A Bangladeshi-American computer hacker was sentenced to two years behind bars Monday after secretly pleading guilty to committing cyber-crimes against targets including members of Congress, a federal prosecutor and National Rifle Association President Wayne LaPierre, among others.
The sentence was handed down by U.S. District Court Judge Randolph Moss in Washington, D.C., in connection with the unsealing of never-before-published court documents concerning a federal case against Mir Islam, a 22-year-old hacker who had been previously charged with trafficking stolen credit cards.
Islam was initially arrested in June 2012 along with nearly two dozen others as the result of a lengthy FBI sting operation that targeted individuals accused of buying and selling stolen credit cards and other personally identifiable information. He subsequently pleaded guilty and secretly agreed to cooperate with federal authorities, but did so while participating in a separate campaign of harassment and intimidation that culminated in Monday’s sentencing.
Newly unsealed court documents reveal that Islam, while cooperating with the FBI, worked with other hackers to acquire and then publicly disclose the personal information of dozens of well-known individuals, in some instances using that information to file phony 9-1-1 reports with the intent of having SWAT teams deployed to his victims’ homes.
Among the more than 50 individuals who were “doxed,” or had their personal information disclosed by Islam through a website he ran, “Exposed,” include first lady Michelle Obama, actor Mel Gibson and Vice President Joe Biden. Persons “swatted” as a result of Islam’s actions include former congressman Mike Rogers, U.S Attorney Stephen P. Heymann, journalist Brian Krebs and Mr. LaPierre, the head of the NRA, the court documents reveal.
“The FBI takes ‘swatting’ and ‘doxing’ attacks very seriously because such illegal conduct jeopardizes public safety and places innocent people in harm’s way by exposing private and personal information. Working closely with our law enforcement partners, the FBI continues to refine technological capabilities and investigative techniques to prevent these types of crimes, and to track down criminals who commit them,” Paul M. Abbate, assistant director of the FBI’s Washington field office, said in a statement.
Mr. Islam pleaded guilty in July 2015 to a total of three charges, but his plea agreement and related documents were under seal prior to his sentencing Monday. Those charges include one count of conspiracy to commit a range of federal offenses — including identity theft, access device fraud, social security number misuse, computer fraud, wire fraud, assaulting federal officials and interstate transmission of threats — as well as one count of cyber-staking and one count of threatening and conveying false information concerning the use of explosives.
With regards to the latter charges, Islam admitted to harassing an University of Arizona student with whom prosecutors say he became infatuated, according to court documents. He also acknowledged to having called in a bomb threat to the school in 2013, resulting in law enforcement having to deploy dozens of officers at a cost of nearly $40,000.
“Islam and his coconspirators embarked on this digital crime spree to entertain themselves; to exact revenge for official conduct they found objection; to express animums; for their own notoriety; and, in the case of the university student, to inflict emotional distress because the student spurned contact from Islam who had developed an online obsession with her,” U.S. Attorney Channing Phillips wrote in a pre-sentencing memorandum unsealed this week.
Indeed, at least two of Mr Islam’s targets had become lightning rods for criticism courtesy of the hacker community shortly before their information was disclosed. Mr. Heymann was one of the prosecutors who led the federal case against Aaron Swartz, a computer prodigy who committed suicide while awaiting trial; and Mr. Rogers, the former Republican representative for Michigan, had spearheaded legislation opposed by internet activists, including the Stop Online Piracy Act and the Cyber Intelligence Sharing Information Act.
Mr. Islam was born in Bangladesh in 1994 and relocated to the U.S. with his parents six years later, court documents reveal. Using the moniker “Josh the God,” he was regarded online as a member of the hacktivist group “UGNazi” prior to landing in hot water for credit card fraud. He was re-arrested in September 2013 in connection with the swatting and doxing incidents, and had spent a year behind bars already when he was sentenced Monday.
He was motivated by a sense of “anarchic libertarianism,” his attorney told the court Monday, and is currently being treated for depression and bi-polar disorder.
Mr. Krebs, the journalist who was swatted as a result of Islam’s actions, noted that the hacker could be released in as little as 12 months since Judge Moss said the court would take time served into consideration. Defense attorneys had asked for no prison time, whereas prosecutors pushed for as much as 46 months behind bars.
“I didn’t expect to go as far as I did, but because of these disorders I felt I was invincible,” Mr. Islam told the court Monday, according to Mr. Krebs. “The mistakes I made before, I have to pay for that. I understand that.”
An attorney for Mr. Islam declined to comment when reached Tuesday by The Washington Times.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.