Indictment

UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF ILLINOIS
EASTERN DIVISION

UNITED STATES OF AMERICA

v.

JAMES C. BREWER

COUNT ONE

The SPECIAL AUGUST 2006-1 GRAND JURY charges:
1. At times material to the indictment:

a. The Cook County Bureau of Health Services ("CCBHS") was a division of the Cook County government that administered and operated health care centers throughout the City of Chicago and surrounding suburbs, including the Ambulatory and Common ity Ilealth Network of Cook County, Cermak Health Services of Cook County, John H. Stroger, Jr. Hospital of Cook County, Oak Forest Hospital of Cook County, and Provident Hospital of Cook County. Computers located at facilities operated by the CCBHS were connected to one another as part of a computer network.

b. Personnel at CCBHS facilities, including medical personnel, relied upon computers to perform various functions, such as managing and accessing patient care records and filling prescriptions for inpatient hospital. residents. Personnel at CCBHS facilities relied directly upon computers in the provision of medical services and testing, such as fetal monitoring, the operation of scanning and imaging equipment, and laboratory testing.

c. Defendant JAMES C. BREWER was a resident of Arlington, Texas.

d. A "bot" was a computer program that could be implanted on a computer without authorization to perform various functions at the direction of the person who controlled the "bot." The controller of the "bot" accomplished the installation of the "bot" by using a computer or computers to electronically scan or search local networks or the Internet for computers with particular vulnerabilities or security weaknesses, such as the absence of a firewall, and using computer code written to take advantage of those vulnerabilities or weaknesses to compromise or "hack" into the computer. Once the computer was compromised, the "bot" code was installed on the computer and caused the computer to perform certain functions at the direction of the person controlling the hot, such as allowing the controller of the "bot" to access the computer.

e. A "botnet" was a network of computers infected with "bots." The "bots" were configured to automatically establish Internet connections with Internet Relay Chat ("IRC") servers and to receive commands in the form of topics posted in specific "chatrooms" or "channels" on the IRC servers. The. "botnet" controller was then able to control the "botnet" by connecting to the appropriate "chat-room" or "channel" on the IRC servers and issuing commands to the bots in the form of topics. An illicit market existed for the purchase and sale of "botnets."

f. One command commonly issued to a computer infected with a "bot" was for the computer to scan local networks or the Internet for other computers to infect with the "bot," thereby increasing the size and power of the "botnet." The process of scanning for vulnerable computers to add to the "botnet" could generate a large amount of network traffic, particularly within local networks. The increase in network traffic could be sufficient to interrupt and disable normal network communications and functions, thereby rendering network computers unable to perform their intended functions, and requiring significant repairs in order to resume those normal functions.

2. Prior to in or about October 2006, defendant JAMES C. BREWER obtained and designed malicious software or "bots" to infect computers belonging to others without the knowledge or authorization of the owners of the computers for the purpose of establishing a network of infected computers or "botnet."

3. Defendant JAMES C. BREWER programmed the malicious software or "bots" to cause the infected computers to establish Internet connections to IRC channels located on computer servers associated with, among others, the Internet domain names "http.an1malmating.com" and "http.fire-servers.net." Defendant controlled the IRC "chatrooms" or "channels" located on these computer servers and used them to issue commands to the infected computers that connected to the IRC "channels."

4. The commands issued to infected computers included commands to continuously scan local networks and the Internet for other computers that were vulnerable to infection and, upon the identification of such computers, to infect the computers with the malicious software or "bots" designed and controlled by defendant.

5. The malicious software or "hots" designed and controlled by defendant JAMES C. BREWER infected over 10,000 computers across the world, including computers located at CCBHS facilities such as the Nuclear Medicine Department and Oncology-Radiation Therapy Department at John H. Stroger Hospital, and computers in the Pharmacy Department at Oak Forest Hospital. The "hots" caused the infected computers to, among other things, repeatedly freeze or reboot without notice, thereby causing significant delays in the provision of medical services and access to data by CCBHS personnel. The computers at CCBHS' facilities continued to experience problems resulting from the "bots" through in or about December 2006, and in excess of 1,000 hours were spent by CCBHS personnel and private vendors attempting to remedy the problems.

6. In or about October 2006, at Chicago, in the Northern District of Illinois, and elsewhere,

JAMES C. BREWER,

defendant herein, knowingly caused the transmission of a program, information, code, and command, namely, malicious "bot" source code, and as a result of that conduct intentionally caused damage, without authorization, to computers used in interstate commerce and communication, namely, computers belonging to CCBHS, which conduct caused the modification and impairment, and potential modification and impairment, of the medical examination, diagnosis, treatment, or care of one or more individuals;

In violation to Title 18, United States Code, Section 1030(a)(5)(A)(i), (B)(.ii).

COUNT TWO

The SPECIAL AUGUST 2006-1 Grand Jury further charges:

1. The allegations of paragraphs 1 through 5 of Count One of this indictment are realleged and incorporated as though fully set forth here.

2. In or about October 2006, at Chicago, in the Northern District of Illinois, and elsewhere,

JAMES C. BREWER,

defendant herein, knowingly caused the transmission of a program, information, code, and command, namely, malicious "bot" source code, and as a result of that conduct intentionally caused damage, without authorization, to computers used in interstate commerce and communication, namely, computers belonging to CCBHS, which conduct caused an aggregate loss of at least $5,000 to CCBHS during a one-year period;

In violation to Title 18, United States Code, Section 1030(a)(5)(A)(i), (B)(i).

A TRUE BILL:

_______________________________
FOREPERSON

_______________________________
UNITED STATES ATTORNEY

ARRAIGNMENT

MINUTE entry before Judge Ruben Castillo as to defendant James C. Brewer :
Arraignment reset to 7/12/2007 at 9:45 AM. Arraignment set for 6/20/2007 is vacated.
Mailed notice

Rule 16.1 Conference

Rule 16.1 Conference to be held on or before 7/19/2007.

This will be a settlement conference intended to conclude the case rapidly. This is just a guess and only a guess, but the short date given here is likely an indicator that a plea is being hammered out and is almost done.

Pretrial Motions

Pretrial motions should be filed on or before 7/26/07 reset to 8/17/07.

Status Hearing

Status hearing set for 7/31/2007 at 9:45AM reset to 8/23/2007 at 9:45AM.

Exclusion of Days from Calculations

MINUTE entry before Judge Ruben Castillo as to defendant James C. Brewer :From 7/12/2007 until 7/31/2007 is excluded pursuant to 18 U.S.C. 3161(h)(8)(A)(B) and 18 U.S.C. 3161(h)(1)(F).

These two statutes set a time period that the Defendant must see trial commence (generally 70 days). This minute entry merely says that the period between July 12 and July 31 cannot be included in those 70 days.

Brady Motion

This is pretty routine paperwork. They're looking for anything that could help their case, and the government is obligated to give it to them. It's called "Brady Material" after Brady v. Maryland, 373 U.S. 83 (l963), the case that established this obligation on the government's part.

======================================
IN THE
UNITED STATES DISTRICT COURT
FOR THE NORTHERN DISTRICT OF ILLINOIS
EASTERN DIVISION

UNITED STATES OF AMERICA

v.

JAMES C. BREWER

MOTION FOR IMMEDIATE DISCLOSURE OF FAVORABLE EVIDENCE

Defendant JAMES C. BREWER, by the Federal Defender Program and its attorney, ROBERT D. SEEDER, pursuant to Rule l6(a)(1) of the Federal Rules of Criminal Procedure and the principles enunciated in Brady v. Maryland, 373 U.S. 83 (l963); Giglio v. United States, 405 U.S. 150 (l976), moves the Court to require the government to disclose immediately any previously undisclosed evidence or information in its possession, custody, or control, the existence of which is known, or by the exercise of due diligence may become known, which is favorable to the defendant and is material to the issues of his guilt, innocence, or sentencing. This request includes evidence which bears upon the credibility of a government witness, or which consists of documents or tangible objects which are material to the preparation of the defense. The information requested includes, but is not limited to, the following:

1. Any documentary evidence or information which is favorable to the defendant’s presentation of a defense. In particular, Mr. Brewer requests the following information:

• A history of any previous “bot” computer programs discovered on computers operated by the Cook County Bureau of Health Services (CCBHS).
-3-
• A history of computer problems or “bugs” at the CCBHS computer network prior to October, 2006 that caused computers to repeatedly freeze or reboot without notice.
• Records kept by information technology (IT) employees or contractors of CCBHS. reflecting installation of new computer programs in or about October, 2006.
• Any “bug lists” kept by IT personnel of CCBHS.
• Installation logs kept by IT personnel of CCBHS.
• Any records of modifications made to the CCBHS computer network in or about October, 2006.

2. Any prior statements of a witness for the government which are inconsistent with his or her expected trial testimony.

3. Any grants of immunity, favors, or promises of any kind made to a witness in connection with obtaining his or her testimony, whether bargained for or not. This includes any plea agreement entered into between the government and the witness pursuant to which, or as a result of which, the witness is testifying against the accused in this case or on behalf of the government at any other trial, grand jury or other proceeding or is furnishing data or information to the government.

4. An accounting of any money paid to any witness by the government including, but not limited to, rewards, subsistence payments, expenses or payments made for specific information supplied to the government.

5. Any assistance provided by any attorney or agent of the government to a witness for
-4-
any reason, including assistance with the witness' customers, a licensing agency, law enforcement or parole agency, or any other agency of federal, state or local government.

6. The criminal identification and history sheet of each government witness.

7. Any criminal charges pending against any government witness which have not been disposed of either by conviction or acquittal.

8. Any criminal activity in which a government witness has engaged which has not resulted in prosecution or conviction.

9. The name, last known address and statement, grand jury testimony, or memorandum of interview, if any, of any individual whose testimony would be favorable to the defendant in any way or consistent with his innocence.

Respectfully submitted,

FEDERAL DEFENDER PROGRAM
Terence F. MacCarthy
Executive Director

By: s/Robert D. Seeder
Robert D. Seeder

FEDERAL DEFENDER PROGRAM
55 E. Monroe Street
Suite 2800
Chicago, IL 60603
312/621-8326

Statement of Compliance with Local Criminal Rule 16.1

IN THE
UNITED STATES DISTRICT COURT
FOR THE NORTHERN DISTRICT OF ILLINOIS
EASTERN DIVISION

UNITED STATES OF AMERICA

v.

JAMES C. BREWER

DEFENDANT JAMES C. BREWER’S STATEMENT OF COMPLIANCE WITH LOCAL CRIMINAL RULE 16.1

Defendant JAMES C. BREWER, by the Federal Defender Program and its attorney, ROBERT D. SEEDER, pursuant to Local Criminal Rule 16.1 states as follows:

1. The government made delivery of its 16.1 material to defense counsel on July 17, 2007.

2. The delivery was from Assistant United States Attorney Rick Young.

3. Specifically, the government has provided various documents including the following: – - Documents Bates numbered 1-661 that contain F.B.I. reports of investigation, forensic analysis reports regarding the examinations of Mr. Brewer’s computer, as well as computers operated by the Cook County Bureau of Health Services (CCBHS), telephone records, copies of applications and affidavits requesting search warrants, as well as other miscellaneous records.

4. The government has provided what it maintains are all statements of the defendant in its possession.

5. The government has provided four discs, two of which contain “digital materials”
-3-
gathered and captured by the investigating agents in the course of the investigation. The last two discs contain various electronic materials gathered via subpoena during the governments investigation.

6. The government has agreed to duplicate the hard drive of Mr. Brewer’s computer that was confiscated in the investigation, as well as duplicate the hard drives obtained by the government from the CCBHS in its investigation, for purposes of forensic examination by an expert retained by the defense.

7. The government and Mr. Brewer have agreed that the requisite Rule 16 disclosures pertaining to the testimony of experts at trial be made no later than four weeks prior to trial.

8. The government has informed Mr. Brewer that it does not anticipate the introduction of any Rule 404(b) evidence or co-conspirator statements. However, should the government change its position on either of those matters, it would provide notice to Mr. Brewer three weeks prior to trial. Additionally, the government has agreed to produce § 3500 material three weeks prior to trial.

9. The government has informed defense counsel that it is recognizes its obligations under Brady v. Maryland, 373 U.S. 83 (1973), and should any exculpatory evidence for the defendant become known to the government, it would immediately make it available to the defendant.

10. The government has instructed the case agent to ensure that the written notes of government agents in this case are preserved.
-4-
Respectfully submitted,

FEDERAL DEFENDER PROGRAM
Terence F. MacCarthy
Executive Director

BY: s Robert D. Seeder
Robert D. Seeder

FEDERAL DEFENDER PROGRAM
55 E. Monroe Suite 2800
Chicago, Illinois 60603
(312) 621-8326

Information

UNITED STATES DISTRICT COURT
EASTERN DISTRICT OF MICHIGAN
SOUTHERN DIVISION

UNITED STATES OF AMERICA,
Plaintiff,

v.

D-1 JASON MICHAEL DOWNEY
Defendant.

INFORMATION

THE UNITED STATES ATTORNEY CHARGES:

COUNT ONE
(18 U.S.C. § 1030(a)(5)(A)(i) - Fraud and Related Activity in Connection with Computers)

D-1 JASON MICHAEL DOWNEY

From on or about June 18, 2004 to on or about September 5, 2004, in the Eastern District of Michigan and elsewhere, JASON MICHAEL DOWNEY, also known as "Nessun", defendant herein, who was then the owner of the "Rizon" Internet Relay Chat Network, did knowingly and intentionally cause the transmission of a program, information, code, or command through the use of an Internet Relay Chat network known as "Yotta-byte.net," and, as a result of such conduct, intentionally caused damage without authorization to several protected computers, in particular, defendant operated a "bot-net," that is, a network of computers infected with a virus, that allowed defendant to control such computers and cause them to attack other computers by sending high volumes of data to such target computers and causing damage by impairing the availability of such systems and losses of over $20,000, all in violation of Title 18, United States Code, 1030(a)(5)(A)(I).

STEPHEN J. MURPHY
United States Attorney

s/Sheldon N. Light
SHELDON N. LIGHT
Assistant United States Attorney
Chief, Economic Crimes Unit

s/Terrance Berg
TERRANCE BERG
Assistant United States Attorney

PLEA Hearing

Plea Hearing set for 6/20/2007 02:30 PM before Honorable Nancy G Edmunds

Appearance: Jill Price

UNITED STATES DISTRICT COURT
EASTERN DISTRICT OF MICHIGAN
SOUTHERN DIVISION

UNITED STATES OF AMERICA,
Plaintiff,

v.

JASON MICHAEL DOWNEY,
Defendant.

APPEARANCE

To the Clerk of this Court and all parties of record:

Enter my appearance as Counsel in the case for Defendant.
I certify that I am admitted to practice in the Court.

Respectfully Submitted,

FEDERAL DEFENDER OFFICE
s/Jill Leslie Price
Attorney for Defendant
645 Griswold, Suite 2255
Detroit, MI 48226
Phone: (313) 961-4150

Appointment of Federal Defender Office

Mr. Downey appears to be somewhat indigent, and therefore has been appointed an attorney from the Federal Public Defenders Office.

Bond

Bond was set at $10,000. It's an appearance bond, but there appear to have been no other conditions placed on it (like not accessing the Internet).

Conditions of Release

This document details the conditions of Downey's release. They are basically:

Report to Pre-Trial Services
Post a $10,000 Unsecured Bond

Waiver of Indictment

UNITED STATES DISTRICT COURT
EASTERN DISTRICT OF MICHIGAN
SOUTHERN DIVISION

UNITED STATES OF AMERICA,
Plaintiff,

v.

D-1 JASON MICHAEL DOWNEY,
Defendant.

WAIVER OF INDICTMENT

I, JASON MICHAEL DOWNEY, the undersigned defendant in this case, understand that I am being charged with the following felony offenses: Fraud in Connection with Computers, in violation of 18 U.S.C. § 1030(a)(5)(A)(i). I have been informed and understand that any person charged with a federal felony offense has the right to insist that the case proceed by way of an indictment returned by a grand jury. Understanding this, and pursuant to Rule 7(b) of the Federal Rules of Criminal Procedure, I hereby waive my right to prosecution by indictment and consent that the prosecution may be brought by information instead of by indictment.

JASON MICHAEL DOWNEY
Defendant

JILL LESLIE PRICE
Attorney for Defendant

Date: 6-20-07

Acknowledgement of Information

UNITED STATES DISTRICT COURT
EASTERN DISTRICT OF MICHIGAN
SOUTHERN DIVISION

UNITED STATES OF AMERICA,
Plaintiff,

v.

D-1 JASON MICHAEL DOWNEY,
Defendant.

DEFENDANT'S ACKNOWLEDGMENT OF INFORMATION

I, the undersigned defendant in this case, hereby acknowledge that I have received a copy of the information before entering my plea, and that I have read it and understand its contents.

I know that if I am convicted or plead guilty, I may be sentenced as follows:

Count I, Unauthorized Access to Protected Computer, in violation of 18 U.S.C. § 1030(a)(5)(A)(i) up to 10 years in prison, a $250,000 fine, or both.

Jason Michael Downey
Defendant

ACKNOWLEDGMENT OF DEFENSE COUNSEL

I acknowledge that I am counsel for defendant and that I have received a copy of the Standing Order for Discovery and inspection which requires all pre-trial motions to be filed within twenty (20) days of arraignment.

Jill Leslie Price, Esq.
COUNSEL FOR DEFENDANT

DATE: 6-20-07

Plea Agreement

UNITED STATES DISTRICT COURT
EASTERN DISTRICT OF MICHIGAN
SOUTHERN DIVISION

UNITED STATES OF AMERICA,

Plaintiff,

-vs-

D-1 JASON MICHAEL DOWNEY,

Defendant.

RULE 11 PLEA AGREEMENT

Pursuant to Rule 11 of the Federal Rules of Criminal Procedure, defendant JASON MICHAEL DOWNEY and the government agree as follows:

1. GUILTY PLEA
A. Count of Conviction
Defendant will enter a plea of guilty to Count I of Information, which charges 18 U.S.C. § 1030(a)(5)(A)(i).

B. Elements of Offense
The elements of Count 1 are:
1. Defendant knowingly and intentionally caused the transmission of a program, information, code, or command;

2. As a result of such conduct, defendant intentionally caused damage to a protected computer system;

3. Defendant was not authorized to do so.

4. Defendant caused at least $5,000 in losses.

C. Factual Basis for Guilty Plea
The following facts are a sufficient and accurate basis for defendant's guilty plea:

From on or about June 18, 2004 through on or about September 5, 2004, Defendant was the owner of the Rizon.net Internet Relay Chat (or "IRC") network. During that time defendant operated a "bot-network," that is, a network of computers infected with a virus that allowed defendant to control such computers, and cause them to attack other computers by sending high volumes of data to such target computers, and thereby causing damage by impairing the availability of such systems. In particular, Defendant caused a large number of computers to be infected with several kinds of "bot" viruses that would cause such computers to respond to commands that defendant issued. As a result, Defendant created a network of infected computers, or "bot-net," of up to 6,000 infected computers. Thereafter, Defendant used the Internet Relay Chat network known as "Yotta-byte.net" to control and send commands to the bot-net in order to launch "denial of service" attacks on a variety of computer systems on the Internet, causing such systems to be overloaded with network data and unable to function properly and thereby impairing the operability of such systems. Defendant agrees that the losses caused by his conduct were over $20,000.

2. SENTENCING GUIDELINES
A. Standard of Proof
The Court will find sentencing factors by a preponderance of the evidence.

B. Agreed Guideline Range
There are no sentencing guideline disputes. Except as provided below, defendant's guideline range is 18 - 24 months, as set forth on the attached
worksheets. If the Court finds:

a) that defendant's criminal history category is higher than reflected on the attached worksheets, or

b) that the offense level should be higher because, after pleading guilty, defendant made any false statement to or withheld information from his probation officer; otherwise demonstrated a lack of acceptance of responsibility for his offense; or obstructed justice or committed any crime, if any such finding results in a guideline range higher than 18 - 24, the higher guideline range becomes the agreed range. However, if the Court finds that defendant is a career offender, an armed career criminal, or a repeat and dangerous sex offender as defined under the sentencing guidelines or other federal law, and that finding is not already reflected in the attached worksheets, this paragraph does not authorize a corresponding increase in the agreed range. Defendant expressly reserves the right to contest the adjustment for use of special skill under U.S.S.G.. § 381.3, which is reflected in the attached worksheets. The government will seek the application of this adjustment. Other than this, neither party may take a position concerning the applicable guidelines that is different from position reflected in the attached worksheets, except as necessary to the Court's determination regarding subsections a) and b), above.

3. SENTENCE
The Court will impose a sentence pursuant to 18 U.S.C. §3553, and in doing so must consider the sentencing guideline range.

A. Imprisonment
Pursuant to Federal Rule of Criminal Procedure 11 (c)(1)(C) the sentence of imprisonment in this case may not exceed the top of the sentencing guideline range as determined by Paragraph 2B.

B. Supervised Release
A term of supervised release follows the term of imprisonment. The Court must impose a term of supervised release on Count 1 of no less than 2 years but not more than 3 years . The agreement concerning imprisonment described above in Paragraph 3A does not apply to any term of imprisonment that results from any later revocation of supervised release.

C. Special Assessment
Defendant will pay a special assessment of $100 and must provide the government with a receipt for the payment before sentence is imposed.

D. Fine
The parties agree that the fine will be no more than the maximum amount of $40,000.

E. Restitution
The Court shall order restitution to every identifiable victim of defendant's offense. The loss amount is approximately $21,110. The Court will determine the exact amount of restitution.

4. EACH PARTY'S RIGHT TO WITHDRAW FROM THIS AGREEMENT
The government may withdraw from this agreement if the Court finds the correct guideline range to be different than is determined by Paragraph 2B, Defendant may withdraw from this agreement, and may withdraw his guilty plea, if the Court decides to impose a sentence higher than the maximum allowed by Part 3. This is the only reason for which defendant may withdraw from this agreement. The Court shall advise defendant that if she does not withdraw his guilty plea under this circumstance, the Court may impose a sentence greater than the maximum allowed by Part 3.

5. RIGHT TO APPEAL
Defendant reserves the right to appeal the sentence if the Court finds that the adjustment for use of a special skill applies and the sentence imposed exceeds 18 months. Defendant waives any other right he has to appeal his conviction or sentence if the sentence is within the guideline range determined under Part 2B. If the sentence imposed is within the guideline range determined by Paragraph 2B the government agrees not to appeal the sentence, but retains its right to appeal and sentence below that range.

6. CONSEQUENCES OF WITHDRAWAL OF GUILTY PLEA OR VACATION OF CONVICTION
If defendant is allowed to withdraw his guilty plea or if any conviction entered pursuant to this agreement is vacated, the Court shall, on the government's request, reinstate any charges that were dismissed as part of this agreement. If additional charges are filed against defendant within six months after the date the order vacating defendant's conviction or allowing his to
withdraw his guilty plea becomes final, which charges relate directly or indirectly to the conduct underlying the guilty plea or to any conduct reflected in the attached worksheets, defendant waives his right to challenge the additional charges on the ground that they were not filed in a timely manner, including any claim that they were filed after the limitations period expired.

7. PARTIES TO PLEA AGREEMENT
Unless otherwise indicated, this agreement does not bind any government agency except the United States Attorney's Office for the Eastern District of Michigan.

8. SCOPE OF PLEA AGREEMENT
This agreement, which includes all documents that it explicitly incorporates, is the complete agreement between the parties. It supersedes all other promises, representations, understandings, and agreements between the parties concerning the subject matter of this plea agreement that are made at any time before the guilty plea is entered in court. Thus, no oral or written promises made by the government to defendant or to the attorney for defendant at any time before defendant pleads guilty are binding except to the extent they have been explicitly incorporated into this agreement.

This agreement does not prevent any civil or administrative actions against defendant, or any forfeiture claim against any property, by the United States or any other party.

9. ACCEPTANCE QF AGREEMENT BY DEFENDANT
This plea offer expires unless it has been received, fully signed, in the Office of the United States Attorney by 5:00 P-M. on 6/20/2007. The government reserves the right to modify or revoke this offer at any time before defendant pleads guilty.

STEPHEN J. MURPHY
United States Attorney

SHELDON LIGHT
ASSISTANT UNITED STATES ATTORNEY
CHIEF, ECONOMIC CRIMES UNIT

TERRENCE BERG
ASSISTANT UNITED STATES ATTORNEY

DATE: 6-12-07

BY SIGNING BELOW, DEFENDANT ACKNOWLEDGES THAT SHE HAS READ (OR BEEN READ) THIS ENTIRE DOCUMENT, UNDERSTANDS IT, AND AGREES TO ITS TERMS. SHE ALSO ACKNOWLEDGES THAT SHE IS SATISFIED WITH HIS ATTORNEY'S ADVICE AND REPRESENTATION- DEFENDANT AGREES THAT HE HAS HAD A FULL AND COMPLETE OPPORTUNITY TO CONFER WITH HIS LAWYER, AND HAS HAD ALL OF HIS QUESTIONS ANSWERED BY HIS LAWYER.

JILL LESLIE PRICE
ATTORNEY FOR DEFENDANT

JASON MICHAEL DOWNEY
DEFENDANT

DATE : 6-20-07

Plea Change

Minute Entry for proceedings held before Honorable Nancy G Edmunds : Plea Hearing, Plea Entered by Jason Michael Downey (1) Guilty Count 1 (Court Reporter: Suzanne Jacques) (Defendant Attorney: Jill Price) (AUSA: Terry Berg) (CHem) (Entered: 07/09/2007)

SENTENCING Hearing

Set Deadlines as to Jason Michael Downey: Sentencing set for 10/10/2007 02:00 PM before Honorable Nancy G Edmunds (CHem) (Entered: 07/09/2007)

UPDATE: Sentencing hearing changed to 10/23/2007

Government's Sentencing Memorandum

UNITED STATES DISTRICT COURT
EASTERN DISTRICT OF MICHIGAN
SOUTHERN DIVISION

UNITED STATES OF AMERICA,
Plaintiff,

v.

D-1 JASON MICHAEL DOWNEY,
Defendant.

GOVERNMENT’S SENTENCING MEMORANDUM

The United States, by and through its attorneys, STEPHEN J. MURPHY, United States Attorney, and TERRENCE BERG, Assistant United States Attorney, hereby submit this Sentencing Memorandum.

Defendant Jason Michael Downey pleaded guilty to Computer Intrusion, in violation of Title 18, United States Code, Section 1030(a)(5)(A)(I), on June 20, 2007.

Downey operated a “botnet,”a network of computers that he infected with a virus program giving him control over several thousand computers. Downey used this program to direct the botnet to “attack” several Internet companies, resulting in a loss of approximately $21,000. In order to create a botnet, it is necessary to design a virus program that, when successfully installed in a victim computer, will cause that victim computer to “phone home” to a command and control computer that is being operated by the “bot-herder” or “bot-master.” Once infected, the victim computer will connect to the command and control computer over the Internet and will await instructions. The bot-master will then send commands to the army of infected computers through the command and control computer.

-2-
In this case, Downey operated a bot-net of over 6000 infected computers. This means that the defendant succeeded in causing over 6000 computers to download his bot virus, and that these computers were all compromised and under his control. Downey told the FBI that he obtained the bot virus called “Agobot” and had his friend program the bot virus to cause the infected computers to connect to a computer with the domain name of “yotta-byte.net.” Downey would change the location of his command and control computer by changing the IP address that was assigned to the yotta-byte.net domain name. Downey registered the domain name of yottabyte. net using false information. Downey used his botnet to send floods of data to other networks that he wanted to knock off-line. To do this, Downey had to know the correct commands to give to the infected computers that were logged into his command and control computer. This is called a “distributed denial of service” attack, or “DDOS” attack. This caused significant problems for his victims, but only approximately $21,000 in quantifiable damages to three victims who provided damage information to the FBI: Southo.net, B2NetSolutions, and Ingeneria. In some cases, companies were charged for bandwidth usage caused by the defendant’s flooding their network with data, but these charges were later reversed when it was learned the reason for the increase in bandwidth usage.

Defendant is being held accountable only for the quantifiable losses of three victims. Defendant is not being held accountable for costs that may have been incurred by the thousands of individual computer owners who were infected with his bot virus and who unwittingly participated in his various denial of service attacks.

Defendant has objected to the inclusion of both the 2-point increase in the offense characteristics for the offense involving “sophisticated means” under U.S.S.G. 2B1.1(b)(9) and
-3-
the 2-point role in the offense adjustment for “special skill” under U.S.S.G. 3B1.3. The plea agreement reserves defendant’s right to object to the two points for special skill.

The government believes that the defendant’s conduct warrants inclusion of both the increases for sophisticated means and use of special skill. Even a cursory glance at the nature of the defendant’s conduct reveals that controlling thousands of computers by means of a customized virus is to commit a crime using sophisticate means. As the Probation Department points out, the defendant possesses specialized training in computer networking. At the time of his arrest, Downey told the FBI that he was operating his own Internet Relay Chat (or “IRC”) network or service called Rizon.net, and had 44,000 users on this network. This was not an illegal enterprise, but an Internet business that he owned, involving 42 servers linked in his network, three of which were servers he owned. Downey admitted that, to operate his botnet, he used compromised computers, mostly located in Asia, and that he primarily used his bot network to attack and/or retaliate against competing IRC networks.

It is not impermissible double counting to include points for both sophisticated means and special skill because they relate to two separate characteristics of the crime. The crime itself was complicated, technically complex, and involved a large number of methods and means that could only be called “sophisticated.” At the same time, the defendant possessed specialized knowledge, whether self-taught or otherwise, which gave him the necessary skills to commit this crime successfully. If a businessman paid a computer expert to create and launch a botnet, the businessman might be held accountable for using sophisticated means, but not for having any specialized skills. Here, Jason Downey had both.

With respect to computer skills, the complexity and expertise required to deploy a bot
-4-
virus and operated a bot network clearly do not fall within the kind of computer skills that can “be learned by the general public with minimal difficulty” which the Sixth Circuit has held insufficient to garner a two-point increase for special skill. United States v. Godman, 223 F.3d 320 (6th Cir. 2000)(finding “amateurish . . . common and ordinary computer skills” of desk-top publishing used to manufacture counterfeit not to be special skill). The Guidelines do not prohibit the application of both special skill and sophisticated means when appropriate. See United States v. Olis, 429 F. 3d 540, 549 (5th Cir. 2005)(applying both enhancements to tax accountant in complex fraud scheme).

Wherefore, the government respectfully requests the Court to impose a sentence within the guideline range contained in the plea agreement and the Presentence Report.

Respectfully submitted,

STEPHEN J. MURPHY
UNITED STATES ATTORNEY

s/ Terrence Berg
TERRENCE BERG
First Assistant U.S. Attorney
211 W. Fort St., Suite 2001
Detroit, MI 48226
Phone: (313) 226-9160
DATED: October 22, 2007

Sentence

The Jason Michael Downey sentence has been set as follows:

1. Prison term: The defendant is hereby committed to the custody of the United States Bureau of Prisons to be imprisoned for a total term of: 12 months and one (1) day.

2. Probation term: 3 years, no computer access without prior permission, and 150 hours of community service.

3. Restitution:
SOUTHO.NET $1,300.00
B2Netsolutions $310.00
Ingenieria $19,500.00
TOTAL: $21,110.00

Arrest Warrant

This is the Order and the Arrest Warrant.

Note that the Order mentions that the US Attorney's Office thinks that Soloway is a flight risk.

Indictment

This is the indictment in the case. It's purely fraud (as defined in the CAN-SPAM Act's Criminal Liability section) and identity theft.

=============

Presented to the Court by the foreman of the
Grand jury in open Court, in the presence of
the Grand Jury and FILED In The U.S.
DISTRICT COURT at Seattle, Washington.

UNITED STATES DISTRICT COURT
WESTERN DISTRICT OF WASHINGTON
AT SEATTLE

UNITED STATES OF AMERICA,
Plaintiff,

v.

ROBERT ALAN SOLOWAY, and
NEWPORT INTERNET MARKETING)
CORPORATION,
Defendants.

The Grand Jury charges that:

COUNTS1-10
(Mail Fraud)

A. Background

At all times material herein,

1. ROBERT ALAN SOLOWAY was the sole owner/operator of NEWPORT INTERNET MARKETING CORPORATION, also variously known as "Newport IM Corporation," "NIM," and "NPR."

2. ROBERT ALAN SOLOWAY first incorporated and operated NEWPORT INTERNET MARKETING CORPORATION (hereinafter "NIM"), in California on or about November 24, 1998. In or about March, 2000, ROBERT ALAN SOLOWAY moved to Oregon, where he lived and operated NIM from several locations before relocating to Seattle, Washington on or about November 28, 2003. Since on or about November 28, 2003, ROBERT ALAN SOLOWAY has resided at 1200 Western Avenue, Apartment 17E, Seattle, Washington 98101, and has operated NIM from his residence at that address.

3. This Indictment charges crimes that have been committed over the Internet and using computer technology. Because this Indictment contains terms that may not be familiar to the general public, definitions of those terms are included in paragraphs 4 through 15, below.

4. Internet Protocol Address ("IP address"): An Internet Protocol (IP)address is a unique; 32 bit numeric address used to identify computers on the Internet. An IP address consists of four numbers, each from 0 to 255, separated by periods.Every computer connected to the Internet (or group of computers using the same account to access the Internet) must be assigned an IP address so that Internet traffic sent from and directed to that computer is directed properly from its source and to its destination. IP addresses are typically assigned by Internet service providers ("ISPs"), such as AOL, Earthlink, or Comcast. An ISP might assign a different IP address to a customer each time the customer makes an internet connection (so-called "dynamic IP addressing"), or it might assign an IP address to a customer permanently or for a fixed period of time (so-called "static IP. addressing"). Even if an IP address is dynamically assigned, the computer will retain the originally assigned IP address if the computer never disconnects from the network after the initial IP address assignment or the user does not manually reset it. Regardless of whether it is dynamically assigned or static, the IP address used by a computer attached to the Internet must be unique for the duration of a particular session; that is, from connection to disconnection.

ISPs typically log their customers' connections, including IP addresses. The ISP can thus identify which of their customers was assigned a specific IP address during a particular session.

5. Domain Name: In the context of the Internet, a domain name is the logical, text-based equivalent of the numeric IP address. Because it is "logical," and text-based, a domain name - for example, "www.testname.com" - is more easily remembered by humans than is an exclusively numeric IP address, such as "23.45.35.100."

Like an IP address, a domain name does consist of a sequence of characters, separated by periods. Domain names are organized hierarchically and read from right to left. The right-most component is the "top level domain." This includes the ".com," ".gov," and ".edu" domains, as well as many others. Top level domains are owned and managed by the Internet sanctioning organizations. The second part of the domain name is owned by the registrant who first registered the name with the sanctioning organizations. Domain name owners can then create sub-domains to provide access to resources they own and/or control.

6. Domain Name Service ("DNS"): DNS is the Internet resource for converting the text-based domain names into IP addresses. DNS server computers maintain a database for resolving domain host names and IP addresses, allowing users of computers configured to query the DNS to specify remote computers by the easier-to-remember domain host names (in words), rather than by the difficult-to-remember numerical IP addresses.

DNS also thus makes it possible to "move" a host on the Internet (which- would entail a change in the underlying IP address), while still preserving the availability of the resource based on its text-based domain name. Users would still request the resource by its (text-based) domain name, and DNS would resolve the name to the new IP address.

7. Server: A computer that provides a service - such as e-mail or Web data - to other computers (known as "clients") via a network or the Internet. When a user accesses e-mail or Internet web pages, or accesses files stored on the network itself, those files are pulled electronically from the server where they are stored and are sent to the client's computer via the network or Internet. Notably, server computers can be physically located in any location; for example, it is not uncommon for a network's server to be located hundreds (or even thousands) of miles away from the client computers.

8. Proxy Server: A proxy server is a computer that offers a computer network service to allow clients to make indirect network connections to other computers or network services. An open proxy is a computer that will accept client connections from any IP address and make connections to any Internet resource. A proxy server can be used to camouflage the originating source IP address of an e-mail communication, as the IP address of the originating source of the communication will be replaced in the header by the IP address of the proxy server. Use of multiple proxy servers adds to the difficulty of tracing a communication back to its true original IP address source.

9. Internet Service Provider ("ISP"): A business that provides connectivity to the Internet. ISPs typically provide the ability to send and receive e-mail, browse the World Wide Web and download (copy) files from Internet servers. Internet Service Providers often offer other Internet-related services such as hosting an Internet site on a web server.

10. Website: A location on the Internet at which an individual or organization provides information to others about itself. It may also provide links to other Internet sites with common interests or goals.

11. E-mail header: The beginning of an e-mail message, that contains detailed information (IP address and domain names) of the origin of the e-mail ("From" designation); the destination of the e-mail ("To" designation); as well as date, routing, and possibly subject matter information.

12. Forged e-mail header: A tactic used to hide the source address of an e-mail by placing false information in the "From:" field of the e-mail header.

13. Bounce back e-mail: Errors can occur at multiple places in e-mail delivery. A user may sometimes receive a bounce back message from their own e-mail server, and sometimes from a recipient's e-mail server. For example, imagine that Jack (jack@example.com) sends a message to Jill (fill@example.org) at a different site. Once Jack's e-mail server has accepted the message, it must either pass it along to Jill's e-mail server, or else deposit a bounce message in Jack's mailbox. However, problems arise if Jill's e-mail server receives a message with a forged From: field, e.g., if spammer@example.net sends an unsolicited bulk message claiming to be from jack@example.com. In this case, Jill's mail server would send the bounce message to Jack even though Jack never sent the original message to Jill. This is called a bounce back e-mail or backscatter.

14. Spam: bulk ("multiple[1]") commercial e-mail messages. "Spamming" is the abuse of electronic messaging systems by sending multiple commercial e-mail messages.

[1: "Multiple" is defined within 18 U.S.C. §1037 as "more than 100 electronic mail messages 28 during a 24-hour period, more than 1,000 electronic mail messages during a 30-day period, or more than 10,000 electronic messages during a 1-year period."]

15. "Opt-in e-mail address": the e-mail address of an Internet user who has signaled his/her consent to receive commercial e-mail communications.

B. The Offense

16. Beginning at a date uncertain, but on or before November 28, 2003, and continuing through on or about May, 2007, within the Western District of Washington and elsewhere, ROBERT ALAN SOLOWAY and NIM did knowingly and willfully devise and intend to devise a scheme and artifice to defraud, and for obtaining money and property by means of material false and fraudulent pretenses, representations, and promises; and in executing and attempting to execute this scheme and artifice, did knowingly cause to be sent and delivered matters and things by the United States Postal Service and private or commercial interstate carriers according to the directions thereon.

C. Essence of the Scheme and Artifice to Defraud

17. The essence of the scheme and artifice to defraud was that ROBERT ALAN SOLOWAY and NIM created and published a series of websites on the World Wide Web during the period from November 28, 2003, until May 23, 2007, using a variety of "company" names, and hosted with dozens of different domain names. The content of the websites created and published by ROBERT ALAN SOLOWAY and NIM consisted of commercial advertisements for "broadcast email" services and products (that is, SOLOWAY was offering, for a price, to either send out a high volume of e-mail messages on behalf of a customer, or to sell a software product to the customer that would enable them to send out their own high volume e-mail messages). In those commercial online advertisements, ROBERT ALAN SOLOWAY and NIM made numerous material false and fraudulent representations regarding the "broadcast email" services and products that they offered for sale. They also made material false and fraudulent representations regarding the availability of technical assistance and the payment of "full 100%" refunds to dissatisfied customers.

ROBERT ALAN SOLOWAY and NIM would send the "broadcast email" (software) product to paying customers via the United States Postal Service or a private or commercial interstate carrier. The software product that was sent by ROBERT ALAN SOLOWAY and NIM did not perform as advertised, however, and often did not work at all. ROBERT ALAN SOLOWAY and NIM refused, however, to provide the promised assistance, or to provide refunds to dissatisfied customers, and instead threatened those who requested a refund with additional financial charges and referral to a collection agency.

The "broadcast email" services advertised and sold by ROBERT ALAN SOLOWAY and NIM also.did not perform as advertised. The "broadcast email" that ROBERT ALAN SOLOWAY and NIM did transmit on behalf of paying customers constituted "spam"; i.e., bulk and high volume commercial e-mail messages that contained false and forged headers and that was relayed using a proxy computer network. Customers who had purchased the "service," and who complained thereafter or asked for refunds were threatened by ROBERT ALAN SOLOWAY and NIM with additional financial charges and referral to a collection agency.

D. The Scheme and Artifice to Defraud

18. It was part of the scheme and artifice to defraud that ROBERT ALAN SOLOWAY and NIM advertised "broadcast email" services and products for sale on a series of websites (the "NIM websites") that ROBERT ALAN SOLOWAY created and published, on the World Wide Web, during the period from November 28, 2003, through and until May, 2007.

19. It was further part of the scheme and artifice to defraud that the "service" advertised for sale by ROBERT ALAN SOLOWAY and NMM was the transmission over the Internet of a high volume of e-mail messages containing whatever advertisement the customer supplied. Different "levels" ("bronze,""silver, " "gold," and "platinum") of this service were available; with each successively "higher" level promising a higher number of e-mailed messages, at a successively higher price. For example, a customer purchasing the "bronze" level of service could have his "email ad [sent] to 2,000,000 emails over 15 days" for $195.00; and a customer purchasing the service at the "platinum" level could have has "email ad [sent] to 20,000,000 emails over 15 days" for a cost of $495.00.

20. It was further part of the scheme and artifice to defraud that the "product" that was advertised for sale was a "broadcast email package" containing a handbook and software that would provide "everything [the customer would] need to send lifetime broadcast email campaigns to millions of people for free," along with e-mail addresses ranging from 5,000,000 ("bronze level" for $195.00), to up to 80,000,000 e-mail addresses ("platinum level" for $495.00).

21. It was further part of the scheme and artifice to defraud that ROBERT ALAN SOLOWAY and NIM made numerous representations on the NIM websites that were designed and intended to encourage readers to purchase the "broadcast email services" and/or the "broadcast email product" that were there advertised for sale, including the ability of NIM to reach tens of millions of potential customers with "broadcast email"; the relatively low cost of "broadcast email" in relation to its effectiveness as a marketing and sales tool; and the significant increases in sales that could be expected by those who purchased the NIM "broadcast email services" or "broadcast email product."

22. It was further part of the scheme and artifice to defraud that ROBERT ALAN SOLOWAY and NIM made numerous material- false and fraudulent representations in their online NIM websites regarding the "services" and "product" that were there offered for sale, including the following:

a) that NIM provided and used a data base of 157,800,000 "Permission-Based Opt-In Emails" that could be "geographically" and "interest" "targeted";
b) that the software product "automatically creates 10 super-fast mail servers on your computer";
c) that the software product included the ability to send out "unlimited, personalized and targeted broadcast email advertisements" to over 500,000,000 people on the Internet at a rate of up to 1,000,000 daily, automatically and for free;
d) that the software product would send e-mail for a "lifetime" for "free";
e) that NIM's "Customer and Technical Support Department" offered assistance "24/7," "with everything you need";
f) that if a purchaser of the software product did "not receive at least a 400 % increase in sales after using [the] broadcast email package for 90 days," the customer could "simply return it ... for a full 100% refund, no questions asked"; and
g) that if a purchaser of the "broadcast service" did not "receive at least a 500% increase in sales within 7 days of the start of [the] ad ...[NIM would] resend your ad to a new audience of the same amount of emails ordered, 100% free, no questions asked."

In truth and in fact, and as ROBERT ALAN SOLOWAY and NIM then well knew, the product and services that he sold did not utilize "permission based opt-in email addresses" and did not have the other capabilities that were falsely advertised; NIM and ROBERT ALAN SOLOWAY did not provide customers with technical or other support, but instead typically evaded or simply denied customer's requests for support; and ROBERT ALAN SOLOWAY and NIM regularly evaded and denied customer's requests for refunds, and often threatened customers who were requesting them with the prospect of additional charges, referral to collections agencies, and "ruined credit" if they pursued a refund or charge back from the processing credit card company.

23. It was further part of the scheme and artifice to defraud that ROBERT ALAN SOLOWAY and NIM hosted the series of NIM websites that advertised their "broadcast email" product and services on a series of at least 50 successive domain names, that included broadcastemailcorporation.com, optinemail.com, theemailbroadcastingcompany.com, broadcastemailinc.com, broadcastemailworld.com, emailbroadcstingcompany.com, and permissionemailcorp.com.

24. It was further part of the scheme and artifice to defraud that ROBERT ALAN SOLOWAY and NIM used a credit card number that belonged to C.W., without C.W.'s permission or consent, to register and pay for the domain name colidsilver.com, which was one of the domain names used to host the NIM website.

25. It was further part of the scheme and artifice to defraud that, beginning no later than 2006, ROBERT ALAN SOLOWAY and NIM registered the domain names used for hosting the NIM websites through Chinese ISPs, which would not publically reveal that ROBERT ALAN SOLOWAY and NIM were the true registrants of these domain names.

26. It was further part of the scheme and artifice to defraud that ROBERT ALAN SOLOWAY advertised the NIM websites by generating and transmitting tens of millions of spam e-mail messages over the Internet, that contained an advertisement for, "broadcast email services," and also a hyper-link to the domain name that was then currently hosting the NIM website.

27. It was further part of the scheme and artifice to defraud that the tens of millions of spam e-mail messages generated and transmitted by ROBERT ALAN SOLOWAY and NIM to advertise and link to the NIM websites contained false and fraudulent headers. The headers were false and fraudulent in one of three different ways: 1) the "from" field in the header would be blank, 2) the "from" field in the header would contain a false and non-existant domain name or e-mail address, or 3) the "from" field in the header would contain a forged domain name or e-mail address that belonged to another real person or organization (which address would typically also be contained in the "to" field).

28. Victims whose unique e-mail addresses or domain names had been stolen by ROBERT ALAN SOLOWAY and NIM and been forged into the "from" header suffered a number of adverse consequences as a result. These include the following:

Because these victims could sometimes be specifically identified based on their unique e-mail addresses or domain names, they were sometimes mistakenly blamed for the spamming activity of ROBERT ALAN SOLOWAY and NIM. In some instances, this resulted in "black-listing" by ISPs, due to the victims' apparent (but not actual) role in spamming activity. For victims that were legitimate online businesses, this could mean the loss of significant sales, or even a collapse of their business.

In other instances, the servers of the victims whose e-mail addresses or domain names had been forged into the headers would receive large volumes of worthless communications that consisted of bounce back e-mails from spam that ROBERT ALAN SOLOWAY and NIM had transmitted to invalid e-mail addresses. The spam would consume valuable storage space on their servers, and cost both time and money to eliminate.

The forging technique of using legitimate e-mail addresses and domain names of other real people and organizations in the "from," as well as the "to" header also significantly diminished the ability of the victim recipients' to stop the spam with "spam filters. " Spam filters are most typically configured to filter in-coming e-mails based on the presence of certain e-mail addresses or domain names in the header, or the presence of certain originating IP addresses. A victim could not "filter" based on the use of their own legitimate e-mail address and/or domain name in the "from" field in the header, because that would also block all legitimate in-coming traffic with the same address in the "to" field of the header. And because SOLOWAY and NIM used proxy computers to relay the spam, it was also difficult for victims to filter the spam based on the originating IP address. By combining the use of forged "from" headers and proxy relays, ROBERT ALAN SOLOWAY and NIM made it extremely difficult, if not impossible, for victims to block the incoming NIM spam. And because ROBERT ALAN SOLOWAY and NIM would not honor recipients' requests to be removed from their "distribution email" (spamming) address lists, this often meant that victims ultimately had to close their established e-mail accounts or cancel their established domain names in order to effectively stop the spam that was relentlessly transmitted to them by ROBERT ALAN SOLOWAY and NIM.

29. It was further part of the scheme and artifice to defraud that ROBERT ALAN SOLOWAY and NIM used a number of different servers, with different IP addresses, to transmit millions of spam e-mail messages to advertise the NIM websites. In order to facilitate the transmission of spam from these servers, ROBERT ALAN SOLOWAY and NIM installed the "Dark Mailer" software program on them. The Dark Mailer program was configured to send e-mail messages with forged headers using a pre-designed template, and was also configured to use a list of over 2,000 proxy computers to relay the spam e-mails to the ultimate recipients.

30. It was further part of the scheme and artifice to defraud that the proxy computers used for the relay of the spammed e-mail advertising messages further concealed the IP address of the computer that was the true originating source of the spammed e-mail messages.

31. It was further part of the scheme and artifice to defraud that the servers used by ROBERT ALAN SOLOWAY and NIM included servers that were rented from hosting providers NoBull and Hopone, both of which companies acted to terminate ROBERT ALAN SOLOWAY and NIM's use of the servers for violations of their terms of use agreements because ROBERT ALAN SOLOWAY and NIM used the servers to distribute spam.

32. It was further part of the scheme and artifice to defraud that the "broadcast email services" sold by ROBERT ALAN SOLOWAY and NIM actually consisted of spam (i.e., bulk commercial) e-mail messages that included forged headers, and that were relayed or retransmitted by a network of proxy computers.

33. It was further part of the scheme and artifice to defraud that, if they worked at all, the "broadcast email products" sold by ROBERT ALAN SOLOWAY and NIM also resulted in the creation and transmission of spam (i.e., bulk commercial e-mail) that included forged headers, and that were relayed or retransmitted by a network of proxy computers.

34. It was further part of the scheme and artifice to defraud that ROBERT ALAN SOLOWAY and NIM represented falsely on the NIM websites that "[w]e Offer Easy Hassle-Free Email Removal From Our [sic] All of Our Emailing Lists Upon Request Below," whereas in truth and in fact, and as ROBERT ALAN SOLOWAY and NIM well knew, they routinely failed and refused to remove individuals who made such a request from their e-mail lists, even when such individuals made repeated requests for removal from the lists.

35. It was further part of the scheme and artifice to defraud that ROBERT ALAN SOLOWAY and NIM routinely provided a false and fraudulent address of "1001 4th Ave. - #1259, Seattle, WA 98111" as the "corporate address" that was published on the NIM websites.

E. Execution of the Scheme and Artifice to Defraud

36. On or about the below-listed dates, within the Western District of Washington and elsewhere, for the purpose of executing and attempting to execute this scheme and artifice to defraud, ROBERT ALAN SOLOWAY and NIM knowingly caused the following items to be placed in an authorized depository for mail matter to be sent or delivered by a private or commercial interstate carrier, according to the directions thereon, each such mailing constituting a representative example of the use of the mails in furtherance of the scheme and artifice to defraud, and' each mailing constituting a separate count of this Indictment.

Count	Approx. Date of Mailing	Item Mailed and Nature of Mailing	Method
1	17/16/04	NIM software product (CD) sent to E.O. in Floresville, TX	Fed Ex
2	6/02/05	NIM software product (CD) sent to R.B. in Los Angeles, CA	Fed Ex
3	8/11/05	NIM software product (CD) sent to C.D. in Upper Marlboro, MD	Fed Ex
4	8/22/05	NIM software product (CD) sent to D.G. in Lakeville, MN	Fed Ex
5	9/01/05	NIM software product (CD) sent to A.H. in Cedarburg, WI	Fed Ex
6	9/15/05	NIM software product (CD) sent to J J-G. in Slingerlands, NY	Fed Ex
7	1/26/06	NIM software product (CD) sent to B.A. in Bremerton, WA	Fed Ex
8	6/02/06	NIM software product (CD) sent to M.F. in Cerritos, CA	Fed Ex
9	1/18/07	NIM software product (CD) sent to J.H. in Dallas, TX	Fed Ex
10	3/30/07	NIM software product (CD) sent to K.A. in Davenport, IA	Fed Ex

All in violation of Title 18, United States Code, Section 1341.

COUNTS 11-15
(Wire Fraud)

1. The Grand Jury realleges and incorporates. as if fully set forth herein Paragraphs I through 35 of Count 1 of this Indictment as constituting the scheme to defraud.

2. Beginning at a date uncertain, but on or before November 28, 2003, and continuing through on or about May, 2007, within the Western District of Washington and elsewhere, ROBERT ALAN SOLOWAY and NIM did knowingly and willfully devise and execute and attempt to execute a scheme and artifice to defraud, and to obtain money and property by means of material false and fraudulent pretenses, representations, and promises as more particularly set forth in Count 1 of this Indictment; and in executing or attempting to execute this scheme and artifice, did knowingly cause to be transmitted in interstate commerce by means of wire communication, certain signs, signals and sounds.

3. On or about the below-listed dates, within the Western District of Washington and elsewhere, for the purpose of executing and attempting to execute this scheme and artifice to defraud, ROBERT ALAN SOLOWAY and NIM did knowingly cause to be transmitted in interstate commerce by means of wire communication, certain signs, signals, and sounds, that is, e-mail or other wire communications relating to the advertisement and sale of "broadcast email" services and products, from Seattle, to the recipient identified below, each of which constituted a separate count of this Indictment:

Count	Approx. Date	Nature of Interstate Wire Communication	Recipient of Wire Communication
11	5/17/04	Spammed e-mail NIM advertisement and/or website containing false and fraudulent misrepresentations re: product sold, tech. assistance, and guarantee	M.H., Howard, OH
12	10/10/04	Spammed e-mail NIM advertisement and/or website containing false and fraudulent misrepresentations re: product sold, tech. assistance, and guarantee	R.S., Mercer, PA
13	11/02/05	Spammed e-mail NIM advertisement and/or website containing false and fraudulent misrepresentations re: product sold, tech. assistance, and guarantee	D.G., Valencia, CA
14	11/10/05	Spammed e-mail NIM advertisement and/or website containing false and fraudulent misrepresentations re: product sold, tech. assistance, and guarantee	S.A., Kendall Park, N.J.
15	12/18/06	Spammed e-mail NIM advertisement and/or website containing false and fraudulent misrepresentations re: product sold, tech. assistance, and guarantee	H.O., Bradenton, FL

All in violation of Title 18, United States Code, Section 1343.

COUNT 16
(Fraud in Connection with Electronic Mail)

1. The Grand Jury realleges and incorporates as if fully set forth herein Paragraphs 1 through 35 of Count 1 of this Indictment.

2. From on or about January 1, 2004, to on or about May, 2007, within the Western District of Washington and elsewhere, ROBERT ALAN SOLOWAY and NIM knowingly used a protected computer, in or affecting interstate and foreign commerce, to relay or retransmit multiple commercial electronic mail messages with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages, and did so in furtherance of a felony under the laws of the United States, to wit, Mail Fraud and Wire Fraud, in violation of Title 18, United States Code, Sections 1341 and 1343.

All in violation of Title 18, United States Code, Sections 1037(a)(2) and (b)(1)(A).

COUNT 17
(Fraud in Connection with Electronic Mail)

1. The Grand Jury realleges and incorporates as if fully set forth herein Paragraphs I through 35 of Count 1 of this Indictment.

2. From on or about January 1, 2004, to on or about May, 2007, within the Western District of Washington and elsewhere, ROBERT ALAN SOLOWAY and NIM, in or affecting interstate and foreign commerce, knowingly and materially falsified header information in multiple commercial electronic mail messages, and intentionally initiated the transmission of such messages, all in furtherance of a felony under the laws of the United States, to wit, Mail Fraud and Wire Fraud, in violation of Title 18, United States Code, Sections 1341 and 1343.

All in violation of Title 18, United States Code, Sections 1037(a)(3) and (b)(1)(A).

COUNT 18
(Aggravated Identity Theft)

1. The Grand Jury realleges and incorporates as if fully set forth herein Paragraphs 1 through 35 of Count 1 of this Indictment.

2. On or about September 19, 2006 , within the Western District of Washington and elsewhere, ROBERT ALAN SOLOWAY and NIM knowingly transferred, possessed and used, without lawful authority, a means of identification of another person, to wit, the name and credit card number of C. W. , which ROBERT ALAN SOLOWAY and NIM used to register and pay for the domain name, "colidsilver.com", which domain was used to host the NIM website, and did so during and in relation to a felony listed in Title 18, United States Code, Section 1028A(c), to wit, Wire Fraud, in violation of Title 18, United States Code, Section 1343, and Fraud in Connection with Electronic Mail, in violation of Title 18, United States Code, Sections 1037(a)(3) and (b)(1)(A).

All in violation of Title 18, United States Code, Section 1028A(a)(1).

COUNT 19
(Aggravated Identity Theft)

1. The Grand Jury realleges and incorporates as if fully set forth herein Paragraphs 1 through 35 of Count 1 of this Indictment.

2. On or about April 1, 2006, within the Western District of Washington and elsewhere, ROBERT ALAN SOLOWAY and NIM knowingly transferred, possessed and used, without lawful authority, a means of identification of another person, to wit, the domain name, "****ilot.net", registered to and owned by A.P., of St. Petersberg, FL, which ROBERT ALAN SOLOWAY and NIM used in a forged e-mail header that was contained in commercial-electronic mail messages transmitted by ROBERT ALAN SOLOWAY and NIM during and in relation to a felony listed in Title 18, United States Code, Section 1028A(c), to wit, Wire Fraud, in violation of Title 18, United States Code, Section 1343, and Fraud in Connection with Electronic Mail, in violation of Title 18, United States Code, Sections 1037(a)(3) and (b)(1)(A).

All in violation of Title 18, United States Code, Section 1028A(a)(1).

COUNT 20
(Aggravated Identity Theft)

1. The Grand Jury realleges and incorporates as if fully set forth herein Paragraphs 1 through 35 of Count 1 of this Indictment.

2. On or about February 1, 2006, within the Western District of Washington and elsewhere, ROBERT ALAN SOLOWAY and NIM knowingly transferred, possessed and used, without lawful authority, a means of identification of another person, to wit, the domain name, "*****esuk.com", registered to and owned by L.M., of the United Kingdom, which ROBERT ALAN SOLOWAY and NIM used in a forged e-mail header that was contained in commercial electronic mail messages transmitted by ROBERT ALAN SOLOWAY and NIM during and in relation to a felony listed in Title 18, United States Code, Section 1028A(c), to wit, Wire Fraud, in violation of Title 18, United States Code, Section 1343, and Fraud in Connection with Electronic Mail, in violation of Title 18, United States Code, Sections 1037(a)(3) and (b)(1)(A).

All in violation of Title 18, United States Code, Section 1028A(a)(1).

COUNT 21
(Aggravated Identity Theft)

1. The Grand Jury realleges and incorporates as if fully set forth herein Paragraphs 1 through 35 of Count 1 of this Indictment.

2. On or about October 1, 2006, within the Western District of Washington and elsewhere, ROBERT ALAN SOLOWAY and NIM knowingly transferred, possessed and used, without lawful authority, a means of identification of another person, to wit, the e-mail address, "sales@dm****.com", registerd to and owned by D.M., of Valencia, PA, which ROBERT ALAN SOLOWAY and NIM used in a forged e-mail header that was contained in commercial electronic mail messages transmitted by ROBERT ALAN SOLOWAY and NIM during and in relation to a felony listed in Title 18, United States Code, Section 1028A(c), to wit, Wire Fraud, in violation of Title 18, United States Code, Section 1343, and Fraud in Connection with Electronic Mail, in violation of Title 18, United States Code, Sections 1037(a)(3) and (b)(1)(A).

All in violation of Title 18, United States Code, Section 1028A(a)(1).

COUNT 22
(Aggravated Identity Theft)
1. The Grand Jury realleges and incorporates as if fully set forth herein Paragraphs 1 through 35 of Count 1 of this Indictment.

2. On or about February 1, 2007, within the Western District of Washington and elsewhere, ROBERT ALAN SOLOWAY and NIM knowingly transferred, possessed and used, without lawful authority, a means of identification of another person, to wit, the e-mail address, "k.t******@sdscsocialservice.org," which is the individually identifiable e-mail address of K.T. at her workplace in Santa Barbara, CA, which ROBERT ALAN SOLOWAY and NIM used in a forged e-mail header that was contained in commercial electronic mail messages transmitted by ROBERT ALAN SOLOWAY and NIM during and in relation to a felony listed in Title 18, United States Code, Section 1028A(c), to wit, Wire Fraud, in violation of Title 18, United States Code, Section 1343, and Fraud in Connection with Electronic Mail, in violation of Title 18, United States Code, Sections 1037(a)(3) and (b)(1)(A).

All in violation of Title 18, United States Code, Section 1028A(a)(1).

COUNTS 23 - 35
(Money Laundering)

1. The Grand Jury realleges and incorporates as if fully set forth herein the allegations set forth in Paragraphs 1 through 35 of Count 1.

2. On or about the dates set forth below, within the Western District of Washington, ROBERT ALAN SOLOWAY and NIM did knowingly conduct or attempt to conduct the following financial transactions, affecting interstate and foreign commerce, which transactions involved the proceeds of specified, unlawful activities, namely, mail fraud, a violation of Title 18, United States Code, Section 1341, and wire fraud, a violation of Title 18, United States Code, Section 1343, with the intent to promote the carrying on of the specified unlawful activities, and while conducting and attempting to conduct such financial transactions, knowing that the property involved in the financial transactions set forth below represented the proceeds of some form of unlawful activity:

Count	Approx. Date of Transaction	Description of Transaction	Amount
23	08/29/2004	American Express '1005 payment to Direct Debit Collections for collections services	75.80
24	02/14/2005	Visa '5127 payment to Cologuys for server hosting services	150.00
25	12/17/2005	Visa '5127 payment to Cologuys for server hosting services	150.00
26	01/22/2006	Visa '5127 payment to Millennium Digital Media for Internet Service Provide services	198.25
27	02/22/2006	Visa '5127 payment to Millennium Digital Media for Internet Service Provider services	198.25
28	6/2/2005	American Express '1005 payment to FedEx for shipping services to R.B. in Los Angeles, CA	15.30
29	08/11/2005	American Express '1005 payment to FedEx for shipping services to C.D. in upper Marlboro, MD	16.40
30	05/08/2006	MasterCard '2314 payment to Harbor Steps through Pa Rent.com for rent	1,814.95
31	06/06/2006	MasterCard '2314 payment to Harbor Steps through Pa Rent.com for rent	1,864.95
32	01/26/2006	American Express '1005 payment to FedEx for shipping services to Names by Lourdes, Bremerton, WA 98311	12.45
33	10/29/2006	Visa '5127 payment to NoBull Server for server hosting services	345.00
34	12/01/2006	Visa '5127 payment to NoBull Server for server hosting services	345.00
35	01/09/2007	American Express '1005 payment to AIT for server hosting services	149.88

All in violation of Title 18, United States Code, Sections 1956(a)(1)(A)(i).

FORFEITURE ALLEGATIONS
1. The Grand Jury realleges and incorporates as if fully set forth herein Paragraphs 1 through 35 of Count 1, Counts 2 - 17, and Counts 23 - 35.

2. Upon conviction of one or more of the offenses charged in Counts 1 through 17 of this Indictment, ROBERT ALAN SOLOWAY and NIM shall forfeit to the United States pursuant to Title 18, United States Code, Section 981(a)(1)(C) and Title 28, United States Code, Section 2461(c) any property, real or personal, constituting or derived from proceeds traceable to said violations, including but not limited to the following:

a) Money Judgment
A sum of money equal to $772,998.54 United States currency, representing the amount of proceeds obtained as a result of the offenses charged in the Indictment for which the defendants are jointly and severally liable.

b) Contents of Bank Accounts
Currency or other monetary instruments credited to or contained in the following accounts:

1) West America account; owner: Newport Internet Marketing, account number ****3285;

2) Wells Fargo account; owner: Robert A. Soloway, account number: ******3243;

3) Epassporte.com account; owner: Robert A. Soloway, account number: ***3939; and

4) Epassporte.com account; owner: Robert A. Soloway, account number: ***6723;

3. If any of the above described forfeitable property, as a result of any act or omission of the defendants:
a) cannot be located upon the exercise of due diligence;
b) has been transferred or sold to, or deposited with, a third party;
c) has been placed beyond the jurisdiction of the court;
d) has been substantially diminished in-value; or
e) has been commingled with other property which cannot be divided without difficulty;

it is the intent of the United States, pursuant to Title 21, United States Code, Section 853(p) as incorporated by Title 18, United States Code, Section 982(b), to seek forfeiture of any other property of said defendants up to the value of the forfeitable property described above or to seek the return of the property to the jurisdiction of the Court so that the property may be seized and forfeited.

All pursuant to the provisions of Title 18, United States Code, Section 981(a)(1)(C), Title 28, United States Code, Section 2461(c), and Title 21, United States Code, Section 853.

4. Pursuant to Title 18, United States Code, Section 982(a)(1), upon conviction of one or more of the money laundering offenses set forth in Counts 23 - 35 of this Indictment, ROBERT ALAN SOLOWAY and NIM shall forfeit to the United States any and all property, real or personal, involved in each offense in violation of Title 18, United States Code, Section 1956 for which the defendants are convicted, and all property traceable to such property, including all money or other property that was the subject of each transaction, transportation, transmission or transfer in violation of Section 1956; all commissions, fees and other property constituting proceeds obtained directly as a result of these violations; and all property used in any manner or part to commit or to facilitate the commission of those violations, including, but not limited to, the contents of:

1) West America account; owner: Newport Internet Marketing, account number ****3285;

2) Wells Fargo account; owner: Robert A. Soloway, account number: ******3243;

3) Epassporte.com account; owner: Robert A. Soloway, account number: ***3939; and

4) Epassporte.com account; owner: Robert A. Soloway; account number: ***6723.

If any of the above-described forfeitable property, as a result of any act or omission of the defendants:

a) cannot be located upon the exercise of due diligence;
b) has been transferred or sold to, or deposited with, a third party;
c) has been placed beyond the jurisdiction of the court;
d) has been substantially diminished in value; or
e) has been commingled with other property which cannot be divided without difficulty;

it is the intent of the United States, pursuant to Title 21, United States Code, Section 853(p) as incorporated by Title 18, United States Code, Section 982(b), to seek forfeiture of any other property of the defendants up to the value of the forfeitable property described above.

All pursuant to the provisions of Title 18, United States Code, Section 982(a)(1), and Title 21, United States Code, Section 853.

A TRUE BILL
DATED: 5/23/2007
Signature of Foreperson redacted
pursuant to the policy of the Judicial
Conference
FOREPERSON

JEFFREY C. SULLIVAN
United States Attorney

CARL BLACKSTONE
Assistant United States Attorney

RICHARD COHEN
Assistant United States Attorney

KATHRYN A. WARMA
Assistant United States Attorney

Search Warrants

These are the search warrants in this case.

There were two. One for Soloway's apartment, the other was for a public storage unit.

However, on June 21, 2007, another search warrant application was filed for six server hard drives held by GoDaddy.