Subpoena
to Testify Bef.and
Jury
RECEIVED BY SERVER
UAlt
j d- ) ) 't J d-O''()
,
1"1
b3 b6 b7C
SERVED
::.tKVtU UN lI"KINI NAlllt)
,S
TRAVEL
p(L~J1
~-
.i->
ITOTA~
I declare under penalty of perjury under the laws of the United States of America that the foregoing information contained in the Return of Service ~nd Statement of 1:', .,,; Fp.p.<: is trueand r.n rect
Executed on
fY'a be-~M
DATE
).Do,
,
"Ffj;-
, ADDRESS OF SERVER
A_;, \'
/.~MA
1>P-J/6l)
!lif~'I2~
ADDITIONAL INFORMATION
/7,,-:r
9({!)(_)..{Y'
~Vttj
y/.{_
~)'~/~
fII
(1) (2) ,
As to who may serve a SUbpoenaand the manner of its service see Rule 17(d), Federal Rules of Criminal Procedure, or Rule 45(c), Federal Rulesof Civil Procedure. "Fees and mileage need not be tendered to the witness upon service of a subpoena issued on behalf of the United States or an officer or agency thereof (Rule 45(c), Federal Rules of Civil Procedure; Rule 17(d), Federal Rulesof Criminal Procedure) or on behalf of certain indigent parties and criminal defendants who are unable to pay such costs (28 USC1825, Rule 17(b) Federal Rules of Criminal Procedure)".
.,
'
PRECEDENCE
CLASSIFICATION
Immediate
D Priority
[ZJ Routine
Date:
12/14 /2009
From:
Subject:
Preservation Request
Originator's Name:
Special Agent 1
L-'--
ITelephone: ....1
.1__---
WARNING
Information attached to the cover sheet is U.S. Government Property. If you are not the intended recipient of this information, disclosure, reproduction, distribution, or use of this information is prohibited (IS.USC, 641). Please notify the originator or the local FBI Office immediately to arrange for proper disposition.
12/14/2009
GRAND JURY MATERIAL - DISSEMINATE PURSUANT TO RULE 6(e) On December 14, 2009, Special Agent~(s~A~)~I------------~l served a Grand Jury subpoena via facsimile tol
b3 b6 b7C
The file copy of the Grand Jury Subpoena has been attached and is made a part of this document.
~.
Investigation on File # by
----------------
12/14/2009
at
Campbell, California
Date dictated
(via facsimile)
NA
This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; it and its contents are not to be distributed outside your agency.
Jury
CALIFORNIA
YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of the-United States District Court at the place, date and time specified below. b3 b6 b7C
PLACE
COURTROOM
As directed by the court
United States District Court 280 South First Street San.Jose, CA 95113
document(s) or object(s):*
Please see attachment. Compliance with this subpoena will be deemed satisfactory when you provide all the materials to the agent serving this subpoena and no appearance will be necessary.
~
U.S. MAGISTRATE JUDGE OR CLERK OF COURT RICHARD W. WIEKING December 11, 2009
,
AOll0 (Rev. 12/89) Subpoena to Testify Bef
.~~
,
rand Jury
RECEIVED BY SERVER
UAIt:
1~))LjJ'UnJ1
PLALt:
SERVED
!>I:KVI:U UN (pKINI NAIIlI:)
/2) IV jZODj
I SERVED BY (PKIN I
NAMt:)
IIILt:
Spe
TRAVEL
..
I
tt--~+
TOTAL
b3 b6 b7C
~-
I declare under penalty of perjury under the laws of the United States of America that the foregoing information contained in the Return of Service and Statement of Service Fees is true ann correct
Executed on
r0.J./ ~f-1
rfL~()
ADDRESS OF SERVER
.t~.~ p/,dL
ADDITIONAL INFORMATION
96{)O(~
fplrleA V/'A.
teo,.,
<~
(1) (2)
As to who may serve a subpoena and the manner ot its service see Rule 17(d), Federal Rulesot Criminal Procedure, or RUle45(c), Federal Rulesot Civil Procedure. "Fees and mileage need not be tendered to the witness upon service of a subpoena issued on behalf of the United States or an officer or agency thereof (Rule 45(c), Federal Rules of Civil Procedure; Rule 17(d), Federal Rules of Criminal Procedure) or on behalf of certain indigent parties and criminal defendants who are unable to pay such costs (28 USC1825, Rule 17(b) Federal Rules of Criminal Procedure)".
>
Fb-448'-(Rev. 6-2-97)
I
D D D D
" .
PRECEDENCE
CLASSIFICATION
Top Secret Secret Confidential Sensitive [Z] Unclassified
D Immediate D Priority
[Z] Routine
Date:
12/14/2009
:-jL J
....a..--:::--
--=:--:---:-
Room
Telephone b3 b6 b7C
From:
FBI
San
Jose
Office
Subject:
Originator's Name:
Special
Agent
ITelephone:
L-
....J------
J--------------------
-,..
WARNING
Information attached to the cover sheet is U.S. Government Property. If you are not the intended recipient of this information, disclosure, reproduction, distribution, or use of this information is prohibited (IS.USC, 641). Please notify the originator or the local FBI Office immediately to arrange for proper disposition.
j)
- 1Date of transcription
12/29/2009
GRAND JURY MATERIAL - DISSEMINATE PURSUANT TO RULE 6(e) received (~r_Qm_1 ..._ T_h_e_r_e_S_p_Q_D_S_e __ i_D_C_l__.l]ded the following On December 23, 2009, Special Agent (sA)1 a response to a Federal Grand Jury Subpoena Vla facslmlie
~I
....J
LI
b3 b6 b7C
The above referenced response provided byl has been attached and is made a part of this documen~t~.------------------~
Investigation on File #
12/23/2009
at
Campbell,
California
Date dictated
288A-SF-145486/GJ
/2
I
..................... ...,
b6 b7C
SAl
This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; it and its contents are not to be distributed outside your agency.
~------------------------------~Cl~5~1
~ 12/23/2009 12:28 PM 18002234893
-7
14085581096
12/14/2009 16:13
FD448 (Rev. 6-2-97)
4085581.
FBI CYBER
PAGE 01/04
FBI FACSIMILE
COVER SHEET
PRECEDENCE
CLASSIFICATION
o Immediate
o Priority
00
o Top Secret
Routine
Time Transmitted:
Sender's Initials:
Unclassified
To:
Date: 12/14/2009
FacsimileNumber: Attn:
Name of Office
. --~N~a-m-e-----------------L~R~o-o-m--~T=e'l-ep~h-o-n-e-----
b3
b6 b7C From:
Su~e~:;_
Originator's Name:
Special Agent
I Telephone:
.__
oo::=o==!..
-------------~---------------------WARNING
Information attached 10 the COYersheet is U.S, Government Property. If yOU are not the intended recipient of this information. disclosure, reproduction, distribution, or usc of this informationis prohibited (IS.USC, 641). Please notizy the originator or the loc!il FBI Office immediately to arrange fol' n.to...ru:s_disool;iliM _~ __ L-~~~=-~~~-
_-~
J ,., '
FD-302 (Rev. 10-6-95)
"
(1
- 1Date of transcription
01/06/2010
- DISSEMINATE
PURSUANT
TO RULE 6(e)
On January 6, 2010, Special Agent~I~~~ __~~ __~lreceived a response via facsimile to the abovementioned Grand Jury sUbfoena from I _
I
The information, which was provided in paper format, included the following informa~ion:
I
b3 b6 b7C
(jj
~
Investigation on
at 01/06/2010 ----------------
Campbell, California
Date dictated
A~#
by
288A-SF-145486-GJ
/lp
I
N/A
b6 b7C
SAl
This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; it and its contents are not to be distributed outside your agency.
- 1-
Date of transcription
03/05/2010
- DISSEMINATE
PURSUANT
The file copy of the Grand Jury Subpoena and the Cour Order has been attached and is made a part of this document.
Investigation on File # by
03/05/2010
at
Campbell, California
Date dictated
(via facsimile)
288A-SF-145486-GJ .......-~
SAl
~=========---.
NA
b6 b7C
This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; it and its contents are not to be distributed outside your agency.
OJ 09-1 2009R02026
CALIFORNIA
YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of the United States District. Court at the place, date and time specified below.
PLACE
United States District Court 280 South First Street San Jose, CA 95113
b3 b6 b7C
Compliance with this subpoena will be deemed satisfactory when you provide all the materials to the agent serving this . subpoena and no appearance will be necessary.
[{]
This subpoena shall remain in effect until you ar ~!~~~~~epart behalf of the court. :~~.
U.S. MAGISTRATE JUDGE OR C;LERK OF COURT RICHARD W. WIEKING
March 3, 2010
* If not
RECEIVED BY SERVER
UAII:
J/O/3fJlD
PLA~
b3
b6 b7C
SERVED
StKVtU UN (I"KININAMI:)
I :>tKVtUIH (I"KININAMI:)
TITll:
.~--'
1SERVICES
.:.1 TOTAL
.......
I declare under penalty of perjury under the laws of the TInited States of America that the foregoing rrect information contained in the Return of Service
Executed on
d:DID
r-:]_
~)
..(,
ADDRESS OF SERVER
SAP
hI".
L .../L(511
('4 h\Jo1d1
ADDITIONAL INFORMATION
t!IT
9SVt>cr'
~Jq_;)
VIA-
~C6',~lv
(1)
(2)
Asto who may servea subpoena and the manner of its serviceseeRule 17(d),FederalRulesof Criminal Procedure,or Rule4S(c),FederalRulesof Civil Procedure. "Feesand mileage need not be tendered to the witness upon service of a subpoena issued on behalf of the United Statesor an officer or agency thereof (Rule 45(c), Federal Rulesof Civil Procedure; Rule 17(d),Federal Rulesof Criminal Procedure) or on behalf of certain indigent parties and criminal defendants who are unable to pay such costs(28 USC1825,Rule 17(b)FederalRulesof Criminal Procedure)".
- 1-
Date of transcription
03/31/2010
GRAND JURY MATERIAL - DISSEMINATE PURSUANT TO RULE 6(e) On March 29, 2010, Special Agent I I received via u.S. Postal service a resnonse to a Grand Jurv subnoena from
b3 b6 b7c
Investigation on File #
California
Date dictated
288A-SF-145486-GJ
g-:
I
-r================~ __~lb7C
NA
b6
~ SAl
This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; it and its contents are not to be distributed outside your agency.
- 1-
Date of transcription
11/22/2010
A copy of the abovementioned Grand Jury Subpoena has been attached and is made a part of this document.
Investigation on File # by
11/22/2010 at ----~~--------
Campbell, California
Date dictated
(via facsimile)
NA ----------------------
288A-SF-145486-GJ S_A~ ~
cr
b6 b7C
This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; it and its contents are not to be distributed outside your agency.
'----------------------------
---- ----------y'
-------------~
OJ 091 2009R02026
CALIFORNIA
YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of the United States District Court at the place, date and time specified below. b3 b6 b7C
PLACE
United States District Court 280 South First Street San Jose, CA 95113
YOU ARE ALSO COMMANDED to bring with you the following -See Attachment-
document(s) or object(s):*
Compliance with this subpoena will be deemed satisfactory when you provide all the materials to the agent serving this subpoena. No appearance will be necessary.
on reverse.
ONE NUMBER OF AS I TANT U.S.ATTORNEY This subpoena Is issued on application of the United States of
sSist~a. 150 Almaden Blvd., Suite 9 0 San Jose, CA 95113 (408) 5 Special Agent Melanie Adam,
l-/
ttorney.
61 1(408) 369-8900
'j.
RETURNOF SERVICEIII
DATE PLACE
I
,
b3 b6 b7C
Cc'-,\"
RECEIVED BY SERVER
UAlt
/1)2-2-12-,;;>
/D
t'LALt.
SERVED
::>tHVtU UN It'HIN I NAliIltJ
J I ) 2- 2-- 12-;;> ) 0
.,
IllLt
5pq
TRAVEL
&
~"t
ITOTA~
->:
_-
STATEMENT OF SERVICEFEES
I SERVICES ________
DECLARATION OF SERVER(2)
I declare under penalty of perjury under the laws of the United States of America that the forel!ong information contained in the Return of Service a t Executed on
/ 4j
I <::j
[:
f::l.,,,,,
P/.II<VL .
ADDRESSOF SERVER
c?~
ADDITIONAL INFORMATION
:2... .1_ ,
tA_,.._
~JfJt{
Jlit
~UI
"",~Iv
(1) (2)
As to who may servea subpoena and the manner of its serviceseeHUle17101. I"ederalRulesof Criminal Procedure.or Rule 45(c). Federalxutes or Livil Procedure. "Feesand mileage need not be tendered to the witness upon serviceof a subpoena issuedon behalf of the United Statesor an officer or agency thereof (Rule45{c),Federal Rules.of Civil Procedure;Rule !7(d). Federal Rulesof Criminal Procedure)or on behalf of certain Indigent parties and criminal defendantswho are unable to pay such costs (28USC1825,RuleI 7(b) FederalRulesof Criminal Procedure}".
FEDERAL BUREAU OF INVESTIGATION FOI/PA DELETED PAGE INFORMATION SHEET FOI/PA# 1204913-0 Total Deleted Page(s) Page 2 b3; b6; b7C; Page 3 b3; b6; b7C; Page 4 b3; b6; b7C; Page 5 b3; b6; b7C; Page 6 b3; b6; b7C; Page 7 b3; b6; b7C; Page 8 b3; b6; b7C; Page 9 b3; b6; b7C; Page 10 b3; b6 ; b7C; Page 11 b3; b6 ; b7C; Page 12 b3; b6 ; b7C; Page 13 b3; b6 ; b7C; Page 14 b3; b6 ; b7C; Page 15 b3; b6 ; b7C; Page 16 b3; b6 ; b7C; Page 17 b3; b6 ; b7C; Page 18 b3; b6 ; b7C; Page 19 b3; b6 ; b7C; Page 20 b3; b6 ; b7C; Page 21 b3; b6 ; b7C; Page 22 b3; b6 ; b7C; Page 23 b3; b6 ; b7C; Page 24 b3; b6 ; b7C; Page 25 b3; b6 ; b7C; Page 26 b3; b6 ; b7C; Page 27 b3; b6 ; b7C; Page 28 b3; b6 ; b7C; Page 29 b3; b6 ; b7C; Page 30 b3; b6 ; b7C; Page 31 b3; b6 ; b7C; Page 32 b3; b6 ; b7C; Page 33 b3; b6 ; b7C; Page 34 b3; b6 ; b7C; Page 35 b3; b6 ; b7C; Page 36 b3; b6 ; b7C; Page 37 b3; b6 ; b7C; Page 38 b3; b6 ; b7C; Page 39 b3; b6 ; b7C; Page 40 b3; b6 ; b7C; Page 41 b3; b6 ; b7C; Page 42 b3; b6 ; b7C; Page 43 b3; b6 ; b7C; Page 44 b3; b6 ; b7C; Page 45 b3; b6 ; b7C; Page 46 b3; b6 ; b7C; Page 47 b3; b6 ; b7C; Page 48 b3; b6 ; b7C; Page 49 b3; b6 ; b7C;
724
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3; b3;
b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b6 ; b7C; b3 ; b6; b7C; b3 ; b6; b7C; b3 ; b6; b7C; b3 ; b6; b7C;
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157
b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ;
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211
b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ;
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265
b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ;
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
Page
266
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319
b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ;
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373
b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3
; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
Page
374
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427
b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ;
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481
b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ;
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535
b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ;
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589
b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3
; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643
b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3 b3
; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
Page
644
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697
b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ;
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725
b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ; b3 ;
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; XXXXXXXXXXXXXXXXXXXXXXXX X Deleted Page(s) X X No Duplication Fee X X For this Page X XXXXXXXXXXXXXXXXXXXXXXXX
FEDERAL BUREAU OF INVESTIGATION FOI/PA DELETED PAGE INFORMATION SHEET FOI/PA# 1204913-0 Total Deleted Page(s) 151 Page 8 b6; b7C; OTHER - DOCUMENTS PERSUANT TO SEALED COURT ORDER; Page 9 b6; b7C; OTHER - DOCUMENTS PERSUANT TO SEALED COURT ORDER; OTHER - PERSUANT TO SEALED COURT ORDER; Page 11 Page 13 - b6; b7C; b7D; Page 14 - b6; b7C; b7D; Page 15 - b6; b7C; b7D; Page 16 - b6; b7C; b7D; Page 17 - b6; b7C; b7D; Page 18 - b6; b7C; b7D; Page 24 - b6; b7C; OTHER - DOCUMENTS PERSUANT TO SEALED COURT ORDER; OTHER - PERSUANT TO SEALED ORDER; Page 25 Page 26 - b6; b7C; OTHER - DOCUMENTS PERSUANT TO SEALED COURT ORDER; OTHER - Sealed Order; Page 37 Page 38 - b6; b7C; OTHER - SEALED ORDER; Page 39 - b6; b7C; OTHER - SEALED ORDER; OTHER - Sealed Order; Page 40 Page 41 - b6; b7C; OTHER - SEALED ORDER; OTHER - Sealed Order; Page 42 OTHER - Sealed Order; Page 43 OTHER - Sealed Order; Page 44 OTHER - Sealed Order; Page 45 Page 46 - b6; b7C; OTHER - SEALED ORDER; OTHER - Sealed Order; Page 47 Page 48 - b6; b7C; OTHER - SEALED ORDER; OTHER - Sealed Order; Page 49 OTHER - Sealed Order; Page 50 OTHER - Sealed Order; Page 51 Page 52 - b7D; OTHER - SEALED ORDER; Page 53 - b7D; OTHER - SEALED ORDER; Page 54 - b6; b7C; OTHER - SEALED ORDER; Page 58 - b6; b7C; Page 59 - b6; b7C; Page 60 - b6; b7C; b7E; Page 61 - b6; b7C; b7E; Page 62 - b6; b7C; b7E; Page 68 - b6; b7C; OTHER - Persuant to Sealed Order; Page 71 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 72 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 73 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 74 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 75 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 76 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER;
Page 77 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 78 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 79 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 80 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 81 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 82 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 83 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 84 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 85 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 86 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 87 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 88 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 89 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 90 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 91 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 92 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 93 - b6; b7C; b7D; b7E; Page 94 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 95 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 96 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 97 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 98 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 99 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 100 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 101 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 102 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER; Page 103 - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT ORDER;
Page 104 ORDER; Page 105 ORDER; Page 106 ORDER; Page 107 ORDER; Page 108 ORDER; Page 109 ORDER; Page 110 ORDER; Page 111 ORDER; Page 112 ORDER; Page 113 ORDER; Page 114 ORDER; Page 130 Page 131 Page 132 Page 133 Page 134 Page 135 Page 136 Page 137 Page 138 Page 142 Page 143 Page 144 Page 145 Page 146 Page 147 Page 148 Page 149 Page 150 Page 151 Page 152 Page 153 Page 154 Page 155 Page 156 Page 157 Page 158 Page 159 Page 160 Page 161 Page 162 Page 163 Page 164
- b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT - b6; b7C; b7D; OTHER - DOCUMENTS OBTAINED FROM SEALED COURT b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D;
Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page
165 166 167 168 169 170 171 172 173 174 175 176 177 178 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204
b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6; b6;
b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C; b7C;
b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; b7D; XXXXXXXXXXXXXXXXXXXXXXXX X Deleted Page(s) X X No Duplication Fee X X For this Page X XXXXXXXXXXXXXXXXXXXXXXXX
t (R:ev.05-01-2008)
UNCLASSIFIED
Date:
Precedence: To:
1/17/2012
Attn: Attn:
From:
SA
L...-
____~
b6 b7C
Approved Drafted
By: By:
I ~~TtK~L~~5~~~-~' ----~o~
(Pending) I"""" 1~-SA-58304-K (Pending)- 2)~ ~IDf_Pr "!>A "'(P3f.Uia ...~:r- , I I ANTISECi TEXAS COMMISSION ON JAIL STANDARDS (TCJS.STATE.TX.US) VICTIM COMPUTER INTRUSIONS - CRIMINAL MATTERS To open case and GJ subfile. a CHS provided writer with a CD I
b6 b7C b7D b7E
Synopsis: Details:
On 11/08/2011 containinql
ACS and searches on the term I resulted in a hit on case 288A-AT-99,96. serial J~J-.~T~h~l~is--s-e-r~i~a~l~ b6 is an FD-302 of an 2006 interview ofJ lat his b7C residence inl lin which he I I I The information provided the following:
Name:~I
~
UNCLASS IFI~ass/Alpha: __ Zti~,~II.....L::J....---,._J. Case Agent: ~~~=~-r'-f SRC Code:..Q!:L '_~-=---=~"'""M CPI Codes:;_~~~_:"::::i=-+Assess PI IDENTITYTH DATE:, __ .1.=-..l-l.---lo.!::::;"_ __
OPEN&ASSIG
To: Re:
UNCLASSIFIED
~
b6 b7C
UNCLASSIFIED
2
,)
.
To: Re:
UNCLASSIFIED
LEAD (8) : Set Lead 1: CYBER AT CCU2, DC For information only. Set Lead 2: (Info) (Info)
SAN ANTONIO AT SAN ANTONIO, TEXAS To advise Victim-Witness Coordinator of case initiation.
UNCLASSIFIED 3
lA Envelope
---------------------~---------------------------------------------------------
---------------~---------------------------------------------------------------
----------------------------------------------------------------------~-------! ! ---------------------------------------------------------~------------------------------------------------------------------~-------------------------------------------------------------------------------------
-----------------------~-
!.
.
FD-340 (Rev. 4-11-03)
I~
_)
File Number __
-,
From __
(NameofContributor/Interviewee)
(Address) ,
BY __
~~Jt~LI
_---------=j(City
~I
andState)
~_~_c
__
To Be Returned 0 Yes ~ No Receipt Given 0 Yes [it'No Grand Jury Material- Disseminate Only Pursuant to Rule 6 (e) Federal Rules of Criminal Procedure DYes Federal Taxpayer Information (FTI) [i;?' No
o
Title:
Yes
d'~o
Rererence:
~
(Communication Enclosing Material)
S'
'C,,,,
DocLab Note
//
ITEMS(S) CANNOT
BE .
SCANNED
DESCRIPTION
.'
c)
FD340(Rev. 4-1103)
u
_+-~..::..>.;..'1..;._~.A:.....,..."'~~_" __i_;:o=--",-_.;_I o..;::;......ll"- _-'-
File Number __
.'
---------~---~------------------~--------------(Name of ContributorlInterviewee)
(AddrcsI)
i ~
5ABy
To Be Returned
(City1s....)
~
Yes
-,
___ '"
,I
g No
cf
J /
Receipt Given 0 Yes No Grand Jury Material- Disseminate Only Pursuant to Rule 6 (e) Federal Rules of Criminal Procedure.tL Yes U No Federal Taxpayer Information (FfI) DYes c:l No
Title:
~
"-; b6 b7C
I
'1
Reference:
(Communication Encklsing Material)
I
I
Origin~lnotes re interview of
.1
I
.......
2__-_~-_f_L __
Y-
OTHER
To: __
~I __ ------------~=-~----------J _----====-l------L
Fax Number:
From:
Contact Number:
Office:
b6 ~ b7C
Reference:
--~~---------------------
I
\
I
I
\
I
I
-_._---
!......-~~
:~
UNCLASSIFIED
Precedence:
ROUTINE
Date: 02/09/2012
To: From:
b6 b7C
~==========~--~ ~I ~
288A-SA-63452 (Pending)"'"
ANTISECi TEXAS COMMISSION ON JAIL STANDARDS (TCJS.STATE.TX.US) VICTIM COMPUTER INTRUSIONS - CRIMINAL MATTERS To claim statistical accomplishment.
b6 b7C b7E
Synopsis:
UNCLASSIFIED
b6 b7C
I
I
,
'(
'r.;
UNCLASSIFIED To: Re: San Antonio From: San Antonio 288A-SA-63452, 02/09/2012
Accomplishment
Infor.mation:
Number: 1 Type: ClP 2703(f) ORDER SERVED lTU: ClP Claimed SSN: Name Squa: C-4
BI"
~~~~------------~
b6 b7C
UNCLASSIFIED 2
INFORMATION NEEDED F~M AGENT FOR COMPLETION (Complete one form for each defendant)
OF CRIMIIIl
OPENING
FORMS:
I.
Antisec
ADDRESS.~ __~
~---------------
ID#: SEX:~M==~~D~O~B~:~I=-~ ~ ARREST DATE:~n~a~ SSN:L_ _J-------COUNTRY OF CITIZENSHIP: ~U~S~A~ IMMIGRANT STATUS: NON-RESIDENT / UNDOCUMENTED
__ ___ __
LEGAL
PERMANENT
RESIDENT
VALID
VISA
LIST ALL:
b6 b7C
CASE #: 2BBA-SA-63452
__
AGENCY CASE #:
ESTIMATED DOLLAR LOSS: ~n~o~n~e~ IN WHAT COUNTY OR COUNTIES DID THE CRIME OCCUR?
L-
__ _rl=c=o=u=n=ty~-------
DOES SUBJECT HAVE COUNSEL? ~U~n~k~n~o~w~n~ IF YES, CIRCLE ONE: FEDERAL DEFENDER / APPOINTED And LIST COUNSEL'S NAME AND ADDRESS:__~N~A~
___
/ RETAINED / PRO SE
__
IF THIS IS A BANK FRAUD CASE, IS THERE A PROGRAM AGENCY INVOLVED? (i.e., Comptroller of the Currency, FDIC, etc.) IF SO, LIST AGENCY AND THEIR FILE NUMBER' n/a
ARE THERE ANY VICTIMS IN THIS CASE? Yes IF SO, WHOM? Texas Commission on Jail Standards website at www.tcjs.tx.us IS THIS A SENSITIVE CASE?~N~ __
GIVE SHORT SYNOPSIS OF CASE: Subject of case is involved in computer hacking with the Anonymous group. Subject conducted unauthorized activity against www.tcjs.tx.us as part of a computer intrusion attack against the site.
UNCLASSIFIED
Precedence:
'To:
PRIORITY Attn:
02/27/2012"
___~
From:
_p
I
L--I
~I!
A
b6 b7C
(Pending) ~
~ ~ANTISEC; TEXAS COMMISSION ON JAIL STANDARDS (TCJS.STATE.TX.US) VICTIM COMPUTER INTRUSIONS - CRIMINAL MATTERS Synopsis: Request Sosi lassistance on captioned case.
Details: Writer requests sosl lassistance due to the overwhelming amount of time-sensitive data bein r vided by a CHS. This data often contains
b7D
Due to the amount, and frequency, of the data, it is not possible to provide timely updates to the affected FBI field . offices and law enforcement agencies while also addressing current CIP National Security and CIP Criminal case load. It is anticipated that sosl I assistance will consist of reading email, watching videos, and crnducting online research regarding CIP Criminal hacktivism. SOS_ assistance is requested to assist C-4 Cyber in mitigating hacktivism threats which are presently ongoing in FBI San Antonio's AOR and in other FBI Field Office AORs. CHS reporting is arriving daily, but becomes stale if not utilized immediately to assist in preventing or responding to CIP Criminal Hacktivism threats. The duration of the captioned case is unknown and will be commensurate with the operational life of the CHS.
b6 b7C
Without SO~ assistance, there is a substantial risk of losing valuable information being provided by UNCLASSIFIED
UNCLASSIFIED To: Re: San Antonio From: San Antonio 288A-SA-63452, 02/27/2012
the CHS into CIP Criminal Hacktivism threats and the ability to mitigate these threats in a timely manner through prevention of attacks or mitigation of known or attempted intrusions.
UNCLASSIFIED
lI
UNCLASSIFIED To: Re: San Antonio From: San Antonio 288A-SA-63452, 02/27/2012
LEAD (s)
Set Lead 1:
(Action)
to captioned
b6 b7C
UNCLASSIFIED 3
UNCLASSIFIED
ROUTINE
Date:
02/20/2012
ANTISECi TEXAS COMMISSION ON JAIL STANDARDS (TCJS.STATE.TX.US) VICTIM COMPUTER INTRUSIONS - CRIMINAL MATTERS To claim statistical accomplishment.
Synopsis:
Details: To date, during the course of this investigation, writer has accomplished numerous achievements. The owners of www.lcso.org and www.pbso.org were notified of trespasser activity against their sites.
identifiedthrQ~
The sUbjecT~~o~~t~b~e~'~'n~1wTe~s~t~i~a~a.t~j.o~n~I----------------'_I~"JS b6
b7C b7D
UNCLASSIFIED
To: Re:
UNCLASSIFIED
Accomplishment
Infor.mation:
Number: 2 Type: CIP VICTIM CONTACTED/INTERVIEWED ITU: CIP Claimed BY:I SSN: Name: Squad :L...-...,.c.,..-....,4.-----------. Number: 1 Type: CIP SUBJECT IDENTIFIED ITU: CIP Claimed By 1 SSN: Name: Squad:~-C=--4~------~ Number: 1 Type: CIP IN~ORMANT/ASSET DEVELOPED ITU: CIP Claimed By.~o---------~
b6 b7C
~;:~:I
Squad'~:-~C~--4------~
Number: 1 Type: CIP CONSENSUAL MONITORING CONDUCTED ITU: CIP Claimed BYro-----------,
~~:~: I Squad
UNCLASSIFIED
(Rev. 05-0),,2008) t
ROUTINE Attn:
04/11/2012
----1
b6 b7C
___..lll
(Pending)/ ,\
288A-SA-63452
ANTISECi TEXAS COMMISSION ON JAIL STANDARDS (TCJS.STATE.TX.US) VICTIM COMPUTER INTRUSIONS - CRIMINAL MATTERS Request location of subject of captioned case.
Synopsis:
Enclosure's): Encrosed for San Jose are two recent photographs of ""__ __ ! -;:::::::::::::=._--,
Details:
On
UNCLASSIFIED To: Re: San Francisco 288A-SA-63452, From: San Antonio 04/11/2012
b6 b7C b7E
confirmation
of the location
of
r~------~Il~'s~b-e~l~l~'eved
The subject's full name is I DOB: SSAN: [ I possible cellular telephone number I las~ known ad~ress: I ~----------------~ ~J This residence is~I ~ primary residence. Other possible residents at L.t-h-a-t--l-o-c-a-t....,i-o-n--m-a-y~be
r---------,l
b6 b7C
I
appears to be currently
Iwas the ~
See case 288A-AT-99196 for further informatiQn. Please be aware that I Imay bel
b6 b7C b7E
, ,
.
.,)
UNCLASSIFIED To: Re: San Francisco From: San Antonio 288A-SA-63452, 04/11/2012
LEAD (s)
Set Lead 1:
(Action)'
r.
land determine whether he currently is~I 1 I Please include information on any electronic equipment that may be observed in subject's possession .
Y_-_r..&;;.,,_~-_12
To:
Jr---.....;....._-------,
_"L-I
From:
It
Fax Number:
--'-
b6
SA
omce:
Fax:
L-__'
b7C b7E
Contact Number:
Reference:
f~
~ ..
(Rev. 05-01-2008)
ROUTINE Attn:
Date:
04/20/2012 ......
Attn:
SSA~I---------------, CT-4
__._.....,
288A-SA-63452
(Pending)" \
b6 b7C
ANTISECi TEXAS COMMISSION ON JAIL STANDARDS (TCJS.STATE.TX.US) VICTIM COMPUTER INTRUSIONS - CRIMINAL MATTERS (U//JOUO)L.(UjjFOUO)
Synopsis:
__......
I
Details:
~I
-----------------------
__......I~~~ b7E
b6 b7C
'"
.
UNCLASSIFIED To: Re: San Francisco From: San Antonio 288A-SA-63452, 04/11/2012
LEAD (s): Set Lead 1: CYBER AT CCU-1, WASHINGTON, DC No hard copy to follow. Set Lead 2: CYBER AT CCU-2, WASHINGTON, DC No hard copy to follow. Set Lead 3: SAN ANTONIO AT SAN ANTONIO, TEXAS For evaluation by CI-l for actionable value. Set Lead 4: SAN ANTONIO AT SAN ANTONIO, TEXAS For evaluation by CT-4 for actionable value . (Action) (Action) For information only. (Info) For information only. (Info)
(Rev, 05-01-2008)
Precedence: To:
ROUTINE
04/20/2012
From:
y:~;
b6 b7C
~~TISECi Title: ~ TEXAS COMMISSION ON JAIL STANDARDS (TCJS.STATE.TX.US) VICTIM COMPUTER INTRUSIONS - CRIMINAL MATTERS
~S_yn __ O_D_S_;_S_. (T_T_/_/F_O_T_ID~r.L~
Enclosure(s): Enclosed for Sacramento is a CD-ROM containing a copy of the database table in MS Excel format.
, t
To: Re:
UNCLASSIFIED
b7E
LEAD (s)
Set Lead 1:
(Action)
I
b7E
UNCLAS$IFIED,
Date:
FEDERAL
BOFl~U
~F INVESTIGATION
ROUTINE
05/01/2012
~----------------------------~ SA
Approved Drafted
By: By:
~========----~ I I
288A-SA-63452 (Pending)
b6 b7C
Case ID #: Title:
~l~
ANTISEC; TEXAS COMMISSION ON JAIL STANDARDS (TCJS.STATE.TX.US) VICTIM COMPUTER INTRUSIONS - CRIMINAL MATTERS To claim stati$tical accomplishment. To date, writer has used a CRS on multiple occasions to
b6 b7C b7D
Synopsis: Details:
UNCLASSIFIED
:f
UNCLASSIFIED
To: Re:
Accomplishment
Infor.matiq~:
Number: 1 Type: CIP SUBJECT IDENT~fIED ITU: CIP Claimed By:I SSN: Name: Squad:~~C---4--------------~ Number: 1 Type: CIP SEARCH WARRANT OBTAINED AND EXECUTED ITU: CIP Claimed BY:I SSN: Name: Squad: C-4
~~~------------~
Number: 1 Type: CIP CONSENSUAL MONITORING CONDUCTED ITU: CIP Claimed By~ ~
b6 b7C
~;~~:~I--~~------------~
Squad: C-4 Number: 1 Type: CIP COMPROMISED SITE IDENTIFIED ITU: CIP Claimed By:~ ~ SSN: I Name: ~ ~ ....I Squad: C-4
UNCLASSIFIED,
I..
(Rev. 05-01-2008)
ROUTINE Attn:
L..I
Date:
05/03/2012
SA -r=-~--____J Cyber!C-4
I
~L..-
]
I
_
288A-SA-63452
(Peridd.nq )
b6 b7C
ANTISEC TEXAS COMMISSION ON JAIL STANDARDS (TCJS.STATE.TX.US) - VICTIM COMPUTER INTRUSIONS - CRIMINAL MATTERS Coverage of lead. 01/17/2012
b6 b7C
Synopsis:
Details: San Antonio CI-1 received a SA-63452 serial #14 lead #3. Special ~~~~~~ __~ __~~ ~ and Staff Operations Specialist (SOS) conducted logical investigation of e-mail addresses. To date, FBI San Antonio CI-1 ha~ exhausted all investigative resources and no priority threats to national security warranting further investigation were identified. In the event additional derogatory information is discovered, FBI San Antonio CI-1 will consider opening an investigation. FBI San Antonio CI-1 considers this lead covered.
UN~ASSIFIED//FOR OFFICIAL us!ltNLY To: Re: San Antonio From: San Antonio 288A-SA-63452, 05/03/2012
LEAD (8)
Set Lead 1:
(Info)
SAN ANTONIO AT SAN ANTONIO, TX C-4 for information only. Read and clear .
(Rev. 05-01-2008)
UNCLASSIFIED
Date: OS/25/2012
PRIORITY
SAl~----------------------------,
__.I \ q,
(Pending) ~
b6 b7C
aka I I ANTISECi TEXAS COMMISSION ON JAIL STANOARDS (TCJS.STATE.TX.US) VICTIM COMPUTER INTRUSIONS - CRIMINAL MATTERS
Case update and investigative plan. ' Details: Writer currently has no CHS coverage of the subject of the captioned case and no more open-source leads. A lead was sent tol I RA, IDivision, to attempt to physically locate subJect at filS last known physical address. To date, I IRA has been unable to locate the subject.
Synopsis:
b7D
~ ~IRA has a CHS that may be able to gain access to the subject online and writer has requested that this be attempted. Writer has also requested I I RA to onti plle attempt to locate the subject. Writer will work withtto provide any needed information or Grand Jury subpoenas.
fO
Upon locating the subject, whether online or physically, writer will use all means available to observe the online activity, especially the IP addresses used, by the subject. It is anticipated that this will enable writer to link past known attacks to the subject beyond a reasonable doubt .
UNCLASSIFIED
- 1-
Date of transcription
05/31/2012
b6 b7C b7D
rI
~O~n~~M~a~y~3~1~, 2012, an employment request was faxed to the State ofl lEmplOymenf Development Department (EDD), via facsimile number I . The request asked for employment information from 01/01/2010 through present for the following individual: Name: DOB: SSAN: Attached and made a part of this document is a copy of the request faxed to EDD_
Investigation on
05 / 31/2012
b7D
atL-1
...J....-------Date dictated
File #
by
288A-SA-63452 /l S_A~
not dictated
b6 b7C
~------------------~--~~--------------~~._~lle~!1 :nd
This document contains neither recommendations nor conclusions of the FBI. It is the it and its contents are not to be distributed outside your agency.
a1
<tt ~~d!:fo
?our-:: le~
In Reply, Please Refer to
File No.
28 8A -SA -63452
Re:
Employment
for L..I
~FmplOyment
Please provide employment information through present for the following individual: Name: DOB: SSAN:
Sincerely yours,
b6 b7C
SpecJ.al Agent
'\/
,
)Ov
\0
I
,\
./
"
.'
it1
ROUTINE
UNCLASSIFIED
Date:
06/08/2012
d-D
ANTISECi TEXAS COMMISSION ON JAIL STANDARDS (TCJS.STATE.TX.US) VICTIM COMPUTER INTRUSIONS - CRIMINAL MATTERS To claim statistical accomplishment.
Synopsis:
Details: On 6/7/2012, an I~I~R~(~n~U~mb~~e~r~I ~ ~ was published based on CHslreporting. The subject of b7D the IIR was (U//FOUO) Identification of Internet Relay Chat (IRC) Channels Used by Anonymous Members, as ofl I
UNCLASSIFIED
To: Re:
UNCLASSIFIED
b6 b7C
Accomplishment
Infor.mation;
Number: 1 Type: CIP POSITIVE INTELLIGENCE PRODUCT GENERATED (E.G. IIR) ITU: CIP Claimed By~ ~
UNCLASSIFIED
2
UNCLASSIFIED
FD-l023
(07/24/2010)
IDt
.....
,.
n:
Squad: C Four Date of Contact 02/22/2012 List all present includin
g
yourseI1i---------, (Do not include the CHS.): Type of Contacte-Mail Date of 03/02/2012 Report: Substantiv e CaseFile Number: 288A-SA-63452
b6 b7C
DCheck if Grand Jury restrictions apply Source Reporting: CHSprovided the following through email:
b6 b7C
UNCLASSIFIED
-----------------------------------------------
UNCLASSIFIED
FD-l023
(07/24/2010)
Source I Date: 12/06/2011 Case Agenq Name~~ Field Offlce/Dlvlslo San Antonio
~~~~~----~
~
n:
Squad: C Four Date of 11/08/2011 Contact: List all present including,.b6 b7C ~ ~
yourself]
include the CHS.):
(Donorla_.
Type of In Person Contact: Count~ UNITED STATES City: Lackland AFB Stat: Texas Date of 12/06/2011 Report: . Substantiv e Case File .....__ Number: 288~UB
--
- -------
--
--_
---------------------------------------------------------,
DCheck if GrandJury restrictions apply The report mentions a full report provided by1:hesource:
r-1-------------,lan4
L..-
b6 b7C
This is your guide to making senseof everything on this disc. All times in file names are Central.
[[DISCLAIMER]]
b6 b7C b7D
FD-l023
(07/24/2010)
IDtL
Squad: C Four
___.
b7D
b6 b7C
Date of Contact: 05/01/2012 List all present including vourself.L (Do not include the CHS.): Type of Contact: e-Mail
___,J
Date of ReportLI
.....I
b6 b7C b7D
b7D
Page 1 of 26