Case: Doc 1 Filed: 01/24/17 1 of 1. PageID 1 A0 9] (Rev. 11/11) Criminal Complaint UNITED STATES DISTRICT COURT ZUW 69(3in for the Northern District othio . .. - .- . a. - tU-l n- Hi United States ofAmerica ?~43 P17 3 991 Phillip R. Durachinsky Case No? . 8 - 1, CRIMINAL COMPLAINT l, the complainant in this case, state that the following is true to the best of my knowledge and belief. On or about the date(s) of 1/18/2016 through 1/18/2017 in the county of Cuyahoga in the Northern District of Ohio the del'endant(s) violated: Code Section Offense Description 18 USC, Section 1030 and Knowingly Causing the Transmission ofa Program, Information, Code, and Command, and as a Result of Such Conduct, Intentionally Causing Damage Without Authorization, to Ten or More Protected Computers This criminal complaint is based on these facts: See attached af?davit. Continued on the attached sheet. ,7 - I I signature Special Agent, Michael P. Brian. FBI Printed Home and title Sworn to before me and signed in my presence. I I ., 1 Date; 01/24/2017 Judge '5 City and State; Cleveland, Ohio William H. Baughman, Jr., U.S. Magistrate Judge Primed name and title Case: Doc 1-2 Filed: OJf4/l7 1 of 4. PageID 8 317 as 9011 AFFIDAVIT 0F MICHAEL P. BRIAN 1, Michael P. Brian, being ?rst duly sworn, hereby depose and state as follows: INTRODUCTION AND AGENT BACKGROUND 1. have been a Special Agent (SA) with the Federal Bureau of Investigation for approximately eighteen years. During this time, I have been assigned to numerous investigations involving complex computer crimes. I am currently assigned to the FBI Cleveland Division Cyber Crimes Squad and am responsible for investigations involving computer-related offenses. I have participated in the execution of numerous warrants involving the search and seizure of computers, computer equipment, software, and electronically stored information. In addition to my work experience, I have received specialized training in the ?eld of computer crime investigation from the FBI and others. 2. I submit this af?davit in support of a criminal complaint charging PHILLIP ROMAN DURACHINSKY, date of birth with a violation of Title 18, USC, Section 1030(a)(5)(A) and that is, knowingly causing the transmission of a program, information, code, and command, and as a result of such conduct, intentionally causing damage without authorization, to ten or more protected computers. 3. The statements contained in this af?davit are based upon my own investigation, information provided by other Special Agents and personnel of the FBI involved in this investigation, and my personal experience with computer related offenses. Since this af?davit is being submitted for the limited purpose of securing the requested complaint, 1 have not included each and every fact known to me concerning this investigation. Case: Doc 1-2 Filed: 01/24/17 2 of 4. PageID 9 PROBABLE CAUSE 4. On January 4, 2017, Case Western Reserve University (CWRU) was contacted by a third party regarding network scanning and an infected system on the third party?s network. The third party provided CWRU indicators of compromise, computer forensic artifacts indicating a computer infection, which were used in the malware communications found on the third party system. The third party stated that it believed that because of the communication between the third party?s infected computer and the CWRU system, the CWRU system was also likely compromised. 5. On January 5, 2017, CWRU contacted the Cleveland Division of the FBI related to the noti?cation from the third party and continued that an intrusion had occurred on the CWRU network. CWRU identified over 100 computers at CWRU with active Internet connections as being infected with the malware. did not have authorization from CWRU, or from the owners of the infected CWRU computers, to damnge those protected computers by accessing them and installing malware. 6. On January 6, 2017, the FBI interviewed CWRU Information Technology (IT) security personnel and imaged an infected computer. The review of the image con?rmed that computers at CWRU had been compromised for several years. 7. CWRU determined that an IP address associated with the malware that had infected the CWRU computers had also been used to access the alumni email account of CWRU alumnus PHILLIP ROMAN DURACHINSKY, date of birth Case: Doc 1-2 Filed: 01/24/17 3 of 4. PageID 10 8. On January 18, 2017, a laptop was obtained by the FBI which belonged to PHILLIP ROMAN DURACHINSKY. laptop contained the client control software for the above described malware. 9. Further investigation revealed that DURACHINSKY also infected a number of other universities and institutions with the same or similar malware that infected CWRU. DURACHINSKY also did not have authorization to damage the computers of other infected universities and their computer users by installing malware. 10. Further, laptop contained ?les, logs, notes and other evidence of the installation of malware on more than 10 computers for the period of January 18, 2016, through January 18, 2017. The malware allowed DURACHINSKY to access data stored on the infected computers including Personal Identifying Information (PII) such as social security numbers and addresses, documents belonging to the computer owners, usemames, and passwords. It ?thher allowed DURACHINSKY to collect data in real time from the infected machine and from computers and digital media connected to it. DURACHINSKY lacked the authorization from either CWRU or the infected CWRU computer users to access their computers, or to damage their computers by installing the malware. CONCLUSION 11. Based on the foregoing, there is probable cause to believe that on January 6, 2017, the defendant, PHILLIP ROMAN DURACHINS KY did knowingly cause the transmission of a program, information, code, and command, and as a result of such conduct, intentionally cause damage without authorization, to 10 or more protected computers during a l-year period, in Case: Doc 1-2 Filed: 01/24/17 4 of 4. PageID 11 a 161/ HJ 9011 violation of 18 U.S.C. Section 1030(a)(5)(A) and Respectfully submitted, Miehael mail Special Agent FBI . /7 and sworn to before me on 2017. WILLIAM H. UNITED STATES MAGISTRATE JUDGE