He’s just a frail-looking teenager, but he sent threatening emails to get his victims to pay his extortion demands.
Today, 19 year-old Assumption College student Matthew Lane waived indictment and pleaded guilty in a Worcester courtroom to hacking an unnamed telecom company and an unnamed edtech vendor, widely known to be PowerSchool.
As per the plea agreement, Lane pleaded guilty to all four counts of the information:
- Count One: Cyber Extortion Conspiracy
- Count Two: Cyber Extortion; Aiding and Abetting
- Count Three: Unauthorized Access to Protected Computers; Aiding and Abetting
- Count Four: Aggravated Identity Theft
Lane was released on conditions and a personal recognizance bond. He will be in the custody of his mother, and has fairly common restrictions such as no alcohol or narcotics, undergoing a mental health evaluation and treatment if required, no contact with co-conspirators, no accessing the internet without approval by probation services, and no owning any device that can connect to the internet. Any devices in the home owned by his parents must be password protected or removed from the home when they are not home. He must also submit to supervision by probation and pretrial services.
Somewhat surprisingly, his conditions did not include a check for the box “continue or start an education program.” Since Lane was a college student, it raises a question as to whether that box is unchecked because classes are done for now, or if the college has suspended or expelled him. Or perhaps that was just an oversight that will be amended.
Lane is scheduled to be sentenced on September 11. As part of the plea deal, the prosecution agreed that it would not appeal any sentence of 94 months or longer. Lane could be sentenced to less time if the sentence for Counts 1, 2, and 3 are served concurrently for 5 years, followed by two years (mandatory) for the aggravated identity theft count.
The plea deal also includes three years of supervised release after serving his time and a forfeiture provision for $160,981 and restitution. The amount of restitution has not been determined yet, but the telecom had reportedly paid Lane $200,000 and he reportedly demanded $2.85 million in Bitcoin from PowerSchool. PowerSchool recently acknowledged that they paid a ransom demand to get assurances of data deletion, but they did not confirm how much they paid.