01
Jun 16

Mir Islam – the Guy the Govt Says Swatted My Home – to be Sentenced June 22

On March 14, 2013 our humble home in Annandale, Va. was “swatted” — that is to say, surrounded by a heavily-armed police force that was responding to fraudulent reports of a hostage situation at our residence. Later this month the government will sentence 21-year-old hacker named Mir Islam for that stunt and for leading a criminal conspiracy allegedly engaged in a pattern of swatting, identity theft and wire fraud.

Mir Isam

Mir Islam

Mir Islam briefly rose to Internet infamy as one of the core members of UGNazi, an online mischief-making group that claimed credit for hacking and attacking a number of high-profile Web sites.

On June 25, 2012, Islam and nearly two-dozen others were caught up in an FBI dragnet dubbed Operation Card Shop. The government accused Islam of being a founding member of carders[dot]org — a credit card fraud forum — trafficking in stolen credit card information, and possessing information for more than 50,000 credit cards.

Most importantly for the government, however, Islam was active on CarderProfit, a carding forum created and run by FBI agents.

Islam ultimately pleaded guilty to aggravated identity theft and conspiracy to commit computer hacking, among other offenses tied to his activities on CarderProfit. In March 2016 a judge for the Southern District of New York sentenced (PDF) Islam to just one day in jail, a $500 fine, and three years of probation.

Not long after Islam’s plea in New York, I heard from the U.S. Justice Department. The DOJ told me that I was one of several swatting victims of Mir Islam, who was awaiting sentencing after pleading guilty of leading a cybercrime conspiracy. Although that case remains sealed — i.e. there are no documents available to the press or the public about the case — the government granted a waiver that allows the Justice Department to contact victims of the accused and to provide them with an opportunity to attend Islam’s sentencing hearing — and even to address the court.

Corbin Weiss, an assistant US attorney and a cybercrime coordinator with the Department of Justice, said Islam pleaded guilty to one count of conspiracy, and that the objects of that conspiracy were seven:

-identity theft;
-misuse of access devices;
-misuse of Social Security numbers;
-computer fraud;
-wire fraud;
-attempts to interfere with federal officials;
-interstate transmission of threats.

Weiss said my 2013 blog post about my swatting incident — The World Has No Room for Cowards — was part of the government’s “statement of offense” or argument before the court as to why a given suspect should be arrested and charged with a violation of law.

“Your swatting is definitely one of the incidents specifically brought to the attention of the court in this case,” Weiss said. “In part because we didn’t have that many swat victims who were able to describe to us the entire process of their victimization. Your particular swat doesn’t fit neatly within any of those charges, but it was part of the conspiracy to engage in swats and some of the swats are covered by those charges.”

Fairfax County Police outside my home on 3/14/13

Fairfax County Police outside my home on 3/14/13

Weiss said while the Justice Department prosecutors couldn’t stop me from writing about the case before Islam’s sentencing (and the subsequent unsealing of the case), the government would almost certainly prefer it that way. I thanked him and said while I might be a victim this case, I’m a journalist first.

I’m gratified to see the wheels of justice turning, and that swatting is being creatively addressed with federal felony charges in the absence of a federal anti-swatting law.

The Interstate Swatting Hoax Act of 2015, introduced by Rep. Katherine Clark (D-Mass.) and Rep. Patrick Meehan (R-PA), was passed by the House Energy & Commerce Committee in April 2016. It would impose up to a 20-year prison sentence and heavy fines for swatting. According to the FBI, swatting incidents cost local first responders $10,000 on average and divert important services away from real emergencies.

The Swatting Hoax Act targets what proponents call a loophole in current law. “While federal law prohibits using the telecommunications system to falsely report a bomb threat hoax or terrorist attack, falsely reporting other emergency situations is not currently prohibited,” reads a statement by the House co-sponsors.

To address this shortcoming, the bill “would close this loophole by prohibiting the use of the internet telecommunications system to knowingly transmit false information with the intent to cause an emergency law enforcement response.”

Explicitly making swatting a federal crime is a good first step, but unfortunately a great many people launching swatting attacks are minors, and the federal law enforcement system is simply not built to handle minors (with few exceptions).

By way of example, one of Islam/Josh the God’s best buddies — a then-16-year-old hacker named Cosmo the God — also was involved in my swatting as well as the CarderProfit sting. But it’s unclear whether he is tied to the Islam conspiracy. The DOJ’s Weiss said he couldn’t talk about any others associated with the case who were minors.

“Other individuals who may have been involved were juveniles when they committed the offenses, and those [cases] are going to remain under seal,” he said. “Victims have far fewer rights with respect to juveniles.”

Mir Islam is slated to be sentenced in Washington, D.C. on June 22. Weiss said the judge presiding over the case can sentence him to a maximum of five years in prison.

This summer promises to be a good one for closure. Sergey Vovnenko, another convicted cybercriminal who sought to cause trouble for this author (by trying to frame me for heroin possession) is slated to be sentenced in New Jersey in August on unrelated cybercrime charges.

Tags: , , , , , , , ,

57 comments

  1. Hang in there! Holly cow is all I keep saying to myself. Hate that these punks target you all the time.

    I appreciate what you do and can’t say enough about how much it’s helped me in my career. Keep on keeping on!

    Your great and if can ever help let me know. Your a mentor to a ton of people world wide.

    Mike Bray

    • So, now you’re friends with the local swat team leader? It must have been really scary, but I’m glad now your locals are getting to know you better. We all should know our local authorities better.

      • Yep. I know many of Fairfax County’s finest. It is indeed a good policy to get to know your local law enforcement before you need to or are forced to. In in a lot of small towns, most often in the south, this is almost automatic (the law comes to meet you). But in the big cities and suburbs, there are so many officers that you really do have to make an effort to meet at least a good percentage of them.

  2. A good day for the good guys! Thanks for all you do.

  3. Great to hear Mir Islam is being sentenced. Justice will be served. Appreciate all you do in keeping companies and individuals safe. Evil will not prevail.

    You are not alone in the fight against these hackers…..

    Scott
    http://www.hackedagain.com

  4. Ne’er do well, for sure.

  5. Looks like you got auto corrected on the perps name, auto corrected to Islam. Several times in the article it says islam but under the picture it says his name is isam. FYI

  6. There’s a lot of us out here in the trenches who really truly appreciate the work you do. I know that doesn’t buy you squat at the grocery checkout, but I hope it counts for something. I am very glad to see these losers getting some justice meted out after all.

    • ditto to what Doc wrote
      Really appreciate all you do and sometimes wonder how your wife tolerates these side effects of your *job* (the swatting incident when your mother arrived at your house, that dangerous trip to Mexico, the heroin incident, etc.).

  7. your article photo says “Mir Isam” but your article states “Mir Islam”…

    -random internet nitpicker

  8. Even though reporting on things like this is your job, I know that you’ve paid a price for it. Whenever one’s personal life becomes a target, it’s a very serious and bad situation. I applaud you for being equipped to take the actions you have and for the courage you have shown in the process. Thank you!

  9. I can’t thank you enough for all you do. This should on 60 Minutes. 5 years for all of this damage is not even close to the amount of time and repayment to his victims including you.
    I am always humbled by the work you are doing.
    Thanks again for keeping our guar up.

    Michael

  10. It seems to me that the federal prosecutors are either not being creative or they’ve cut a deal with the punk in pursuit of bigger game. The kid and his friend(s) essentially perpetrated an assault on you, your home, and your family. He may not have personally used a gun but he caused others (the police) to do so placing you and your loved ones in grave jeopardy.

    If that doesn’t fly, you can always sue him in civil court and seek damages. The burden of proof there is not as difficult to meet as it is in a criminal proceeding. Perhaps the SWAT agency would join in and split the legal expenses so they can recover their out of pocket costs for the event.

    Someone needs to put the fear of God into the fool and his friend(s). The best way to do that and establish an expectation for future perps is to make them and/or their parents pay damages for a very long time.

  11. Interesting that his attempt(s) to cause you defamation, pain, and ridicule actually resulted for you increased fame and positive reputation. What it takes for an independent security researcher to get some respect on the Internet these days.

  12. This truly sucks. I’m sorry you had to go through that Brian. Just know, you are providing an invaluable service. The good guys (most of the public) are lazy and the bad guys are getting more and more organized. People like you make such a hug difference. Thank you.

  13. Interesting last name… I hope this psychopath gets a nice long sentence.

  14. Like many others all I can say is thank you for what you do and persevering to ensure important fraud and security information reaches the public.
    I am however curious as to victim’s rights in such cases. Even though some of these criminals were minors at the time, can you not hold their families financially accountable in civil court? While I’m not a fan of lawsuits, I wonder if such an approach might actually get through to these minors or at least remind parents of their ethical/legal responsibilities to ensure reasonable supervision of their children.

  15. I was a victim of swatting a few years back that and it was not fun. I rec’d a call at about 3am from my local police department stating they rec’d a call that my son was tied up in his closet and his parents were being held against their will. In my foggy haze I immediately ran to my son’s room to insure he was okay. Long story short, I’m fairly certain it was a gaming friend of my son’s that pulled the “prank” but I had no recourse. Glad you are able to fight back!

    • If you just received a call and nothing happened, was more of a prank cop call (or the cops sensibly checked up on it before sending SWAT).

      Swatting is where the SWAT team comes out to your place because of the call. Usually followed by them breaking in

  16. Hope the court throws your book (hardbound edition) at him, figuratively (if not literally)…

    • I am not so hopeful that will happen.

      Look at what he got for “aggravated identity theft and conspiracy to commit computer hacking, among other offenses” :
      “one day in jail, a $500 fine, and three years of probation.”

      Many judges have no idea of the importance of cyber crime and associated actions.

      • Hopefully any judge worth their salt can understand how dangerous “SWATting”
        is, and uses the full extent of the law in sentencing!

  17. Glad to see this is finally drawing to a close for you. You received a letter from the DOJ in mid-2015 that indicates someone had taken a plea deal, and you deduced it was Canadian teen Curtis Gervais, who had staged a continent wide reign of terror under the name @ProbablyOnion/@ProbablyOnion2.

    Drunken neo-Confederate hate talker Robert Stacy McCain got that same letter at about the same time (7/9/15 as I recall), and he was making regular trips to his fainting couch because he couldn’t public point the finger at me, despite the fact that we identified the political swatter from 2011/2012 as former FBI snitch Brandon Darby.

    https://www.youtube.com/watch?v=Pe4NCaz4NgM

    Someone pointed Gervais at McCain and other targets that would fit their narrative that I, or someone near me, was behind the effort. I’ve never had direct dealings with Mir Islam, but some of the other UGnazi crew have graced my inbox in recent weeks with what I’ve characterized as entries in the Social Engineering Special Olympics. I’m not under any compulsion to not mention UGnazi member Dillon Crawford, despite the fact that he was a minor when he got in trouble under various permutations of the name ‘forsaken’.

    I hope you’re right about this being a summer of resolution. I could do with a little less derp in my life …

    • Oh please.
      Neal Rauhauser, you still remain at the top of the list for , at the very least, inciting the political SWATtings of 2012. There is no evidence that the SWAT on Krebs was done by the same individual. Or that the SWAT on McCain was done by the same individual.

      You can tout Brandon Darby as the SWATter of 2012 but be more transparent. You have no qualifications or credentials as an investigator and your “investigations” usually incriminate an adversary of yours.

      The “we” you refer to is yourself and Matt Osborne. Both of you were involved in a petty and vindictive feud with other bloggers that was, and still is, insane. Your videotape as evidence against Darby is ridiculous. A video recording of an audio recording that’s a duplicate of an audio recording of a phone call that sounds like Brandon Darby is not evidence.

      Have you forgotten how you bragged about the SWATs on LinkedIn and on Reddit? When you claimed the work of your proteges resulted in a letter signed by 87 congressmen being sent to the Department of Justice asking for an investigation into SWATting?

      And don’t forget your numerous SWATlite attempts…where you admitted to calling police to do health and welfare checks on people you didn’t like just to intimidate and harass. How about calling child protective services on your ex-wife…you know, the woman to whom you owe $70,000 in child support? That was also done to intimidate and harass.

      Amazingly Mr Rauhauser, you forgot to mention the SWAT that was done on you and the SWAT done on your cohort, Brett Kimberlin aka the Speedway Bomber. How could you not mention something so life changing as a SWAT?

      Both of you claimed to have been SWATted even though there were no police reports, no 911 transcripts. Absolutely nothing to show that your claims of a SWAT were true.

      You need to keep better track of your little white lies, Neal.

      Keep pointing a finger at others, Mr Rauhauser, but most people will continue to believe you were behind those SWATtings in one way or another.

    • Neil you make some erroneous conclusions. Why would I deduce that a swatting incident alerted to me by the DOJ was in re: a Canadian citizen? That seems unlikely, and in any case didn’t happen.

  18. Thank you for your hard work.
    Thank you for being an icon of information dissemination.
    Thank you for not being someone who gives up just when things get personal.

    Three areas I myself fail in as a rule..

    Good to see someone has enough intestinal fortitude to keep going to find the real information and to publish it if at all possible.

    If I was not a jaded old fart I’d call myself a fanboi I guess. Please keep up the good work that Krebs on Security so obviously is.

  19. Robert.Walter

    Brian,

    Glad these cretins are getting their due. Shame on that judge for meting out the 500$ wrist slap though.

    Glad you and yours were not harmed. I hope it stays so.

    Keep up the great work on the blog, yoy educate and help folks protect themselves. Thanks for that.

  20. It really makes me angry that juveniles get off so lightly. If you’re old enough to do the crime you’re old enough to do the time.

  21. Jim Langridge

    I hope he’s put in a prison (and general population) with a large number of White Supremacists.

  22. Excellent outcome. It is good that you are able to share this story. Perhaps you would permit me to use your SWAT story as an example of computer misuse in my awareness courses?

    Enjoying your blog.

  23. 1 day in prison and a $500 fine – that’s such a huge punishment it will surely act as a deterrent for anyone else…

    Maybe he will get a second day in prison for the swatting.

    • Sometimes those kinds of “1 day” sentences are code for an arrangement of some kind, such as a plea deal or a reduced sentence in exchange for ratting on all your friends. Not saying that’s what happened in Islam’s case, just saying I’ve seen that before.

      • Does the one day also establish certain things like a criminal record/ban on gun access/loss of voting rights/similar?

        It reminds me of legal contracts which require $1 to be enforced.

  24. Swatting is Attempted Murder and people should be charged as such. Creating more laws just complicates things. Glad they got ’em and are taking some of the anonymity and glamor out of these punks crimes.

  25. Good to see this going forward, thanks for all your reporting Brian.

    >> Weiss said the judge presiding over the case can sentence him to a maximum of five years in prison. <<

    This is hard to imagine, maximum punishment is only 5 years?!! That's just way too lenient….both for punishment and to act as a disincentive for others who might consider doing such things.

  26. It looks like the anti-swatting bill that recently passed a committee vote is actually H.R.2031 – Anti-Swatting Act of 2015 https://www.congress.gov/bill/114th-congress/house-bill/2031.

    It looks like the other two anti-swatting bills were ignored after they were referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigations: https://www.congress.gov/search?q=%7B%22congress%22%3A%22114%22%2C%22source%22%3A%22legislation%22%2C%22search%22%3A%22Interstate%20Swatting%20Hoax%20Act%22%7D.

    • Good. While there are entirely too many ridiculous laws on the books (and abuses of various laws on the books) we very much need laws designed to specifically address this sort of terroristic behavior (caveat: the fact that our police are capable of performing in such a way that responses can be construed as terroristic is something we really need to look at just as much or moreso). These sorts of laws and stronger laws against online harassment and impersonation aren’t something that should be needed in a sane world/country, but I’m not getting the feeling kids are getting the sort of parenting necessary to make sure this stuff never happens in the first place. Then again, there’s 30-40 year olds doing this stuff too. Whatever the case, a body of law addressing this is a Good Thing ™.

  27. String ’em up, it’ll teach ’em a lesson! But cane them severely before you do. Cyber-crime would dramatically decrease if you did this.

  28. I think Mr. Islam will find that “swatting” means something completely different in prison…

  29. Hampton DeJarnette

    Your objectivity when you first reported the experience of having been the focus of attention of heavily armed police was admirable. Your objectivity now at the reporting of the trial of one of the men who initiated that “swatting” is doubly admirable.

    We, your readers, are right to demand that objectivity,but we are also happy to celebrate and appreciate your top-notch journalism. Just because it’s free to us doesn’t mean that it comes without considerable personal effort.

  30. Noticed a typo while re-reading the swatting story:

    The letter to Prolexic made no fewer than five references to a story I published earlier this week about sssdob.ru,

    sssdob shoud be ssndob.