News

$27K in restitution ordered for man who hacked Mountain View Online

Hacker claims he committed the crime at the request of a convicted felon and former Menlo Park resident, Hiruy Amanuel

The 36-year-old man who hacked and temporarily shut down the Mountain View Voice site mv-voice.com and other Embarcadero Media websites nearly four years ago was sentenced today in San Jose federal court to time already served, one-year of home incarceration with electronic monitoring, three years of supervised release and $27,130 in restitution to the company.

Ross Colby was indicted on April 6, 2017, following an investigation by the Federal Bureau of Investigation of the Sept. 17, 2015, crime, which took down five news sites owned and operated by Palo Alto-based Embarcadero Media: Palo Alto Online, Mountain View Online, Almanac Online, PleasantonWeekly.com and DanvilleSanRamon.com.

Colby is a software engineer who at one time was a security officer and IT administrator for Earnest, a student-loan company in San Francisco, where he reviewed data-compliance contracts with major clients such as Goldman Sachs and Verizon.

A federal jury convicted Colby of all charges on June 6, 2018 after a six-day trial: one count of transmitting a program, code, command or information to a computer, intending to cause damage; one felony count of attempting to do the same; and three misdemeanors of unlawfully obtaining information from a protected computer.

For each felony, he faced a fine of up to $250,000, a prison term not to exceed 10 years, or both, and a maximum of one year in prison and up to $100,000 in fines for each misdemeanor.

Colby's sentencing was delayed for a year, however, after his defense attorney, Vicki Young, asked on the day he was originally scheduled to be sentenced -- Oct. 31, 2018 -- that he be evaluated for mental competency. (This despite the fact that he had been evaluated and found competent prior to his trial.) Young’s request took place after Colby, without Young’s knowledge, emailed U.S. District Court Judge Lucy Koh on Oct. 30 a surreptitious recording he had made of a proffer interview with the FBI in May 2016. Koh questioned whether Colby's actions were a stunt to delay his sentencing but agreed to the evaluation.

Colby, who had been out on $50,000 bail, was taken into custody for the mental competency evaluation and spent nearly six months in custody, first in Santa Rita Jail in Dublin, then in a federal prison in Texas while he received two separate mental health evaluations. Koh ruled him competent for sentencing this past May 10.

Federal prosecutors sought during the trial to prove through evidence from the FBI investigation that Colby planned the hack over a series of months. The FBI tracked IP addresses that identified and linked electronic devices and their whereabouts to Colby, creating a timeline of the surveillance of and intrusion into Embarcadero Media's computer systems. The defense sought unsuccessfully to discredit the prosecution's evidence but presented no affirmative defense.

A motive emerges

Colby did not testify at the trial and had no known connection to Embarcadero Media, and neither government prosecutors nor his defense counsel offered a motive for the hacking. However, after the jury began its deliberations in June 2018, prosecutors told Embarcadero that Colby had admitted to the crime in the May 2016 FBI proffer interview. According to court documents, Colby told prosecutors he hacked the system at the request of a convicted felon and former Menlo Park resident, Hiruy Amanuel, who wanted him to remove two stories written about him on the Almanac website, a sister publication of Mountain View Online, and in the print edition of the Almanac.

The stories, published in December 2013, reported on a lawsuit Amanuel had filed against the city of Menlo Park and a Menlo Park police officer for violating his civil rights during a January 2013 traffic stop. Both stories referenced the fact that Amanuel had previously pleaded guilty to federal drug-trafficking charges in 2009 in exchange for two other charges being dropped. He was sentenced to a 21-month prison term.

Embarcadero Media was able to confirm while the jury was deliberating that one of the stories had been removed from the Almanac's online archives and another had been altered to change all names in the story. (The stories have since been restored by the company.)

The civil suit was settled on July 28, 2015, just six days after Colby first accessed Embarcadero’s servers in preparation for the hacking that took down all Embarcadero websites less than two months later, according to evidence obtained by the FBI. Amanuel received $500 from the city of Menlo Park and his attorney recovered $49,400, according to the settlement agreement.

Assistant U.S. Attorney Susan Knight told Koh that the FBI and U.S. Attorney didn't pursue Amanuel and didn't share Colby's story with Embarcadero Media during the two-year long investigation because they didn't believe Colby, who could offer no hard evidence for his assertions. Amanuel, who currently resides in Ethiopia, issued a statement through his attorney on Dec. 17, 2018, to Embarcadero Media President Bill Johnson stating that the FBI "never" contacted him "during the course of their investigation in these matters whatsoever" and "adamantly denies that he ever paid Ross Colby or anyone in his behalf to hack any website, or anything of the sort."

Knight told the court that the FBI was unable to locate or talk with Amanuel during the investigation.

During the trial, a former roommate of Colby testified the hacker revealed to him he had been paid to attack the news sites, but neither Colby’s attorney nor federal prosecutors asked for details.

Colby deleted the content of all of Embarcadero’s websites and replaced it with an image of Guy Fawkes, the icon of the activist group Anonymous, and posted a message stating: "Greetings, this site has been hacked. Embarcadero Media Group (Alamanac) (sic) has failed to remove content that has been harmful to the wellbeing and safety of others. Failure to honor all requests to remove content will lead to the permanent shutdown of all Embarcadero Media websites." Each website's URL was replaced with the text "Unbalanced journalism for profit at the cost of human right, Brought to you by the Almanac."

Embarcadero IT Director Frank Bravo testified at trial that the hack appeared designed to inflict significant financial damage to the news group.

Factors in his sentencing

At Wednesday’s sentencing, Knight argued that Colby had not accepted responsibility for his actions and should serve time in prison rather than receive a split sentence that would give him credit for time served and allow him to serve any additional time wearing an electronic monitor. She also defended not investigating the alleged role of Hiruy Amanuel, saying that Colby was not able to provide any evidence of his involvement. She acknowledged, however, that the FBI should have asked Embarcadero Media to look into whether stories about Amanuel had been removed from its website.

“I apologize for that,” Knight told the court in a May 10 hearing.

Before rendering her sentencing decision, Koh expressed her concern that Colby had not been completely honest in hearings before and after the trial and had sought to manipulate the court. As an example of his unreliability, she pointed to Colby’s withholding of the surreptitious recording of his proffer session with the FBI until the night before the scheduled Oct. 31 sentencing and failing to divulge its existence during pretrial hearings.

Although Colby might have been afraid of Amanuel, as he stated during interviews with prosecutors and in pre-trial hearings, Koh said his story kept growing over a three-year period, giving her pause about his credibility.

In a victim statement, Johnson said the hacking had a significant effect on the company, both operationally and emotionally. But citing Colby’s health problems (he suffers from Lyme Disease) requiring complicated drug treatments, the fact Colby had already been in custody for almost six months and the lack of any further benefit other than retribution to his serving another six or more months in prison, Johnson urged the court to sentence Colby to the time he had already served plus a period of supervised release.

Of greater concern to Embarcadero Media, Johnson said, was the government’s failure to follow up on Amanuel’s alleged involvement in the crime, which Johnson called “the elephant in the room,” even as he acknowledged the work of the FBI.

Koh said she had many of the same questions about the investigation and its failure to pursue Colby’s assertions.

In sentencing Colby to no additional prison time, Koh said she was persuaded that additional incarceration would serve little purpose and was persuaded by Johnson’s recommendations, as the victim in the case. She cited Colby’s brain injury from a motorcycle accident, his chronic Lyme Disease, PTSD and other complications as factors in not sending him back to prison.

Colby declined to make a statement before the court. But Koh had a parting admonition.

“Mr. Colby, please do not disappoint me. You are so talented. Do not waste it on things like this,” she said.

In addition to his sentence, Colby cannot contact Embarcadero Media, can’t use a computer or mobile device without the prior approval of a probation officer, must enroll in a computer-monitoring program and can’t use the internet without approval of his probation officer. He must also submit to a monitoring device on his electronic equipment.

Johnson said he was very satisfied and pleased with Koh’s sentencing decision and that he and Embarcadero Media staff members are happy to finally have closure with the case.

What is democracy worth to you?
Support local journalism.

Comments

3 people like this
Posted by Ok
a resident of Sylvan Park
on Jun 13, 2019 at 8:39 am

The most boring story about a hacker I ever read.


3 people like this
Posted by Imagination
a resident of another community
on Jun 14, 2019 at 10:39 am

On the contrary, this story isn't boring at all. The FBI must have had reasons for not pursuing the Ethiopian. For them to say they didn't believe the hacker about him stretches believable excuses to the limit. One can imagine he's involved with the CIA or in some other way is part of a government effort that gives him special sway. Then to have the story throw in the part about how chronically sick the hacker is as sort of an after thought really makes it interesting. One wants to know how the Ethiopian and the Hacker met. Plus it seems fairly petty. Could the CIA have had a stake if seeing the Ethiopian's name removed from the paper's archives? Was this a little bit of a CIA-FBI conflict here? So, you can see this could get interesting. It's almost like a novel. It's hard to believe it is a true story, even if it is an incomplete one.


Don't miss out on the discussion!
Sign up to be notified of new comments on this topic.

Email:


Post a comment

Posting an item on Town Square is simple and requires no registration. Just complete this form and hit "submit" and your topic will appear online. Please be respectful and truthful in your postings so Town Square will continue to be a thoughtful gathering place for sharing community information and opinion. All postings are subject to our TERMS OF USE, and may be deleted if deemed inappropriate by our staff.

We prefer that you use your real name, but you may use any "member" name you wish.

Name: *

Select your neighborhood or school community: * Not sure?

Comment: *

Verification code: *
Enter the verification code exactly as shown, using capital and lowercase letters, in the multi-colored box.

*Required Fields


Stay informed

Get daily headlines sent straight to your inbox.

After 39 years of cakes and pastries, Palo Alto institution Prolific Oven to close
By Elena Kadvany | 56 comments | 15,249 views

What is your climate personality?
By Sherry Listgarten | 30 comments | 1,801 views

The Regional Housing Needs Allocation (RHNA) Process Explained
By Steve Levy | 3 comments | 1,081 views

"You Gotta Have Balls [to do counseling] . . .
By Chandrama Anderson | 0 comments | 721 views

 

Early Bird rates end today!

On Friday, October 11, join us at the Palo Alto Baylands for a 5K walk, 5K run, 10K run or half marathon! All proceeds benefit local nonprofits serving children and families. Early Bird prices end Sun, Aug 18.

Register now