Hacker guilty on all counts in attack on Mountain View Voice website

Federal jury convicts Ross Colby Wednesday in San Jose

After a six-day trial that involved hours upon hours of technical testimony, a federal jury on Wednesday, June 6, convicted former San Francisco resident Ross M. Colby of two felonies and three misdemeanors relating to computer hacking that preceded the Sept. 17, 2015, take-down of Mountain View Voice Online and four other websites of parent company Embarcadero Media.

The jury of eight women and four men deliberated for a day and a half. Sentencing is set for Sept. 19.

For each of the felony convictions, Colby faces a fine of up to $250,000, a prison term not to exceed 10 years, or both, according to indictment documents. He also faces a fine of up to $100,000 and a maximum one year in prison for each of the three misdemeanors. (The actual sentence will be affected by factors including past criminal record, if any, cooperation in the case and the judgment of the court.)

Colby, 35, did not express emotion as the five guilty verdicts were read. He did not testify during the trial nor were there any witnesses called for the defense, which relied on raising doubts about the prosecution’s evidence. The case went to the jury on Tuesday morning.

Jurors found Colby guilty of one felony count for transmitting a program, code, command, or information to a computer, intending to cause damage; one felony count of attempting to do the same; and three misdemeanor counts of unlawfully obtaining information from a protected computer.

During the trial, the prosecution presented as evidence a trail of IP addresses linked to Colby that had been used to access Embarcadero Media's accounts and data -- including the accounts of the three IT employees -- more than 200 times.

Three jurors, who asked not to be identified, said the jury deliberations were extensive and difficult. They said the jury ultimately rejected the defense's theory that another person could have been responsible for the hacks.

"The most compelling evidence was his (Colby's) access via the VPN (a private internet address allowing user anonymity) and to his email account," said juror 11, a statistical research manager.

There was enough of an overlap between his access to the Embarcadero accounts and his own email accounts from the same IP addresses to find he was the culprit, she said.

Juror 10, a software engineer, said it wasn't believable that another person might have hacked the company, as had been suggested by Colby's attorney.

Juror 11 agreed.

"The common-sense explanation stood out to me versus it all being a setup," she said. "I believed the testimony of the roommate," who testified that Colby had told him he had hacked a news website.

Juror 5 said he and juror 1, who are both software engineers, weren't initially convinced by the IP-address evidence alone.

"We wanted to be convinced by more logs. The IP addresses alone seemed insufficient to convict, but the defense did not raise enough questions regarding someone else having done it," he said.

Juror 11 said they did their own digging into the logs and sent questions to the judge regarding the scope of their responsibilities.

The fact that much of the evidence was circumstantial was not problematic, she said.

"With cyber-crimes, there are a lot of cases where you won't have direct evidence. You won't have video showing someone sitting at a keyboard committing the crime. It was all circumstantial," she said. In these kinds of cases, she added, jurors must ask themselves, "How do we convict people of cyber-crimes without direct evidence?"

Embarcadero Media Publisher and President Bill Johnson was present throughout the trial and as the verdict was read.

"We are grateful to the FBI and federal prosecutors for their hard work on this case, and for the jury's patience in digesting an enormous amount of technical information. This was not only a sophisticated attack on our business but also on the First Amendment and the work we do as journalists in the public interest," he said.

U.S. Assistant Attorney Joseph Springsteen, during his closing argument prior to the jury deliberations, noted the gravity of the hack, which prosecutors said was strategic.

"Make no mistake. This was not a prank; this was not a harmless act. ... It's not vandalism. It was a serious and targeted attack on Embarcadero Media," he said on June 1.

The hack caused more than $32,000 in damage, but there was also damage done to Embarcadero's reputation, Springsteen said. It is ironic that Embarcadero Media, which was the first newspaper in the United States to have published its news on the World Wide Web, should have been targeted, he noted.

"These acts brought (an institution) of the community for 40 years to its knees. Imagine how vulnerable they must have felt -- how helpless," he said.

"The defendant did it over and over and over again. It's not casual. This is not brief. It was methodical and repeated and intentional," he said.

During her closing arguments, Defense Attorney Vicki Young argued that there was insufficient evidence tying Colby to the intrusions. She said that since some intrusions into the Embarcadero systems had come from a virtual private network (VPN) and therefore were not traceable, another person besides Colby could have been responsible. She also argued that intrusions made from the IP address at Colby's San Francisco residence were made on two days in July 2015 when, his father testified, he had been visiting the family home in Massachusetts.

But federal Prosecutor Susan Knight said Colby's father’s testimony was vague and not credible regarding the timeline of his son's presence in Massachusetts. Knight said the evidence showed Colby was still in San Francisco from July 23-25. Colby not only accessed Embarcadero IT employee Cesar Torres' account on those days, but he also accessed his own personal email from San Francisco.

The same virtual private network (VPN) IP address used in one of the hacks was also used to log in to Colby's personal email and Facebook accounts, Knight said, citing evidence presented at trial.

This was the evidence the jurors said they found most compelling.

What is community worth to you?
Support local journalism.


3 people like this
Posted by Bmurray7JHU
a resident of Old Mountain View
on Jun 7, 2018 at 11:29 am

Bmurray7JHU is a registered user.

The real question is who paid him to do it.

Like this comment
Posted by Case closed
a resident of Old Mountain View
on Jun 7, 2018 at 2:57 pm

Paid him? No. That’s not a question. That’s an assumption.

I feel more information from the trial would have been helpful in this article or at least a link to the trial transcripts if a motivation was put forth by the prosecution and more details about the vandalism. Sometimes there is no clear motivation or grievance or the accused simply is bored or wants to show off.

Like this comment
Posted by The Business Man
a resident of Another Mountain View Neighborhood
on Jun 7, 2018 at 3:20 pm

The Business Man is a registered user.

In response to Case closed you said:

“Paid him? No. That’s not a question. That’s an assumption.”

There were reports that he was paid to hack these publications. One here (Web Link) Those reports indicated that he himself said so. You also said:

“I feel more information from the trial would have been helpful in this article or at least a link to the trial transcripts if a motivation was put forth by the prosecution and more details about the vandalism. Sometimes there is no clear motivation or grievance or the accused simply is bored or wants to show off.”

I too would like to read the transcripts. I do not know whether they will be published, but I would hope someone will get them and publish them. Given that they are federal court records, I am certain they are publishable because they are public records.

It would be interesting if the transcript in fact does disclose the statement made by the hacker was genuine.

2 people like this
Posted by Bill H
a resident of Old Mountain View
on Jun 7, 2018 at 3:29 pm

Bill H is a registered user.

Transcripts will be made public in August.

Like this comment
Posted by motive
a resident of Old Mountain View
on Jun 7, 2018 at 4:04 pm

Motive remains unknown, but is surely a much more interesting story than what has been reported so far

Like this comment
Posted by AC
a resident of Sylvan Park
on Jun 7, 2018 at 6:54 pm

Are we allowed to know the employment background of the defendant? How did he have the knowledge to perform this act? Was it lucky that so many of the juror have IT experience? Or is this juTst the bay area work staff.

Sorry, but further commenting on this topic has been closed.

Stay informed

Get daily headlines sent straight to your inbox.

Squid ink paella & patatas bravas: Barcelona natives bring Spanish tapas to Palo Alto
By Elena Kadvany | 1 comment | 3,751 views

Lights Out! Foods to Snuggle With in the Dark
By Laura Stec | 0 comments | 2,046 views

Premarital and Couples: The "Right" Way to Eat an Artichoke
By Chandrama Anderson | 1 comment | 1,581 views

What did you learn last week?
By Sherry Listgarten | 6 comments | 978 views


Race Results Are In

Thank you for joining us at the 35th annual Moonlight Run & Walk! All proceeds benefit the Palo Alto Weekly Holiday fund, supporting local nonprofits serving children and families.

Click for Race Results