On March 14, 2013 our humble home in Annandale, Va. was “swatted” — that is to say, surrounded by a heavily-armed police force that was responding to fraudulent reports of a hostage situation at our residence. Later this month the government will sentence 21-year-old hacker named Mir Islam for that stunt and for leading a criminal conspiracy allegedly engaged in a pattern of swatting, identity theft and wire fraud.
Mir Islam briefly rose to Internet infamy as one of the core members of UGNazi, an online mischief-making group that claimed credit for hacking and attacking a number of high-profile Web sites.
On June 25, 2012, Islam and nearly two-dozen others were caught up in an FBI dragnet dubbed Operation Card Shop. The government accused Islam of being a founding member of carders[dot]org — a credit card fraud forum — trafficking in stolen credit card information, and possessing information for more than 50,000 credit cards.
Most importantly for the government, however, Islam was active on CarderProfit, a carding forum created and run by FBI agents.
Islam ultimately pleaded guilty to aggravated identity theft and conspiracy to commit computer hacking, among other offenses tied to his activities on CarderProfit. In March 2016 a judge for the Southern District of New York sentenced (PDF) Islam to just one day in jail, a $500 fine, and three years of probation.
Not long after Islam’s plea in New York, I heard from the U.S. Justice Department. The DOJ told me that I was one of several swatting victims of Mir Islam, who was awaiting sentencing after pleading guilty of leading a cybercrime conspiracy. Although that case remains sealed — i.e. there are no documents available to the press or the public about the case — the government granted a waiver that allows the Justice Department to contact victims of the accused and to provide them with an opportunity to attend Islam’s sentencing hearing — and even to address the court.
Corbin Weiss, an assistant US attorney and a cybercrime coordinator with the Department of Justice, said Islam pleaded guilty to one count of conspiracy, and that the objects of that conspiracy were seven:
-misuse of access devices;
-misuse of Social Security numbers;
-attempts to interfere with federal officials;
-interstate transmission of threats.
Weiss said my 2013 blog post about my swatting incident — The World Has No Room for Cowards — was part of the government’s “statement of offense” or argument before the court as to why a given suspect should be arrested and charged with a violation of law.
“Your swatting is definitely one of the incidents specifically brought to the attention of the court in this case,” Weiss said. “In part because we didn’t have that many swat victims who were able to describe to us the entire process of their victimization. Your particular swat doesn’t fit neatly within any of those charges, but it was part of the conspiracy to engage in swats and some of the swats are covered by those charges.”
Weiss said while the Justice Department prosecutors couldn’t stop me from writing about the case before Islam’s sentencing (and the subsequent unsealing of the case), the government would almost certainly prefer it that way. I thanked him and said while I might be a victim this case, I’m a journalist first.
I’m gratified to see the wheels of justice turning, and that swatting is being creatively addressed with federal felony charges in the absence of a federal anti-swatting law.
The Interstate Swatting Hoax Act of 2015, introduced by Rep. Katherine Clark (D-Mass.) and Rep. Patrick Meehan (R-PA), was passed by the House Energy & Commerce Committee in April 2016. It would impose up to a 20-year prison sentence and heavy fines for swatting. According to the FBI, swatting incidents cost local first responders $10,000 on average and divert important services away from real emergencies.
The Swatting Hoax Act targets what proponents call a loophole in current law. “While federal law prohibits using the telecommunications system to falsely report a bomb threat hoax or terrorist attack, falsely reporting other emergency situations is not currently prohibited,” reads a statement by the House co-sponsors.
To address this shortcoming, the bill “would close this loophole by prohibiting the use of the internet telecommunications system to knowingly transmit false information with the intent to cause an emergency law enforcement response.”
Explicitly making swatting a federal crime is a good first step, but unfortunately a great many people launching swatting attacks are minors, and the federal law enforcement system is simply not built to handle minors (with few exceptions).
By way of example, one of Islam/Josh the God’s best buddies — a then-16-year-old hacker named Cosmo the God — also was involved in my swatting as well as the CarderProfit sting. But it’s unclear whether he is tied to the Islam conspiracy. The DOJ’s Weiss said he couldn’t talk about any others associated with the case who were minors.
“Other individuals who may have been involved were juveniles when they committed the offenses, and those [cases] are going to remain under seal,” he said. “Victims have far fewer rights with respect to juveniles.”
Mir Islam is slated to be sentenced in Washington, D.C. on June 22. Weiss said the judge presiding over the case can sentence him to a maximum of five years in prison.
This summer promises to be a good one for closure. Sergey Vovnenko, another convicted cybercriminal who sought to cause trouble for this author (by trying to frame me for heroin possession) is slated to be sentenced in New Jersey in August on unrelated cybercrime charges.