Man Who Doxxed Dozens Of People, Engaged In Nineteen 'Swattings', Nets Only One Year In Prison

from the cyber-sentencing-still-mostly-incoherent dept

The treatment of all things “cyber” by the government is incredibly inconsistent. Give someone a password so they can deface a website for 40 minutes and it’s two years in jail. Doxx, SWAT, and cyberstalk multiple people and the best the court can do is two years minus time served. The end result is one year in prison for Mir Islam, who doxxed multiple celebrities and politicians, as well as called in fake threats that resulted in the swatting of at least nineteen people, including security researcher Brian Krebs, who uncovered Islam’s doxxing tactics.

Krebs’ investigation of Islam and his abuse of free credit report services to obtain personal information on a variety of public figures led to the following:

Peeved that I’d outed his methods for doxing public officials, Islam helped orchestrate my swatting the very next day. Within the span of 45 minutes, came under a sustained denial-of-service attack which briefly knocked my site offline.

At the same time, my hosting provider received a phony letter from the FBI stating my site was hosting illegal content and needed to be taken offline. And, then there was the swatting which occurred minutes after that phony communique was sent.


Nearly a dozen heavily-armed officers responded to the call, forcing me out of my home at gunpoint and putting me in handcuffs before the officer in charge realized it was all a hoax.

The response to the hoax call on Krebs’ residence was, by comparison, minimal. Islam also called in a fake active shooter report at the University of Arizona campus. This was apparently in retaliation to a cheerleader’s failure to realize Islam’s cyberstalking was just another way of saying “I love you.”

A woman representing an anonymous “Victim #3” of Islam’s was appearing in lieu of a cheerleader at the University of Arizona that Islam admitted to cyberstalking for several months. When the victim stopped responding to Islam’s overtures, he phoned in an active shooter threat to the local police there that a crazed gunman was on the loose at the University of Arizona campus.

According to Robert Sommerfeld, police commander for the University of Arizona, that 2013 swatting incident involved 54 responding officers, all of whom were prevented from responding to a real emergency as they moved from building to building and room to room at the university, searching for a fictitious assailant. Sommerfeld estimates that Islam’s stunt cost local responders almost $40,000, and virtually brought the business district surrounding the university to a standstill for the better part of the day.

Worse, some of Islam’s swatting efforts and cyberstalking occurred while he was “cooperating” with federal prosecutors following his arrest for attempting to sell stolen credit cards to undercover agents.

Federal prosecutors wanted to see Islam jailed for nearly four years — towards the upper reaches of the mandatory sentencing guidelines. Instead, the judge handed down a sentence of two years. Islam has been in federal custody since July 2015 and that time is being credited towards his sentence, meaning it will only be another year at the most before Islam is free again.

The credit for time served makes sense and the departure from the upper limits of the guidelines is something I would be extremely hesitant to suggest is a bad thing. Prosecutors wanted a much longer sentence, and the allegations here would seem to justify a lengthier imprisonment for Islam.

The problem with the government’s fear of anything cyber-related is that the default mode for prosecutors is almost always the upper reaches of the sentencing guidelines, even when the severity of the criminal activity doesn’t appear to warrant this sort of punitive sentencing. The government sought a longer sentence for Matthew Keys’ minimal participation in a 40-minute headline alteration at a news website. Someone who endangered lives of dozens of people by sending heavily-armed law enforcement officers after them — in addition to doxxing a large number of public figures and participating in multiple cyberstalkings — was apparently only deemed dangerous enough to warrant a 46-month sentence, as compared to the 60 months sought in the Keys case.

Then there’s this:

Judge Moss, in explaining his brief deliberation on arriving at Islam’s two-year (attenuated) sentence, said he hoped to send a message to others who would endeavor to engage in swatting attacks.

Swatting has the potential to kill people, something clearly not reflected by the “severity” of this sentence.

As Brian Krebs points out, it does send a message, although certainly not the one the judge intended. It says you can endanger the lives of others without seriously affecting your own freedom. It also sends the message that the government — as a whole — will remain incoherent and inconsistent in its handling of cybercrime.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Man Who Doxxed Dozens Of People, Engaged In Nineteen 'Swattings', Nets Only One Year In Prison”

Subscribe: RSS Leave a comment
Paul Renault (profile) says:

What's wrong with this picture?

Grr! Does anyone else want to grab this judge by the lapels and shake him?

All my points were covered by Tim’s article. Jeebus Frak!

Mr. Islam’s light sentence might be explained for the more paranoid of us) by unknown involvement with / interference from the FBI (will Mr. Islam be working for the FBI in the future?). From a recent article by Brian Krebs:
Most importantly for the government, however, Islam was active on CarderProfit, a carding forum created and run by FBI agents.

Islam ultimately pleaded guilty to aggravated identity theft and conspiracy to commit computer hacking, among other offenses tied to his activities on CarderProfit. In March 2016 a judge for the Southern District of New York sentenced (PDF) Islam to just one day in jail, a $500 fine, and three years of probation. [emphasis added]

Paul Renault (profile) says:

Re: What's wrong with this picture?

…and this picture?
Via Bruce Schneier’s blog / Volokh Conspiracy:
9th Circuit: It’s a federal crime to visit a website after being told not to visit it

I wonder how long the prison sentence for THAT ‘crime’ will be.

Anonymous Coward says:

Re: Re: Re:

O yea, just 1 phone call should be all that is necessary for a paramilitary force to decent on some random position with itchy trigger fingers and flash bangs exploding it children and babies faces!


I think it is fair to say, everyone wants the police to show up, but to show up ready for a fucking war zone every damn time?

Not to mention, some may not even be against them showing up ready for a war zone, and just expect them to do a touch of recon before invading a 10 year old’s Halo session!

Sure it’s not an easy situation to deal with, but it’s well known that the police are barely trained to handle these well and come in screaming conflicting orders and causing far more unnecessary mayhem than required. They are definitely using these situations as excuses to just throw caution to the wind and immediately escalating any situation they come to to the maximum from the first second they arrive until they leave.

David says:

Re: Re: Re:2 Re:

If I remember correctly, it’s something like half a dozen people at least who get shot by toddlers each year. If that baby is supposed to be any use in a gang shootout, you need to start training early.

So don’t blame the police for being careful. They try to minimize harm to those lives that matter, and they do that by first throwing grenades, then going in. That way, policemen are reasonably safe to enter assuming that the grenades did not do structural damage.

Anonymous Coward says:

Re: Re: Re: Re:

Oh, that question has an easy answer. Most cops are violent, macho, sociopathic killers eager for an excuse (any excuse) to kill someone. If some due diligence was performed, they might not get the chance — so it makes much more sense to descend in force with weapons deployed, scream at people, and then execute them for non-compliance.

Think I’m exaggerating? LOOK AT THIS CASE. 19 out of 19 times, the response was force first, thinking second.

Anonymous Coward says:

Re: Re:

There is also the high probablity, in a domestic shooting, or a house robbery gone wromg, it is all over before they can get there, so they have the time to do a little investigation, or reconoitering. Also more sublety than a swat squad bursting without a clue of what is happening inside, in is required if it is a hostage situation.

Ninja (profile) says:

Re: Re: Re:

You see, it varies from case to case. An active shooter in a campus will generate more calls. In any case, before mobilizing a large force you can do some quick investigation. In domestic cases it’s a bit more complicated but you can still do some investigation to determine the severity of the situation if any before deploying the forces.

But at the heart of it all is some sort of field survey and investigation before deploying deadly force. It would prevent absurdities like throwing grenades at babies and shooting a guy because he tried to defend his family from perceived intruders.

Reason says:

Re: Re:

This is really easy to say with hindsight. If JUST ONCE the police didn’t deem the threat as credible, and even one person died because they didn’t react they would be held responsible. The expectation that if somebody cries wolf the police should just stop reacting because it “could” be false is a pretty ridiculous notion.

Capt ICE Enforcer says:

Fair sentence.

Please understand that jail sucks. And this sentence may seem light when you are so use to hearing about super long prison terms for sharing music or passwords. But the reality of it is an individual who made prank police calls which nobody got hurt. He should learn his lesson. Have a record that will follow him and hopefully move on with his life. I do think he should pay a portion of the fees, but then again. The cops get paid the same whether they sit at the station or they get dressed up all military business like.

murgatroyd (profile) says:

Re: Re: Fair sentence.

Save for the fact he intended people to get hurt

Maybe. It’s also conceivable that he didn’t even think about that possibility when he made the call, assuming that the SWAT team would figure it all out before actually opening fire on someone. After all, it’s well known that SWAT teams never shoot people accidentally, or throw flash-bangs into baby cribs, right?

I’m not sure which of these situations (intending harm vs. not even considering the possibility of harm) is worse.

Anonymous Coward says:

Re: Fair sentence.

Nobody got hurt, despite the apparent efforts of the defendant. Further, even if we suppose that this sentence is “fair” given the defendant’s limited success with the hoax-driven SWAT team attacks, that would then suggest that the longer sentence issued to Matthew Keys is even more unfair. If two years is “fair” for 19 hoaxes where no one gets hurt (ignoring for the moment the other charges and that “nobody got [physically] hurt” is not the same as “no one was terrorized by the police invasion”), then what is “fair” for 1 incident where a website shows wrong information for 40 minutes, and nobody gets hurt because of that wrong information?

Anonymous Coward says:

Re: Re: Re: Fair sentence.

Your tone reads like you disagree with grandparent, but your second paragraph looks like agreement. GP would have been a bit more clear if the emphasis markers on despite the apparent efforts of the defendant had come through; Techdirt permits italics, but silently drops underline.

“Nobody got hurt” was a parrot of the original article, where it is used in the narrow sense that there were no reported serious physical injuries. Given the involvement of SWAT and their general tactics, that might be further narrowed as “no physical injuries other than the ones the cops would blame on the unsuspecting residents for their failure to preemptively surrender to armed invaders.” Your use, and GP’s use, were in the more colloquial sense that there was no harm of any kind – damage to property, physical injury to people or pets, mental distress (note GP’s reference to “terrorized by the police invasion”), etc.

Anonymous Coward says:

Re: Fair sentence.

Do you think the police would have been just “sitting at the station” if they weren’t responding to his calls? Everyone focuses on how the victims of the swatting could have died, and that is a very valid point. But beyond that, someone totally unrelated to the swatting could have died because the police were busy responding to this instead of something else.

Yeah, jail or prison sucks. A year, or two years, is certainly not nothing. But apparently he did this 19 times (showing that this wasn’t just a one time mistake), he had a prior record (showing that it might take a little more for him to “learn his lesson”), and he sent a fake letter supposedly from the FBI. Given all that, the sentence, although more than a slap on the wrist, seems too light.

Capt ICE Enforcer says:

Re: Fair sentence.

Sure this individual has done this numerous times. And every time nobody was physically hurt. Police have gotten use to doxxing, and an easy way for them to handle these types of situations is to access the situation. A preliminary phone call to the supposed target for confirmation with a brief follow up by peace officers is normally all that it would take. Imagine this, 911 call for active shooter or hostage situation… Step 1. Notify officers of the situation in order to prep for the mission. Step 2.. Contact suspected individuals via phone in order to confirm that they are in danger. If they say yes, Immediately launch all forces, if they say no then send a couple peace officers to verify while having the main strike force ready to engage. Step 3, At the scene of the potential crime, all members inside the home/building step outside the home in order to speak with officers. If it is real then the suspects and victims will be separated and the officers will be able to call for backup. If it is fake, then the officers go back to their office or Dunkin Donuts…. Mmmmm… Donuts….

DOlz (profile) says:

Of course

“As Brian Krebs points out, it does send a message, although certainly not the one the judge intended. It says you can endanger the lives of others without seriously affecting your own freedom. It also sends the message that the government — as a whole — will remain incoherent and inconsistent in its handling of cybercrime.”

This was a completely coherent and consistent message from the courts. Threaten and harass the hoi polo get a slap on the wrist. Threaten, harass, embarrass, or inconvenience the rich, powerful or connected and you’ll be trying to find the bottom of the rabbit hole they throw you in.

tom (profile) says:

At the very least, the fake active shooter call on the U of Arizona should qualify as domestic terrorism since there were probably a lot of folks on and around that campus that were terrorized.

Seems like the judge implemented a variation of the ‘Hillary Defense’, in that he apparently thinks that Islam didn’t really mean to hurt anyone, regardless of how reckless his actions.

Hopefully, Arizona will bring charges for violations of state laws or at least a civil tort for recovery of the costs for the various Swat calls.

Anonymous Coward says:

understanding something like this is simply an exercise in understanding what corporations were involved and affected. not all corporations were born equal, and understanding american behavior requires assessing corporate standing.

it has long been official – though unacknowledged publicly – that we are and have been the land of the free corporation and the home of the brave corporation.

Anonymous Coward says:

Another take on his sentence

The title claims “only one year in prison” as a result of the sentence. The article makes it clear that he’ll have spent a total of two years in jail for this.

But another way of looking at this is: if he were innocent, he still would have been sentenced to a full year in jail.

By contrast, Matthew Keys wasn’t locked up while waiting for his trial. But if he had, he would have (had to have) been released for time served, because it took two and a half years to come to a decision in his case.

It is hard to argue that we have swift justice in this country, when the accused will spend a significant portion – or more than the sum – of their possible sentence simply awaiting trial.

That One Guy (profile) says:

Crystal clear

Judge Moss, in explaining his brief deliberation on arriving at Islam’s two-year (attenuated) sentence, said he hoped to send a message to others who would endeavor to engage in swatting attacks.

Message received I’m sure, though I doubt it’s the one the judge thinks they’re sending. SWAT those that annoy you or just targets of opportunity all you want, the worst that you will face if you get caught is a light slap on the wrist for an action that has a high chance of resulting in serious injury or even death of the target thanks to trigger happy cops.

Of course it goes without saying that had the SWATing targeted someone with connections that sentence would likely have been measured in decades rather than two years, but since it was just a few nobodies on the receiving end of a bunch of trigger-happy cops who cares, right? /s

That Anonymous Coward (profile) says:

“Worse, some of Islam’s swatting efforts and cyberstalking occurred while he was “cooperating” with federal prosecutors”

And how quickly were they made ex-prosecutors?
Unable to supervise an asset, allowing more crime to happen, ignoring the actions….

Unless this doxing idiot knew where Bin Laden was, what could he have possibly offered to make looking away as he kept dicking around worth it? Or perhaps he used his made skillz to convince them he had super good intel to share, and they didn;t bother to check if he was full of shit or not.

Anonymous Coward says:

Re: Will none of you liberals have the courage...

Will none of you liberals have the courage…
to say “Islam is to blame for this”?

Well sort of…I certainly have the courage to say that ALL religion is responsible for the vast majority of hate in the world. Once you get rid of BOTH the Christians and the Muslims, there will probably be peace.

Does that make you feel any better?

Once there was a way says:

Re: Re: Will none of you liberals have the courage...

Once you get rid of BOTH the Christians and the Muslims, there will probably be peace.

You have not read the Bible. One place in particular to start might be in the back of that Book, Revelations. After the Rapture, this place turns into a living hell.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...