With his criminal trial looming, the hacker known as “DR32” pleaded guilty in federal court

Posted on by Dissent

With only two weeks until his trial was scheduled to start, Australian national David Kee Crees informed a federal court in Colorado that he wanted to change his plea to guilty. On January 15, he pleaded guilty to 14 out of 22 counts.

Background

Crees, a 26 year-old Australian, was known online as Abdilo, DR32, Notavirus, Surivaton, and Grey Hat Mafia’s Bitch. As DataBreaches reported in 2022, this site and blogger have been reporting on him since 2015 when his numerous attacks on the education sector caught this blogger’s attention.  Details of his background and information on the 22-count indictment of December 2021 can be found in that 2022 article. As reported at the time, Crees was his own worst witness against him as he repeatedly dealt with an undercover agent.

Although the Australian government granted the U.S. request for extradition in 2022, they did not put him on any plane right away. It wasn’t until February 2024 that Crees first set foot on U.S. soil to be arraigned and detained. He has been detained at FCI-Englewood in Colorado, a low security federal correctional institution with an adjacent minimum security satellite camp and a detention center.

Plea

On January 15, Crees pleaded guilty to Counts 1-14.  That worked out to two counts for each of seven victims:

Counts 1 -7  were violation of  18 U.S.C. §§ 1030(a)(2)(C), 1030(b), 1030(c)(2)(B)(i) & 2:  Access a protected computer without authorization for private financial gain

Counts 8-14 were violation of 18 U.S.C. §§ 1030(a)(5)(A), 1030(b), 1030(c)(4)(A)(i)(I) & 2: Cause damage to a protected computer without authorization, causing loss of at least $5,000

Consistent with U.S. procedures, Crees’ victims were never named in the indictment, but some additional details about them were provided in snippets of Crees’ interactions with the undercover agent.

A transcript of Crees’ plea hearing is not docketed, but sentencing is scheduled for April 23, 2025.

According to the indictment and according to what Crees was told prior to pleading guilty, the penalties for counts 1-7 could be:

  • No more than 5 years imprisonment;
  • No less than one year, but no more than 3 years supervised release;
  • No more than $250,000 fine; and
  • $100 special assessment

The penalties for counts 8 – 14 could be:

  • No more than 10 years imprisonment;
  • No less than one year, but no more than 3 years supervised release;
  • No more than $500,000 fine; and
  • $100 special assessment

It wasn’t stated whether the prison terms would definitely be served concurrently or consecutively. Neither were the fines definite in their maximum amount. Crees noted his understanding that the fines could be more from an alternative fine schedule and statute.  Crees also agreed that he would pay restitution to victims, which was listed as no more than $247,000 in his pre-plea statement.

Neither his pre-plea statement nor the docket for the plea hearing specifically mentions Counts 15-22. It is not clear to DataBreaches whether the prosecution has agreed to drop Counts 15-22, although it seems likely. There is much we may not find out because the government requested orally during the plea hearing that the plea agreement be restricted and the court granted that motion.

This post may be updated if more information becomes available, but DataBreaches suspects we may not find out much more if future filings are under seal because they relate to pre-sentencing reports and positions of the government and defense counsel.

 

Category: HackOf Note