1

2
3
4
5
6
7
8
10 UNITED
11
12
13 JOHN A.
aka
14 aka
aka
15
16
17
18
ED
2U12
16
II: '6
UNITED STATES DISTRICT COURT
STATES OF AMERICA,
Plaintiff,
v.
BORELL III,
"ItsKahuna,"
"anonjb,tf
"spectre,"
Defendant.
)
)
)
)
)
)
)
)
)
)
)
)
)
)
CR No.
[18 U.S.C. 1030 (a) (5) (A),
(c) (4) (G) (i): Unauthorized
Impairment of a Protected
Computer]
[Class A Misdemeanor]
19 The United States Attorney charges:
20 Introductory Allegations
21 1 .
At all times relevant to this Information:
22 a.
The Los Angeles County Police Canine Association
23 ("LACPCA
It
) was an association of law enforcement officers from
24 various agencies throughout Los Angeles County, California,
25 involved in the use of canines in investigating crime. LACPCA
26 maintained various computer systems, including servers for
27 hosting its website (www.lacpca.com) and maintaining a database
28 of its member officers.
; 1 / t 1 ~
1
2
3
4
5
6
7
8
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
b. "CabinCr3w" was a group of computer hackers that
conducted cyber attacks against the computer systems of various
law enforcement agencies and law enforcement-related
associations, including, among others, LACPCA and agencies and
associations in Utah, York, Texas, and Alabama. CabinCr3w
announced and published online the personal identifying and other
sensitive information it had stolen during such.attacks.
c. Defendant JOHN A. BORELL III, also known as
resided within the Northern District of Ohio and was a member of
CabinCr3w.
2. The following definitions apply to this Indictment:
a. "SQL," or "Structured Query Language," is a
widely-used database language to manage data in a
database and includes commands to extract, insert, update, and
delete data.
b. A "SQL injection attack" is a form of attack on a
database-driven website in which the attacker executes
unauthorized SQL commands and takes advantage of insecure code on
a computer system connected to the Internet. SQL injection
attacks are often used to steal information from a database from
which the data would normally not be available and to gain access
to an organization's computer systems through the computer that
is hosting the database.
Unauthorized Impairment
3. On or about February 20, 2012, in Los Angeles County,
within the Central District of California, and elsewhere,
defendant knowingly caused the transmission of programs,
2
1 information, codes, and commands, namely, a SQL injection attack,
2 and as a result of such conduct, intentionally caused damage
3 without authorization by impairing the integrity and availability
4 of data, programs, systems, and information on a computer system
5 that was used in and affecting interstate and foreign' commerce
6 and communication, specifically, LACPCA's computer systems.
7
8
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
ANDRE BIROTTE JR.
United Attorney
R ~ E ~ ~ U S : L E
Assistant united States Attorney
Chief, Criminal Division
WESLEY L. HSU
Assistant united States Attorney
Chief, Cyber & Intellectual
Property Crimes Section
ERIC D. VANDEVELDE
Assistant United States Attorney
Deputy Chief, Cyber & Intellectual
Property Crimes Section
3