News

Hacker guilty on all counts in attack on Palo Alto Online

Federal jury convicts Ross Colby Wednesday in San Jose

Ross Colby walks with attorney Vicki Young outside the Robert F. Peckham Federal District Courthouse in San Jose on May 24, 2017. File photo/Veronica Weber.

After a six-day trial that involved hours upon hours of technical testimony, a federal jury on Wednesday, June 6, convicted former San Francisco resident Ross M. Colby of two felonies and three misdemeanors relating to computer hacking that preceded the Sept. 17, 2015, take-down of Palo Alto Online and four other websites of parent company Embarcadero Media.

The jury of eight women and four men deliberated for a day and a half. Sentencing is set for Sept. 19. For each of the felony convictions, Colby faces a fine of up to $250,000, a prison term not to exceed 10 years, or both, according to indictment documents. He also faces a fine of up to $100,000 and a maximum one year in prison for each of the three misdemeanors. (The actual sentence will be affected by factors including past criminal record, if any, cooperation in the case and the judgment of the court.)

Colby, 35, at one time worked for the former EMC Corporation as a software engineer. He was also employed as the chief security officer and IT administrator at Earnest, a San Francisco-based personal- and student-loan lender, where he reviewed data-compliance contracts between the lender and large clients such as Goldman Sachs, Verizon, Nationwide, AARP and Intuit, according to court documents.

He did not express emotion as the five guilty verdicts were read. He did not testify during the trial nor were there any witnesses called for the defense, which relied on raising doubts about the prosecution's evidence. The case went to the jury on Tuesday morning.

Jurors found Colby guilty of one felony count for transmitting a program, code, command, or information to a computer, intending to cause damage; one felony count of attempting to do the same; and three misdemeanor counts of unlawfully obtaining information from a protected computer.

During the trial, the prosecution presented as evidence a trail of IP addresses linked to Colby that had been used to access Embarcadero Media's accounts and data -- including the accounts of the three IT employees -- more than 200 times.

Three jurors, who asked not to be identified, said the jury deliberations were extensive and difficult. They said the jury ultimately rejected the defense's theory that another person could have been responsible for the hacks.

"The most compelling evidence was his (Colby's) access via the VPN (a private internet address allowing user anonymity) and to his email account," said juror 11, a statistical research manager.

There was enough of an overlap between his access to the Embarcadero accounts and his own email accounts from the same IP addresses to find he was the culprit, she said.

Juror 10, a software engineer, said it wasn't believable that another person might have hacked the company, as had been suggested by Colby's attorney.

Juror 11 agreed.

"The common-sense explanation stood out to me versus it all being a setup," she said. "I believed the testimony of the roommate," who testified that Colby had told him he had hacked a news website.

Juror 5 said he and juror 1, who are both software engineers, weren't initially convinced by the IP-address evidence alone.

"We wanted to be convinced by more logs. The IP addresses alone seemed insufficient to convict, but the defense did not raise enough questions regarding someone else having done it," he said.

Juror 11 said they did their own digging into the logs and sent questions to the judge regarding the scope of their responsibilities.

The fact that much of the evidence was circumstantial was not problematic, she said.

"With cyber-crimes, there are a lot of cases where you won't have direct evidence. You won't have video showing someone sitting at a keyboard committing the crime. It was all circumstantial," she said. In these kinds of cases, she added, jurors must ask themselves, "How do we convict people of cyber-crimes without direct evidence?"

Embarcadero Media Publisher and President Bill Johnson was present throughout the trial and as the verdict was read.

"We are grateful to the FBI and federal prosecutors for their hard work on this case, and for the jury's patience in digesting an enormous amount of technical information. This was not only a sophisticated attack on our business but also on the First Amendment and the work we do as journalists in the public interest," he said.

U.S. Assistant Attorney Joseph Springsteen, during his closing argument prior to the jury deliberations, noted the gravity of the hack, which prosecutors said was strategic.

"Make no mistake. This was not a prank; this was not a harmless act. ... It's not vandalism. It was a serious and targeted attack on Embarcadero Media," he said on June 1.

The hack caused more than $32,000 in damage, but there was also damage done to Embarcadero's reputation, Springsteen said. It is ironic that Embarcadero Media, which was the first newspaper in the United States to have published its news on the World Wide Web, should have been targeted, he noted.

"These acts brought (an institution) of the community for 40 years to its knees. Imagine how vulnerable they must have felt -- how helpless," he said.

"The defendant did it over and over and over again. It's not casual. This is not brief. It was methodical and repeated and intentional," he said.

During her closing arguments, Defense Attorney Vicki Young argued that there was insufficient evidence tying Colby to the intrusions. She said that since some intrusions into the Embarcadero systems had come from a virtual private network (VPN) and therefore were not traceable, another person besides Colby could have been responsible. She also argued that intrusions made from the IP address at Colby's San Francisco residence were made on two days in July 2015 when, his father testified, he had been visiting the family home in Massachusetts.

But federal Prosecutor Susan Knight said Colby's father's testimony was vague and not credible regarding the timeline of his son's presence in Massachusetts. Knight said the evidence showed Colby was still in San Francisco from July 23-25. Colby not only accessed Embarcadero IT employee Cesar Torres' account on those days, but he also accessed his own personal email from San Francisco.

The same virtual private network (VPN) IP address used in one of the hacks was also used to log in to Colby's personal email and Facebook accounts, Knight said, citing evidence presented at trial.

This was the evidence the jurors said they found most compelling.

Colby declined to comment after the verdict. Currently a Richmond, California resident, he remains out of custody on $50,000 bail.

---

Follow the Palo Alto Weekly/Palo Alto Online on Twitter @PaloAltoWeekly and Facebook for breaking news, local events, photos, videos and more.

What is democracy worth to you?
Support local journalism.

Comments

Posted by Thomas J. Watson
a resident of Professorville

on Jun 7, 2018 at 12:52 pm


Remember me?
Forgot Password?
Due to violations of our Terms of Use, comments from this poster are only visible to registered users who are logged in. Use the links at the top of the page to Register or Login.


9 people like this
Posted by Midtown Resident
a resident of Midtown
on Jun 7, 2018 at 2:12 pm

This is clearly a major victory for law enforcement in an apparently difficult case to prosecute. I am concerned that the large resource requirement, along with high standards ensuring conviction, makes it likely that this is a very small tip of the iceberg. Better security seems unattainable now and I would like to see someone take on the consequences of hacking for the general population. People may look at this conviction as an excuse to "whistle past the graveyard."


7 people like this
Posted by resident
a resident of Midtown
on Jun 7, 2018 at 4:19 pm

I hope that at some point in the future we get some clues about the motive for this crime


Like this comment
Posted by AskingForAFriend
a resident of another community
on Jun 8, 2018 at 1:09 pm

AskingForAFriend is a registered user.

So let me get this straight...
Know the hacker's identity: blame the hacker
Don't know the hacker's identity: blame the company storing others' PII with lax security standards
...am I missing something here?


3 people like this
Posted by resident
a resident of Midtown
on Jun 8, 2018 at 1:14 pm

@AskingForAFriend - I blame both of them. If you read earlier news reports, the newspaper had very shoddy security policies in place before the hack. At least in this case, they are claiming that the hacker didn't steal any customer financial information, which can't be said of many other hacked businesses.


2 people like this
Posted by Town Square Moderator
a resident of Another Palo Alto neighborhood
on Jun 8, 2018 at 1:28 pm

Town Square Moderator is a registered user.

@AskingForAFriend
@resident
No credit card or personally identifying information of readers or subscribers was on the servers that were hacked. The hacker did have the ability to access a server that contained email addresses and reader passwords used only for the purpose of posting comments on Town Square when the comment thread was restricted to registered users. There was no evidence that the hacker actually accessed that server, however.


Like this comment
Posted by AskingForAFriend
a resident of another community
on Jun 8, 2018 at 2:03 pm

AskingForAFriend is a registered user.

@resident re: the hacker didn't steal any customer financial information
I don't think this was the intent based on the statement he placed on the front page in 2015, stating the paper had "failed to remove content that has been harmful to the wellbeing and safety of others." Web Link


Like this comment
Posted by AskingForAFriend
a resident of another community
on Jun 8, 2018 at 2:23 pm

AskingForAFriend is a registered user.

@Town Square Moderator

"The hacker did have the ability to access a server that contained email addresses and reader passwords" The same people that write their password on a post-it note stuck under their laptop (or, y'know, put it in a Google Doc) are the same people to re-use their favorite password on every single site they use.

*Nudge* to my 100-year-old grandmother and anyone else who uses this practice: to change your password on this site, scroll to the top, click "Member Center," then look for the very light grey font that reads "Change your password;" it's right above the black and bold font asking for your name, address, phone number, and the... zip code in which you work? (Grandma, those fields are not required)

Moderator's Note: This is why immediately after the hack we communicated with all of the people whose email addresses and passwords could have been accessed and advised them to not only change their passwords on our site but on any site where they were using the same password.


3 people like this
Posted by resident
a resident of Midtown
on Jun 8, 2018 at 2:48 pm

I'm always suspicious of websites that ask for your email address. I'm really glad I didn't fall for this one.


1 person likes this
Posted by AskingForAFriend
a resident of another community
on Jun 8, 2018 at 4:11 pm

AskingForAFriend is a registered user.

[Post removed.]


Like this comment
Posted by musical
a resident of Palo Verde
on Jun 8, 2018 at 5:04 pm

So in our current political environment, will this Ross Colby get the full maximum $250,000 fine plus prison term of 10 years?


Posted by AskingForAFriend
a resident of another community

on Jun 15, 2018 at 12:46 pm


Remember me?
Forgot Password?
Due to violations of our Terms of Use, comments from this poster are only visible to registered users who are logged in. Use the links at the top of the page to Register or Login.


Posted by Name hidden
a resident of East Palo Alto

on Jun 15, 2018 at 1:49 pm

Due to repeated violations of our Terms of Use, comments from this poster are automatically removed. Why?


Sorry, but further commenting on this topic has been closed.

All your news. All in one place. Every day.

Why is it becoming increasingly impossible to open a restaurant on the Peninsula?
By Elena Kadvany | 27 comments | 5,130 views

Firing Judge Persky as a tennis coach was a big mistake
By Diana Diamond | 23 comments | 2,843 views

Electric Buses: A case study
By Sherry Listgarten | 3 comments | 2,200 views

It just takes time
By Cheryl Bac | 0 comments | 579 views

Helping Partners Become Couples (vs. Helping Couples Become Partners)
By Chandrama Anderson | 0 comments | 497 views

 

PRICE INCREASES MONDAY

On Friday, October 11, join us at the Palo Alto Baylands for a 5K walk, 5K run, 10K run or half marathon! All proceeds benefit local nonprofits serving children and families.

Register now