DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Australian national known as “DR32” sentenced in U.S. federal court (1)

Posted on May 17, 2025June 8, 2025 by Dissent

In a somewhat surpising turn of events, the Australian hacker known as “DR32” learned his sentence in a Colorado federal court this week. It was not the sentence most people might have expected.

David Kee Crees, a 26 year-old Australian, who had also been known online as “Abdilo,” “Notavirus,” “Surivaton”, and “Grey Hat Mafia’s Bitch,” had been extradited to the U.S. to face a 22-count grand jury indictment filed in 2021. The indictment covered a period  from approximately June 2020 to July 2021. Court filings referred to seven unnamed victims and a ransomware group that Crees allegedly compromised.

Much of the supporting affidavit for the extradition request cited Crees’ interactions and sales of data to an undercover agent. Of note, it appeared that the case arose from an investigation by the U.S. Department of Homeland Security’s Homeland Security Investigations. During that time, DHS/HSI used undercover agents who made deals with Crees and investigated his claims. Excerpts from Crees’ interactions with the undercover agents were quoted in the affidavit.  While one agent would make deals with Crees, a second undercover agent would reportedly send the payments to Crees. Excerpts quoted in the supporting documentation reveal that Crees revealed a lot of personal details about himself to the undercover agent.

Although the Adelaide court approved the U.S. extradition request in August 2022, Crees didn’t actually appear in federal court in Denver until February 2024 for his arraignment. He was detained in a federal detention center pending trial, but with his trial scheduled for August, 2025, Crees changed his plea and pleaded guilty in January of this year.

As part of the plea deal, Crees pleaded guilty to Counts 1-14:

Counts 1 -7  were violation of  18 U.S.C. §§ 1030(a)(2)(C), 1030(b), 1030(c)(2)(B)(i) & 2:  Access a protected computer without authorization for private financial gain

Counts 8-14 were violation of 18 U.S.C. §§ 1030(a)(5)(A), 1030(b), 1030(c)(4)(A)(i)(I) & 2: Cause damage to a protected computer without authorization, causing loss of at least $5,000

Sentence

In a decision that may shock many, on May 14, Crees was sentenced to time served by U.S. District Court Judge Daniel D. Domenico.

Crees had been detained in Australia for two years pending his extradition here, and then he had been in a federal detention center from February 2024 until now, but  just time served for a case that started with 22 counts?

Because most of the court filings in this case are sealed, it is not publicly known why the government dropped counts 15-22 and why the court determined that time served was appropriate.

Crees was also sentenced to supervised release with standard conditions and some special conditions of release for a term of one (1) year as to all counts, to run concurrently, following his release from prison.  He was also ordered to pay a special assessment fee of $1,400.00.

In another surprising aspect of the judgment, there was no restitution to victims ordered. There was, however, this:

The defendant shall forfeit the defendant’s interest in the following property to the United States: a money judgment in the amount of $245,056.92.

So why such a light sentence? Is there a matter of national security or homeland security that resulted in the government not wanting certain things to be made public if this case went to trial? Because so many of the files are sealed or restricted, it seems likely that there might be some sensitive hacks or incidents that the government would not want revealed.

This post will be updated if more information becomes available.

Update of June 8, 2025.  ICE is attempting to deport Crees to Australia.

Related posts:

  • SCOOP: Australian national known as “DR32” to stand trial in U.S. on hacking charges
  • With his criminal trial looming, the hacker known as “DR32” pleaded guilty in federal court
  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Fourth Circuit hears oral arguments about the sentencing of Conor Brian Fitzpatrick (aka “Pompompurin”)
Category: HackOf Note

Post navigation

← Alabama Man Sentenced to 14 Months in Connection with Securities and Exchange Commission X Hack that Spiked Bitcoin Prices
Anne Arundel ransomware attack compromised confidential health data, county says →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.