DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Statement on guilty pleas by Paypal13

Posted on December 6, 2013 by Dissent

Statement from the U.S. Attorney’s Office for the Northern District of California on the “Paypal13:”

Thirteen defendants pleaded guilty in federal court in San Jose yesterday to charges related to their involvement in the cyber-attack of PayPal’s website as part of the group “Anonymous,” United States Attorney Melinda Haag announced. One of the defendants also pleaded guilty to the charges arising from a separate cyber-attack on the website of Santa Cruz County.

In pleading guilty, the defendants admitted to carrying out a Distributed Denial of Service (DDoS) cyber-attack against PayPal in December 2010.

These DDoS attacks were facilitated by software tools designed to damage a computer network’s ability to function by flooding it with useless commands and information, thus, denying service to legitimate users. A group calling itself “Anonymous” claimed responsibility for the attacks, saying they conducted the attacks in protest of the companies’ and organizations’ actions. The attacks were facilitated by the software tools “Anonymous” made available for free download on the Internet. The victims included major U.S. companies across several industries.

According to the plea agreements and statements made in court, in late November 2010, WikiLeaks released a large amount of classified United States State Department cables on its website. Citing violations of the PayPal terms of service, and in response to WikiLeaks’ release of the classified cables, PayPal suspended WikiLeaks’ accounts such that WikiLeaks could no longer receive donations via PayPal. WikiLeaks’ website declared that PayPal’s action “tried to economically strangle WikiLeaks.”

The plea agreements further state that, in retribution for PayPal’s termination of WikiLeaks’ donation account, Anonymous coordinated and executed DDoS attacks against PayPal’s computer. Anonymous referred to these co-ordinated attacks on PayPal as “Operation Avenge Assange.”

The following defendants pleaded guilty:

1. CHRISTOPHER WAYNE COOPER, dob 10/21/87, aka “Anthrophobic,” Elberta,
Alabama

2. JOSHUA JOHN COVELLI, dob 1/10/85, aka “Absolem, and, “Toxic,”
Fairborn, Ohio

3. KEITH WILSON DOWNEY, dob 11/7/84, Jacksonville, Florida

4. MERCEDES RENEE HAEFER, dob 6/21/91, aka “No,” and “MMMM,” Las Vegas,
Nevada

5. DONALD HUSBAND, dob 8/14/81, aka “Ananon,” Fairfield, California

6. VINCENT CHARLES KERSHAW, dob 2/23/84, aka “Trivette,” “Triv,” and
“Reaper,” Fort Collins, Colorado

7. ETHAN MILES, dob 9/1/77, Flagstaff, Arizona

8. JAMES C. MURPHY, dob 11/15/74, Baldwin Park, California

9. DREW ALAN PHILLIPS, dob 4/15/85, aka “Drew010,” Santa Rosa, California

10. JEFFREY PUGLISI, dob 2/19/83, aka “Jeffer,” “Jefferp,” and “Ji,”
Clinton Township, Michigan

11. DANIEL SULLIVAN, dob 6/29/89, Camarillo, California

12. TRACY ANN VALENZUELA, dob 2/11/69, Napa, California

13. CHRISTOPHER QUANG VO, dob 5/16/89, Attleboro, Massachusetts

With the exception of Valenzuela, Phillips and Miles, each of the defendants pleaded guilty to one count of Conspiracy, in violation of 18 USC 1030(b)(Felony), and one count of Intentional Damage to a Protected Computer, in violation of 18 USC 1030(a)(5)(A)(Misd.). Defendant Valenzuela pleaded guilty to one count of Reckless Damage to a Protected Computer, in violation of 18 USC 1030(a)(5)(A)(Misd.). Defendants Phillips and Miles were permitted to plead guilty to one count each of Intentional Damage to a Protected Computer, in violation of 18 USC 1030(a)(5)(A)(Misd.) only.

The terms of the plea agreements allow that unless a defendant violates any of the terms of the plea agreement or fails to accept responsibility, at the time of sentencing, the defendant may make an unopposed motion to withdraw his/her guilty plea to Count One, Conspiracy to Commit Intentional Damage to a Protected Computer in violation of 18 U.S.C. 1030(b) and the government will dismiss Count One, leaving only the misdemeanor count of violating of 18 U.S.C. 1030(a)(5)(A) to be entered as a final judgment against the defendant.

Defendant Joshua John Covelli also pleaded guilty to executing a DDoS attack (with another defendant, presently a fugitive) against the Santa Cruz County web server, admitting that it was in retaliation for a statute enacted by the City of Santa Cruz. The City of Santa Cruz enacted Section 6.36.010 of its Municipal Code, entitled “Camping Prohibited,” which contained restrictions and definitions on camping within Santa Cruz City. In response to the enforcement of Section 6.36.010, protesters occupied the Santa Cruz County Courthouse premises from approximately July 4, 2011 to October 2, 2011. Law enforcement officers from Santa Cruz County disbanded the protest and several protesters were charged with misdemeanors crimes in Santa Cruz County.

According to Covelli’s plea agreement and statements in court, in retribution for Santa Cruz City’s enforcement of Section 6.36.010 of the Municipal Code, and Santa Cruz County’s disbandment of the protest, Covelli and others, calling themselves the “People’s Liberation Front'” or “PLF,” and claiming to be associated with the “Anonymous” group, co-ordinated and executed an attack against Santa Cruz County’s computer servers. The PLF referred to these coordinated attacks on Santa Cruz County as “Operation Peace Camp 2010.”

The defendants are currently released on bond.

The sentencing hearings for twelve of the defendants are scheduled for December 4, 2014 at 10:00 a.m. before the Honorable D. Lowell Jensen, United States District Court Judge, in San Jose. Tracy Valenzuela’s sentencing hearing is scheduled for November 20, 2014 at 10:00 a.m. before Judge Jensen as well. The maximum statutory penalty for each count in violation of 18 United States Code, Section 1030(b) – Conspiracy (Felony), is 5 years imprisonment and a $250,000 fine; for each count in violation of 18 United States Code, Section 1030(a)(5)(A) – Intentional Damage to a Protected Computer (Felony), is 10 years imprisonment and a $250,000 fine; for each count in violation of 18 United States Code, Sections 1030(a)(5)(A) & (c)(4)(G)(i) – Intentional Damage to a Protected Computer (Misd.) is 1 year in prison and a $100,000 fine, and for each count in violation of 18 United States Code, Sections 1030(a)(5)(A) & (c)(4)(G)(i) – Reckless Damage to a Protected Computer (Misd.) is 1 year in prison and a $100,000 fine.

However, any sentence will be imposed by the court only after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. § 3553.

Matt Parrella and Hanley Chew are the Assistant U.S. Attorneys who prosecuted the case with the assistance of Elise Etter. The prosecution is the result of an investigation by the Federal Bureau of Investigation, along with cooperation from PayPal. Authorities in the Netherlands, Germany and France have also taken their own investigative and enforcement actions.

The National Cyber-Forensics and Training Alliance, a public-private partnership whose mission to identify, mitigate, and neutralize cyber-crime, also provided assistance.

Further Information:
Case #: CR-11-471 DLJ (PSG)

Category: Business SectorCommentaries and AnalysesOther

Post navigation

← Horizon BCBS notifying 840,000 members after laptops stolen with personal data (update 1)
Tracking System Prepares New York to Evacuate Patients in Emergencies →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.