DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Australian national known as “DR32” sentenced in U.S. federal court

Posted on May 17, 2025May 17, 2025 by Dissent

In a somewhat surpising turn of events, the Australian hacker known as “DR32” learned his sentence in a Colorado federal court this week. It was not the sentence most people might have expected.

David Kee Crees, a 26 year-old Australian, who had also been known online as “Abdilo,” “Notavirus,” “Surivaton”, and “Grey Hat Mafia’s Bitch,” had been extradited to the U.S. to face a 22-count grand jury indictment filed in 2021. The indictment covered a period  from approximately June 2020 to July 2021. Court filings referred to seven unnamed victims and a ransomware group that Crees allegedly compromised.

Much of the supporting affidavit for the extradition request cited Crees’ interactions and sales of data to an undercover agent. Of note, it appeared that the case arose from an investigation by the U.S. Department of Homeland Security’s Homeland Security Investigations. During that time, DHS/HSI used undercover agents who made deals with Crees and investigated his claims. Excerpts from Crees’ interactions with the undercover agents were quoted in the affidavit.  While one agent would make deals with Crees, a second undercover agent would reportedly send the payments to Crees. Excerpts quoted in the supporting documentation reveal that Crees revealed a lot of personal details about himself to the undercover agent.

Although the Adelaide court approved the U.S. extradition request in August 2022, Crees didn’t actually appear in federal court in Denver until February 2024 for his arraignment. He was detained in a federal detention center pending trial, but with his trial scheduled for August, 2025, Crees changed his plea and pleaded guilty in January of this year.

As part of the plea deal, Crees pleaded guilty to Counts 1-14:

Counts 1 -7  were violation of  18 U.S.C. §§ 1030(a)(2)(C), 1030(b), 1030(c)(2)(B)(i) & 2:  Access a protected computer without authorization for private financial gain

Counts 8-14 were violation of 18 U.S.C. §§ 1030(a)(5)(A), 1030(b), 1030(c)(4)(A)(i)(I) & 2: Cause damage to a protected computer without authorization, causing loss of at least $5,000

Sentence

In a decision that may shock many, on May 14, Crees was sentenced to time served by U.S. District Court Judge Daniel D. Domenico.

Crees had been detained in Australia for two years pending his extradition here, and then he had been in a federal detention center from February 2024 until now, but  just time served for a case that started with 22 counts?

Because most of the court filings in this case are sealed, it is not publicly known why the government dropped counts 15-22 and why the court determined that time served was appropriate.

Crees was also sentenced to supervised release with standard conditions and some special conditions of release for a term of one (1) year as to all counts, to run concurrently, following his release from prison.  He was also ordered to pay a special assessment fee of $1,400.00.

In another surprising aspect of the judgment, there was no restitution to victims ordered. There was, however, this:

The defendant shall forfeit the defendant’s interest in the following property to the United States: a money judgment in the amount of $245,056.92.

So why such a light sentence? Is there a matter of national security or homeland security that resulted in the government not wanting certain things to be made public if this case went to trial? Because so many of the files are sealed or restricted, it seems likely that there might be some sensitive hacks or incidents that the government would not want revealed.

This post will be updated if more information becomes available.

Category: HackOf Note

Post navigation

← Alabama Man Sentenced to 14 Months in Connection with Securities and Exchange Commission X Hack that Spiked Bitcoin Prices
Anne Arundel ransomware attack compromised confidential health data, county says →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.