Indictment

UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF ILLINOIS
EASTERN DIVISION

UNITED STATES OF AMERICA

v.

JAMES C. BREWER

COUNT ONE

The SPECIAL AUGUST 2006-1 GRAND JURY charges:
1. At times material to the indictment:

a. The Cook County Bureau of Health Services ("CCBHS") was a division of the Cook County government that administered and operated health care centers throughout the City of Chicago and surrounding suburbs, including the Ambulatory and Common ity Ilealth Network of Cook County, Cermak Health Services of Cook County, John H. Stroger, Jr. Hospital of Cook County, Oak Forest Hospital of Cook County, and Provident Hospital of Cook County. Computers located at facilities operated by the CCBHS were connected to one another as part of a computer network.

b. Personnel at CCBHS facilities, including medical personnel, relied upon computers to perform various functions, such as managing and accessing patient care records and filling prescriptions for inpatient hospital. residents. Personnel at CCBHS facilities relied directly upon computers in the provision of medical services and testing, such as fetal monitoring, the operation of scanning and imaging equipment, and laboratory testing.

c. Defendant JAMES C. BREWER was a resident of Arlington, Texas.

d. A "bot" was a computer program that could be implanted on a computer without authorization to perform various functions at the direction of the person who controlled the "bot." The controller of the "bot" accomplished the installation of the "bot" by using a computer or computers to electronically scan or search local networks or the Internet for computers with particular vulnerabilities or security weaknesses, such as the absence of a firewall, and using computer code written to take advantage of those vulnerabilities or weaknesses to compromise or "hack" into the computer. Once the computer was compromised, the "bot" code was installed on the computer and caused the computer to perform certain functions at the direction of the person controlling the hot, such as allowing the controller of the "bot" to access the computer.

e. A "botnet" was a network of computers infected with "bots." The "bots" were configured to automatically establish Internet connections with Internet Relay Chat ("IRC") servers and to receive commands in the form of topics posted in specific "chatrooms" or "channels" on the IRC servers. The. "botnet" controller was then able to control the "botnet" by connecting to the appropriate "chat-room" or "channel" on the IRC servers and issuing commands to the bots in the form of topics. An illicit market existed for the purchase and sale of "botnets."

f. One command commonly issued to a computer infected with a "bot" was for the computer to scan local networks or the Internet for other computers to infect with the "bot," thereby increasing the size and power of the "botnet." The process of scanning for vulnerable computers to add to the "botnet" could generate a large amount of network traffic, particularly within local networks. The increase in network traffic could be sufficient to interrupt and disable normal network communications and functions, thereby rendering network computers unable to perform their intended functions, and requiring significant repairs in order to resume those normal functions.

2. Prior to in or about October 2006, defendant JAMES C. BREWER obtained and designed malicious software or "bots" to infect computers belonging to others without the knowledge or authorization of the owners of the computers for the purpose of establishing a network of infected computers or "botnet."

3. Defendant JAMES C. BREWER programmed the malicious software or "bots" to cause the infected computers to establish Internet connections to IRC channels located on computer servers associated with, among others, the Internet domain names "http.an1malmating.com" and "http.fire-servers.net." Defendant controlled the IRC "chatrooms" or "channels" located on these computer servers and used them to issue commands to the infected computers that connected to the IRC "channels."

4. The commands issued to infected computers included commands to continuously scan local networks and the Internet for other computers that were vulnerable to infection and, upon the identification of such computers, to infect the computers with the malicious software or "bots" designed and controlled by defendant.

5. The malicious software or "hots" designed and controlled by defendant JAMES C. BREWER infected over 10,000 computers across the world, including computers located at CCBHS facilities such as the Nuclear Medicine Department and Oncology-Radiation Therapy Department at John H. Stroger Hospital, and computers in the Pharmacy Department at Oak Forest Hospital. The "hots" caused the infected computers to, among other things, repeatedly freeze or reboot without notice, thereby causing significant delays in the provision of medical services and access to data by CCBHS personnel. The computers at CCBHS' facilities continued to experience problems resulting from the "bots" through in or about December 2006, and in excess of 1,000 hours were spent by CCBHS personnel and private vendors attempting to remedy the problems.

6. In or about October 2006, at Chicago, in the Northern District of Illinois, and elsewhere,

JAMES C. BREWER,

defendant herein, knowingly caused the transmission of a program, information, code, and command, namely, malicious "bot" source code, and as a result of that conduct intentionally caused damage, without authorization, to computers used in interstate commerce and communication, namely, computers belonging to CCBHS, which conduct caused the modification and impairment, and potential modification and impairment, of the medical examination, diagnosis, treatment, or care of one or more individuals;

In violation to Title 18, United States Code, Section 1030(a)(5)(A)(i), (B)(.ii).

COUNT TWO

The SPECIAL AUGUST 2006-1 Grand Jury further charges:

1. The allegations of paragraphs 1 through 5 of Count One of this indictment are realleged and incorporated as though fully set forth here.

2. In or about October 2006, at Chicago, in the Northern District of Illinois, and elsewhere,

JAMES C. BREWER,

defendant herein, knowingly caused the transmission of a program, information, code, and command, namely, malicious "bot" source code, and as a result of that conduct intentionally caused damage, without authorization, to computers used in interstate commerce and communication, namely, computers belonging to CCBHS, which conduct caused an aggregate loss of at least $5,000 to CCBHS during a one-year period;

In violation to Title 18, United States Code, Section 1030(a)(5)(A)(i), (B)(i).

A TRUE BILL:

_______________________________
FOREPERSON

_______________________________
UNITED STATES ATTORNEY

Attachment	Date	Size
Indictment.pdf	06/28/09 1:05 pm	111.82 KB

ARRAIGNMENT

MINUTE entry before Judge Ruben Castillo as to defendant James C. Brewer :
Arraignment reset to 7/12/2007 at 9:45 AM. Arraignment set for 6/20/2007 is vacated.
Mailed notice

Rule 16.1 Conference

Rule 16.1 Conference to be held on or before 7/19/2007.

This will be a settlement conference intended to conclude the case rapidly. This is just a guess and only a guess, but the short date given here is likely an indicator that a plea is being hammered out and is almost done.

Pretrial Motions

Pretrial motions should be filed on or before 7/26/07 reset to 8/17/07.

Status Hearing

Status hearing set for 7/31/2007 at 9:45AM reset to 8/23/2007 at 9:45AM.

Exclusion of Days from Calculations

MINUTE entry before Judge Ruben Castillo as to defendant James C. Brewer :From 7/12/2007 until 7/31/2007 is excluded pursuant to 18 U.S.C. 3161(h)(8)(A)(B) and 18 U.S.C. 3161(h)(1)(F).

These two statutes set a time period that the Defendant must see trial commence (generally 70 days). This minute entry merely says that the period between July 12 and July 31 cannot be included in those 70 days.

Brady Motion

This is pretty routine paperwork. They're looking for anything that could help their case, and the government is obligated to give it to them. It's called "Brady Material" after Brady v. Maryland, 373 U.S. 83 (l963), the case that established this obligation on the government's part.

======================================
IN THE
UNITED STATES DISTRICT COURT
FOR THE NORTHERN DISTRICT OF ILLINOIS
EASTERN DIVISION

UNITED STATES OF AMERICA

v.

JAMES C. BREWER

MOTION FOR IMMEDIATE DISCLOSURE OF FAVORABLE EVIDENCE

Defendant JAMES C. BREWER, by the Federal Defender Program and its attorney, ROBERT D. SEEDER, pursuant to Rule l6(a)(1) of the Federal Rules of Criminal Procedure and the principles enunciated in Brady v. Maryland, 373 U.S. 83 (l963); Giglio v. United States, 405 U.S. 150 (l976), moves the Court to require the government to disclose immediately any previously undisclosed evidence or information in its possession, custody, or control, the existence of which is known, or by the exercise of due diligence may become known, which is favorable to the defendant and is material to the issues of his guilt, innocence, or sentencing. This request includes evidence which bears upon the credibility of a government witness, or which consists of documents or tangible objects which are material to the preparation of the defense. The information requested includes, but is not limited to, the following:

1. Any documentary evidence or information which is favorable to the defendant’s presentation of a defense. In particular, Mr. Brewer requests the following information:

• A history of any previous “bot” computer programs discovered on computers operated by the Cook County Bureau of Health Services (CCBHS).
-3-
• A history of computer problems or “bugs” at the CCBHS computer network prior to October, 2006 that caused computers to repeatedly freeze or reboot without notice.
• Records kept by information technology (IT) employees or contractors of CCBHS. reflecting installation of new computer programs in or about October, 2006.
• Any “bug lists” kept by IT personnel of CCBHS.
• Installation logs kept by IT personnel of CCBHS.
• Any records of modifications made to the CCBHS computer network in or about October, 2006.

2. Any prior statements of a witness for the government which are inconsistent with his or her expected trial testimony.

3. Any grants of immunity, favors, or promises of any kind made to a witness in connection with obtaining his or her testimony, whether bargained for or not. This includes any plea agreement entered into between the government and the witness pursuant to which, or as a result of which, the witness is testifying against the accused in this case or on behalf of the government at any other trial, grand jury or other proceeding or is furnishing data or information to the government.

4. An accounting of any money paid to any witness by the government including, but not limited to, rewards, subsistence payments, expenses or payments made for specific information supplied to the government.

5. Any assistance provided by any attorney or agent of the government to a witness for
-4-
any reason, including assistance with the witness' customers, a licensing agency, law enforcement or parole agency, or any other agency of federal, state or local government.

6. The criminal identification and history sheet of each government witness.

7. Any criminal charges pending against any government witness which have not been disposed of either by conviction or acquittal.

8. Any criminal activity in which a government witness has engaged which has not resulted in prosecution or conviction.

9. The name, last known address and statement, grand jury testimony, or memorandum of interview, if any, of any individual whose testimony would be favorable to the defendant in any way or consistent with his innocence.

Respectfully submitted,

FEDERAL DEFENDER PROGRAM
Terence F. MacCarthy
Executive Director

By: s/Robert D. Seeder
Robert D. Seeder

FEDERAL DEFENDER PROGRAM
55 E. Monroe Street
Suite 2800
Chicago, IL 60603
312/621-8326

Attachment	Date	Size
BradyMotion.pdf	06/28/09 1:05 pm	49.99 KB

Statement of Compliance with Local Criminal Rule 16.1

IN THE
UNITED STATES DISTRICT COURT
FOR THE NORTHERN DISTRICT OF ILLINOIS
EASTERN DIVISION

UNITED STATES OF AMERICA

v.

JAMES C. BREWER

DEFENDANT JAMES C. BREWER’S STATEMENT OF COMPLIANCE WITH LOCAL CRIMINAL RULE 16.1

Defendant JAMES C. BREWER, by the Federal Defender Program and its attorney, ROBERT D. SEEDER, pursuant to Local Criminal Rule 16.1 states as follows:

1. The government made delivery of its 16.1 material to defense counsel on July 17, 2007.

2. The delivery was from Assistant United States Attorney Rick Young.

3. Specifically, the government has provided various documents including the following: – - Documents Bates numbered 1-661 that contain F.B.I. reports of investigation, forensic analysis reports regarding the examinations of Mr. Brewer’s computer, as well as computers operated by the Cook County Bureau of Health Services (CCBHS), telephone records, copies of applications and affidavits requesting search warrants, as well as other miscellaneous records.

4. The government has provided what it maintains are all statements of the defendant in its possession.

5. The government has provided four discs, two of which contain “digital materials”
-3-
gathered and captured by the investigating agents in the course of the investigation. The last two discs contain various electronic materials gathered via subpoena during the governments investigation.

6. The government has agreed to duplicate the hard drive of Mr. Brewer’s computer that was confiscated in the investigation, as well as duplicate the hard drives obtained by the government from the CCBHS in its investigation, for purposes of forensic examination by an expert retained by the defense.

7. The government and Mr. Brewer have agreed that the requisite Rule 16 disclosures pertaining to the testimony of experts at trial be made no later than four weeks prior to trial.

8. The government has informed Mr. Brewer that it does not anticipate the introduction of any Rule 404(b) evidence or co-conspirator statements. However, should the government change its position on either of those matters, it would provide notice to Mr. Brewer three weeks prior to trial. Additionally, the government has agreed to produce § 3500 material three weeks prior to trial.

9. The government has informed defense counsel that it is recognizes its obligations under Brady v. Maryland, 373 U.S. 83 (1973), and should any exculpatory evidence for the defendant become known to the government, it would immediately make it available to the defendant.

10. The government has instructed the case agent to ensure that the written notes of government agents in this case are preserved.
-4-
Respectfully submitted,

FEDERAL DEFENDER PROGRAM
Terence F. MacCarthy
Executive Director

BY: s Robert D. Seeder
Robert D. Seeder

FEDERAL DEFENDER PROGRAM
55 E. Monroe Suite 2800
Chicago, Illinois 60603
(312) 621-8326

Attachment	Date	Size
LR16-1Statement.pdf	06/28/09 1:05 pm	46.75 KB