Case: 1:18-cr-00022-SO Doc 38 Filed: 01/10/18 1 of 11. PagelD 105

r-j?j 'F'i 
{Dad Gin-i i?J flii 3i


.., 



.51? rift. 

I 

IN THE UNITED STATES DISTRICT COURT
FOR THE NORTHERN DISTRICT OF OHIO
EASTERN DIVISION

UNITED STATES OF AMERICA, I I 

 

Plaintiff,

V.

 

ca 00022






Title 18, United States Code,
PHILLIP R. DURACI-IINSKY, Sections 1028A(a)(l),

and
1343, 2251(a) and
2511(I)(b) and and 2


Defendant.

 

GENERAL ALLEGATIONS hixiER
At all times material herein:
1. From in 01' around 2003 through on or about January 20, 2017, in the Northem

District othio, Eastern Division, and elsewhere, Defendant PHILLIP R. DURACI-IINSKY
engaged in a scheme to access protected computers without permission.

2. During his more than thirteen years of accessing protected computers without the
appropriate authorizations, Defendant accessed protected computers owned by local, state and
federal governments, a police department, schools, companies and individuals.

3. Defendant developed computer malware later named ?Fruit?y? and wrote

variants capable of infecting computers running macOS and Windows operating systems.

Case: 1:18-cr-00022-SO Doc 38 Filed: 01/10/18 2 of 11. PagelD 106

4. Defendant installed the Fruit?y malware on thousands of computers (?Fruit?y
victims?).
5. The Fruit?y malware gave Defendant the ability to control a ruit?y victim?s

computer by, among other things, accessing stored data, uploading ?les to a Fruit?y victim?s
computer, taking and downloading screenshots, logging a user?s keystrokes and turning on the
camera and microphone to surreptitiously record images and audio recordings.

6. In certain cases, the Fruit?y malware alerted Defendant if a user of an infected
computer typed certain words associated with pornography. Defendant used the Fruitfly
malware to watch and listen to Fruit?y victims without their knowledge or permission. He saved
millions of images and regularly kept detailed notes of what he observed.

7. Defendant developed a control panel for the Fruit?y malware that ran on a
computer in a residence in the Northern District of Ohio, Eastern Division. The control panel
allowed Defendant to manipulate computers infected with the Fruit?y malware and had a visual
interface that allowed Defendant to view live images and data from several infected computers
simultaneously.

8. Defendant used his access to Fruit?y victims? computers to collect and save
personal data from Fruit?y victims including tax records, medical records, photographs, intemet
searches performed, banking records and potentially embarrassing communications and data.

9. Defendant used the Fruit?y malware to obtain Fruit?y Victims? usernames and
passwords to third-party websites. Defendant used these stolen credentials to access and
download information from these third-party websites including photographs, emails and

potentially embarrassing communications and data.

 Doc 38 Filed: 01/10/18 30f 11. PagelD#: 107

STATUTORY VIOLATIONS

COUNT 
(Damaging Protected Computer(s), 18 U.S.C. 1030(a)(5)(A) and 

The Grand Jury charges:

10. The factual allegations of paragraphs 1 through 9 of this Indictment are hereby
repeated, re-alleged and incorporated by reference as if fully set forth herein.

11. From in or around 2003 through on or about January 20, 2017 in the Northern
District of Ohio, Eastern Division, and elsewhere, Defendant PHILLIP R. DURACHINSKY did
knowingly cause the transmission of a program, information, code, and command, and as a result
of such conduct, intentionally caused damage without authorization to a protected computer, to
wit: the offense caused damage affecting ten (10) or more protected computers during a one 
.year period, and the offense caused loss to persons during a one (1)-year period from
Defendant?s course of conduct affecting protected computers aggregating at least $5,000 in
value, in violation of Title 18, United States Code, Sections 1030(a)(5)(A) and and
(VI).


(Accessing Protected Computer(s), 18 U.S.C. 1030(a)(2) and 

The Grand Jury further charges:

12. The factual allegations of paragraphs 1 through 9 of this Indictment are hereby
repeated, re-alleged and incorporated by reference as if fully set fOIth herein.

13. From in or around 2003 through on or about January 20, 2017, in the Northern
District of Ohio, Eastern Division, and elsewhere, Defendant PHILLIP R. DURACHIN SKY

intentionally accessed one or more computers without authorization and thereby obtained

Case: 1:18-cr-00022-SO Doc 38 Filed: 01/10/18 4 of 11. PagelD 108

information from one or more protected computers, in violation of Title 18, United States Code,
Sections 1030(a)(2) and 

COUNT 3
(Production of Child Pornography, 18 U.S.C. 2251(a))

The Grand Jury further charges:

14. The factual allegations of paragraphs 1 through 9 of this Indictment are hereby
repeated, re-alleged and incorporated by reference as if fully set forth herein.

15. From on or about October 25, 2011 through on or about January 14, 2017, in the
Northern District of Ohio, Eastern Division, and elsewhere, Defendant PHILLIP R.
DURACHIN SKY did use a minor and minors to engage in sexually explicit conduct, as de?ned
in Title 18, United States Code, Section 2256(2), for the purpose of producing a visual depiction
of such conduct, knowing and having reason to know that such visual depiction would be
transported and transmitted, using any means and facility of interstate and foreign commerce,
and in and affecting interstate and foreign commerce; such visual depiction was produced and
transmitted using materials that had been mailed, shipped and transported in and affecting
interstate and foreign commerce; and such visual depiction was actually transported and
transmitted, using any means and facility of interstate and foreign commerce, and in and
affecting interstate and foreign commerce, in violation of Title 18, United States Code, Section
225 

COUNTS 4-6
(Wire Fraud, 18 U.S.C. 1343 and 2)

The Grand Jury ?irther charges:
16. The factual-allegations of paragraphs 1 through 9 of this Indictment are hereby

repeated, re-alleged and incorporated by reference as if ?Jlly set forth herein.

Case: 1:18-cr-00022-SO Doc 38 Filed: 01/10/18 5 of 11. PagelD 109

17. In order to operate the Fruit?y malware, Defendant required access to the
computers, storage and intemet bandwidth of other individuals and entities infected by or with
the Fruitfly malware without their permission or authorization. Defendant required these
facilities to, among other things, obfuscate his involvement in operating the ruit?y malware,
provide storage space for the images and ?les the Fruit?y malware generated, and provide
suf?cient bandwidth to support the vast amount of information created by the Fruit?y malware.

STATUTORY VIOLATION

18. From in or around August 14, 2011 through on or about January 20, 2017, in the
Northern District of Ohio, Eastern Division, and elsewhere, Defendant PHILLIP R.
DURACHINSKY devised and intended to devise a scheme and arti?ce to defraud ruit?y
victims and others, and to obtain money and property, to wit: computer processing power,
computer storage, and intemet bandwidth and connections, among other things, by means of
materially false and fraudulent pretenses, representations and promises.

19. It was part of the scheme that:

a) Defendant obtained and used user credentials and passwords for certain computers
infected by the Fruit?y malware to create virtual machines on those Fruit?y victims?
computers.

b) Defendant used the computing power and infrastructure of certain Fruitfly victims to
spread the ruit?y malware across the Internet.

0) Defendant used certain ruitfly victims? computer networks to access suf?cient
bandwidth to allow the Fruit?y malware to infect protected computers in the Northern

District of Ohio, Eastern Division, and elsewhere around the world.

Case: 1:18-cr-00022-SO Doc 38 Filed: 01/10/18 6 of 11. PagelD 110

d) Defendant instructed the Fruit?y malware to direct ruit?y victim computers to report
back and, thereafter, send images and ?les to certain other Fruit?y victims? computers to
create repositories of data obtained by the ruitfly malware. Defendant then remotely
accessed these repositories to determine what materials he wanted to preserve in other
locations.

e) Defendant created storage containers on certain Fruit?y victims? computers to store and
process images and ?les obtained from other Fruit?y victims.

f) Defendant used certain Fruit?y victims? computers to create proxy networks and servers
that obfuscated and hid his role in operating the Fruitfly malware.

20. For the purposes of executing and attempting to execute said scheme and artifice
to defraud the Fruit?y victims, and to obtain money and property by means of false and
fraudulent pretenses, representations and promises, and attempting to do so, transmitted and
caused to be transmitted, by means of wire communications in interstate and foreign commerce,
the signals and sounds described below for each count, each transmission constituting a separate
count, to wit: various computer program commands and signals between Defendant and various

computers in the Fruitfly network as set forth below:

 

 

 

 

COUNT APPROXIMATE DATES DESCRIPTION OF WIRES

4 12/20/2015 7/12/2016 Fruitfiy malware communications to a
computer lawfully controlled by GE.

5 6/10/2016 12/09/2016 Fruit?y malware communications to a
computer lawfully controlled by 2.8.

6 12/31/2016 01/18/2017 Fruit?y malware communications to a

computer lawfulb/ controlled by W.M.

 

 

 

 

 

All in violation of Title 18, United States Code, Sections 1343 and 2.

Case: 1:18-cr-00022-SO Doc 38 Filed: 01/10/18 7 of 11. PagelD 111

COUNTS 7 - 10
(Aggravated Identify Theft, 18 U.S.C. 1028A(a)(1))

The Grand Jury further charges:

21. The factual allegations of paragraphs 1 through 9 of the General Allegations, and
Paragraph 17 of Counts 4 6 of this Indictment are hereby repeated, re-alleged and incorporated
by reference as if fully set forth herein.

22. On or about the dates listed below, in the Northern District of Ohio, Eastern
Division, and elsewhere, Defendant PHILLIP R. DURACHINSKY did knowingly transfer,
possess and use, without lawful authority, a means of identi?cation of another person during and
in relation to a felony violation enumerated in Title 18, United States Code, Section 1028A(c), to
wit: Wire Fraud, in violation of Title 18, United States Code, Section 1343, knowing that the

means of identi?cation belonged to another actual person on or about the dates set forth below:

 

 

 

 

 

 

 

 

COUNT MEANS OF IDENTIFICATION APPROXIMATE DATES
7 Username and Password for QB. August 20, 2014
8 Username and Password for QB. August 22, 2014
9 Username and Password for 2.3. September 7, 2014
10 Username and Password for W.M. March 29, 2015

 

 

All in violation of Title 18, United States Code, Section 1028A(a)(1).


(Accessing Government Computer Without Authorization, 18 U.S.C. 1030(a)(3) and 

The Grand Jury further charges:

23. The factual allegations of paragraphs 1 through 9 of this Indictment are hereby
repeated, re-alleged and incorporated by reference as if fully set forth herein.

24. Between on or about May 21, 2014 and on or about December 19, 2016, in the
Northern District of Ohio, Eastern Division, and elsewhere, Defendant PHILLIP R.

DURACHINSKY did intentionally, without authorization to access any nonpublic computer of a

Case: 1:18-cr-00022-SO Doc 38 Filed: 01/10/18 8 of 11. PagelD 112

department or agency of the United States, access such a computer of that department and
agency, Defendant?s conduct having affected that use by and for the Government of the United
States and said computer was exclusively for the use of the Government of the United States to
wit: a computer owned and operated exclusively by a subsidiary of the US. Department of
Energy, an agency of the United States, in violation of Title 18, United States Code, Sections
1030(a)(3) and 

COUNT 12
(Illegal Wiretap, 18 U.S.C. 2511(1)(b) and 

The Grand Jury further charges:

25. The factual allegations of paragraphs 1 through 9 of this Indictment. are hereby
repeated, re-alleged and incorporated by reference as if fully set forth herein.

26. On or about June 25, 2013, between approximately 2:25 pm. EST, in the
Northern District of Ohio, Eastern Division, and elsewhere, Defendant PHILLIP R.
DURACHINSKY intentionally used an electronic device that transmits a signal through a wire
- to intercept an oral communication of M.M. and an unknown female, in violation of Title 18,
United States Code, Sections 251 and 

COUNT 13
(Illegal Wiretap, 18 U.S.C. 2511(1)(b) and 

The Grand Jury further charges:

27. The factual allegations of paragraphs 1 through 9 of this Indictment are hereby
repeated, re-alleged and incorporated by reference as if fully set forth herein.

28. On or about June 23, 2014, between approximately 11:40 am. and 11:56 am.
EST, in the Northern District of Ohio, Eastern Division, and elsewhere, Defendant PHILLIP R.

DURACHINSKY intentionally used an electronic device that transmits a signal through a wire

Case: 1:18-cr-00022-SO Doc 38 Filed: 01/10/18 9 of 11. PagelD 113

to intercept an oral communication of .P. and an unknown male, in violation of Title 18, United
States Code, Sections 2511(1)(b) and 

COUNT 14
(Illegal Wiretap, 18 U.S.C. 2511(1)(b) and 

The Grand Jury further charges:

29. The factual allegations of paragraphs 1 through 9 of this Indictment are hereby
repeated, re-alleged and incorporated by reference as if ?Jlly set forth herein.

30. On or about July 23, 2014, between approximately 7:54 pm. and 7:57 pm. EST,
in the Northern District of Ohio, Eastern Division, and elsewhere, Defendant PHILLIP R.
DURACHINSKY intentionally used an electronic device that transmits a signal through a wire
to intercept an oral communication of CA. and an unknown male, in violation of Title 18,
United States Code, Sections 2511(1)(b) and 

COUNT 15
(Illegal Wiretap, 18 U.S.C. 2511(1)(b) and 

The Grand Jury further charges:

31. The factual allegations of paragraphs 1 through 9 of this Indictment are hereby
repeated, re-alleged and incorporated by reference as if fully set forth herein.

32. On or about March 14, 2015, between approximately 12:20 pm. and 12:34 pm.
EST, in the Northern District of Ohio, Eastern Division, and elsewhere, Defendant PHILLIP R.
DURACHIN SKY intentionally used an electronic device that transmits a signal through a wire
to intercept an oral communicatiOn of RB. and an unknown female, in violation of Title 18,

United States Code, Sections 2511(1)(b) and 

Case: 1:18-cr-00022-SO Doc #2 38 Filed: 01/10/18 10 of 11. PageID 114

COUNT 16
(Illegal Wiretap, 18 U.S.C. 2511(1)(b) and 

The Grand Jury further charges:

33. The factual allegations of paragraphs 1 through 9 of this Indictment are hereby
repeated, re-alleged and incorporated by reference as if fully set forth herein.

34. On or about April 11, 2015, between approximately 2:21 pm. and 2:26 pm. EST,
in the Northern District of Ohio, Eastern Division, and elsewhere, Defendant PHILLIP R.
DURACHINSKY intentionally used an electronic device that transmits a signal through a wire
to intercept an oral communication of RB. and an unknown female, in violation of Title 18,
United States Code, Sections 2511(1)(b) and 

FORFEITURE

The Grand Jury further charges:

The allegations of Counts 1 through 6 and 11 through 16 are hereby realleged and
incorporated herein by reference for the purpose of alleging forfeiture pursuant to Title 18,
United States Code, Section Title 18, United States Code, Section 2253(a)(2); Title
18, United States Code, Section 2253(a)(3); Title 18, United States Code, Section 
Title 28, United States Code, Section 2461(c); Title 18, United States Code, Section 1028(b)(5);
and, Title 18, United States Code, Section 2513; Title 28, United States Code, Section 2461(c).
As a result of the foregoing offenses, Defendant PHILLIP R. DURACHINSKY shall forfeit the 
following to the United States:

a. All property constituting, or derived from, proceeds he obtained directly or
indirectly as a result of the violations charged in Counts 1, 2 and 11.
b. All property, real or personal, constituting or traceable to gross pro?ts or other

proceeds obtained from the violation charged in Count 3; and any property real or

10

Case: 1:18-cr-00022-SO Doc #2 38 Filed: 01/10/18 11 of 11. PageID 115

personal, used or intended to be used, to commit or to promote the commission of
the violation charged in Count 4 and any property traceable to such property.

0. All property, real or personal, which constitutes or is derived from proceeds
traceable to the violations charged in Counts 4, 5 and 6.

(1. Any electronic, mechanical, or other device used, sent, carried, manufactured,
assembled, possessed, sold, or advertised in the violations charged in Counts 12,

1314,15 and 16.

A TRUE BILL.

Original document - Signatures on ?le with the Clerk of Courts, pursuant to the E-Government

Act of 2002.

11