HideLast chance! Campaign ends at midnight! Get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »
HideLast chance! Campaign ends at midnight! Get your copy of the CIA's declassified training game by backing CIA: Collect It All on Kickstarter »

Convicted Fraudster Uses DDoS Attack To Clean Up Search Results, Fails Spectacularly

from the engage-self-destruct dept

A Seattle man has found a surefire way to clean up negative search engine results: get arrested for threatening (and apparently executing) a denial-of-service attack against a legal web site for refusing to take down an unflattering link.

Federal prosecutors announced the arrest of Kamyar Jahanrakhshan, 32, on a criminal charge of extortion by threats to cause damage to Leagle.com. If convicted, he faces up to 5 years in federal prison and a $250,000 fine.

A man named Andrew Rakhshan allegedly contacted the website in December 2014 and asked that a link to the offending court decision be taking down.

Then Rakhshan was done asking.

“On January 24, 2015 Rakhshan again sent an e-mail claiming that he met a group of hackers online who were willing to launch a massive cyber-attack on Leagle.com,” prosecutors said in a statement. “Rakhshan claimed that he had no other options to resolve the matter. He threatened to use these hackers to conduct a Distributed Denial of Service (DDoS) attack to force Leagle.com to comply with his demands. On January 25, 2015, a large amount of traffic targeted the IP address for Leagle.com.”

The website was unable to mitigate the attack traffic, which subsided when it removed the link.

Nice work, Andrew. Generating a federal indictment is a surefire way to ensure your vanity search results remain unmarred by "offending court decisions." But this DDoS wasn't Rakhshan's only attempt to scrub the web of negative info. Searching through the Lumen (formerly Chilling Effects) database reveals post-alleged attack efforts Rakhshan made to clean up unflattering search results.

Several takedown notices sent to Google reference a court order obtained by Rakhshan targeting three URLs set up by someone who wanted the world to know about Rakhshan's fraudulent Canadian escapades.

Rakhshan's requests demand the removal of the following URLs by Google.






However, the court order [PDF] he cites (in increasingly angry tones) only specifies the removal of three URLs.



The third URL refers to a Google Drive document.

The court's order says the person posting these must remove them, not Google. In fact, a handwritten note appended to the end of the approved order makes it clear Google is not responsible for the removal of the URLs.

(In case you can't see it, the handwritten note reads "Google is not a party to this lawsuit.")

The three other URLs listed in Rakhshan's takedown notices were struck from the court order before approval. That's because there was nothing even possibly libelous about the posts. All they contained were Canadian court documents pertaining to Andrew Rakhshan/Kamyar Jahanrakhshan which, no matter how unflattering, cannot possibly be considered defamatory.

Not that it seems to matter to Rakhshan. This note is appended to his September 2016 takedown request:

Next month is ONE-YEAR anniversary of when I first submitted this Complaint. I am attaching BOTH my Court Orders once again. TELL ME what is the problem or issue. I will then PRINT your comments, attach them to my sworn affidavit, and take it before the SAME Judge and wont leave his courtroom until he gives me a THIRD Order which is to your standards. Once again, the first 2 URLs above are explicitly stated in both orders. That means the Judge has found them to be unlawful, not once, but TWICE - No further explanation is therefore required. The 3rd, 4th and 5th URLs above are an exact replicate of what you removed between December to April. I could elaborate extensively if you wish, but in sum, the Defendant either accuses me of DDoS, or else being a same person as a convicted fraudster from Canada. Last week Google Security called me and asked that I stop contacting Google. I will NEVER do that until these 5 URLs are removed, even if it takes 10 ...

Strange that it mentions a DDoS. But by this point, he'd probably been hearing about the accusations for at least a year. According to the indictment, the attack took place in January 2015. Also stranger that it says the URLs claim he's the same person as a convicted fraudster from Canada. The URLs that remain live don't connect the two names. But the multiple takedown notices -- coupled with the recent indictment of Andrew Rakhshan -- seem to indicate these are both the same person.

However, both a 2011 Canadian news article about Rakhshan

Westpac, St George Bank and Bankwest were just three banks and card issuers from around the world that gave evidence this year against Kamyar ''Andy'' Jahanrakhshan of North Vancouver.

In spending almost $C500,000 of other people's money, Jahanrakhshan used forged credit cards that carried his real name and supplied the various car dealers with his driver's licence.

He was found guilty last month of multiple counts of fraud by the Supreme Court in British Columbia.

And the DOJ's indictment

Kamyar Jahanrakhshan, aka “Kamyar Jahan Rakhshan,” “Andy or Andrew Rakhshan,” “Andy or Andrew Kamyar,” and “Kamiar or Kamier Rakhshan,” 32, of Seattle, Washington, was arrested today on a federal criminal complaint charging him with extortion by threats to cause damage to the Dallas, Texas hosting company for Leagle.com, announced U.S. Attorney John Parker of the Northern District of Texas.

...make it explicit this is the same person, despite Rakhshan's protests to the contrary.

And it could be Rakhshan is impersonating the Canadian Broadcast Corporation as well. There are three notices purportedly from the CBC demanding takedowns of archived versions of the CBC's original story about Rakhshan's Canadian legal troubles.

So, it appears Rakhshan is -- or at least was -- engaging in a lot of questionable behavior attempting to scrub the web of mentions of his Canadian criminal past. Adding bogus DMCA takedown notices to an alleged DDoS isn't the ideal course of action one should pursue if they feel their search results are already a bit sketchy.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    tuum-est (profile), 5 Aug 2017 @ 6:18pm

    Court Order: Blog Author

    My blog pages were accurate and well-considered. The content was true, written like a physics research paper where everything is proven as you go. Personal note: I am a physicist, a UBC graduate (now retired).

    My blog did not give Rakhshan any platform to argue about "opinion." Contents:

    • Some blog pages presented emails signed by Andrew Rakhshan. The words were strictly verbatim, quotes from Rakhshan's own emails to me.
    • Another page showed the server logs from the DDoS attack on my website. These are mathematical graphs and cannot defame anyone. Source of the logs: Arvixe, a well-reputed web host.
    • As your article points out, some other pages were Canadian court rulings from the Jahanrakhshan fraud case, obviously not defamatory as they were written by a court.

    My blog had modest beginnings: I published the single webpage that Rakhshan took down on my main website, plus a few of his emails bragging about his DDoS attack. But after seeing my blog online, the Toronto Police Cyber-Crimes Unit contacted me, they "applauded" the blog and encouraged me to continue. Police explained that Rakhshan was "living a very transient existence" and could not be located.

    And so my blog grew, but not with any aim to defame Rakhshan. The blog served a quite different purpose: to help police track Rakhshan via my Google Analytics logs. The logs were useful in case Rakhshan ever slipped up from hiding behind a VPN network – a possibility in view of his frenetic, relentless hits on any page containing his name.

    Regarding the Court Order last year which forced my blog offline:

    • Properly it is called an "Order of Default" from King County Court in Washington State, USA.
    • Rakhshan obtained it through an entirely one-sided process: He ensured I knew nothing of the proceedings so I could not attend, represent myself, or file any evidence.
    • Key to the scam: Rakhshan fabricated an Affidavit of Service to make it appear I was served with court documents (when I wasn't). Police have a copy of this document (which they call "compelling") and are investigating.
    • Rakhshan wrote a Declaration for King County Court, denying he ever launched DDoS attacks against anyone, and vowed he never sent any threatening emails. That was the foundation of his court action, namely that my blog was "defamatory" because no emails or DDoS existed.
    • His then-lawyer Peter Montine wrote a Motion for Default saying: "The emails (published by Sil) supposedly came from the address Andrew.rakhshan@gmail.com. Mr. Rakhshan does not own or use this email address and possesses no knowledge of the email address's true owner."

    Sequence in King County Court:

    • October 27, 2015: Judge Oishi of King County Court signed the Order for Default against my Blog pages. I had to beg Google for a copy of the Order and did not see it until January 2016 (months after the decision).

    • July 5, 2016: Judge Oishi apparently signed a follow-up Order for Contempt against my Blog pages. This I saw for the first time on TechDirt today.

    • July 26, 2016: The FBI filed a Charging Document listing cyber-crimes committed by Rakhshan (aka Jahanrakhshan). The Toronto Police and Australian Police closely assisted. The document was sealed for a year.

    • Late July 2017: The FBI unsealed the Charging Document. It confirmed that Rakhshan used the email address Andrew.rakhshan@gmail.com for his DDoS cyber-crimes against many websites. Rakhshan was arrested and is now held without bail in the Administrative Security Federal Detention Center at SeaTac (FDC Seattle-Tacoma). Search the inmate locator under one of his many personas, Kamyar Jahanrakhshan.

    Incidentally, the United States court had no jurisdiction over my Canadian web content. My website and blog were both passive (read-only) and thus fell at the lowest end of the "Zippo Sliding Scale". Refer to the landmark precedent Zippo Manufacturing Co. v. Zippo Dot Com (1997) which says: "A passive website alone is never sufficient grounds for the exercise of personal jurisdiction."

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.