2018R000431/mfl1/am UNITED STATES DISTRICT COURT DISTRICT OF NEW JERSEY UNITED STATES OF AMERICA Hon. Crimo No。 19- V. ANKUR AGARWAL 18 UoS.C.§ §1030 alld 1028A INFORMATION The defendant having waived in open court prosecution by indictment, the United States Attorney for the District of New Jersey charges: Background 1. At all times relevant to this Information: a. Ankur Agarwal ("Agarwal") resided in Montville, New Jersey. b. Company One was headquartered in New York with offices in New Jersey and developed various technologies, including an emerging technologr ("Emerging Technolog/'). Company One maintained and used computers and computer networks, and engaged in interstate business activities. c. Company Two was headquartered in Texas with offices in New Jersey and developed various technologies, including the Emerging Technoiogr. Company TWo maintained and used computers and computer networks, and engaged in interstate business activities. Hackinq Scheme 2. From in or about February 2Ol7 through in or about April 2018, Agarwal obtained unauthorized access to the computer networks of Company One and Company Two and stole data relating to the Emerging Technologr. Companv One Intrusion 3. Beginning in or around February 2017, Agarwal physically trespassed onto Company One's premises in New Jersey and installed hardware key-logger devices onto Company One computers. The devices covertly recorded the keystrokes of Company One employees. Through the key-logger devices, Agarwal obtained numerous employees' login credentials. Agarwal also created and installed onto Company One's network a software program that acted as a digital key-logger. Through the digital key-logger, Agarwal obtained the login credentia-ls of additional Company One employees. 4. While on Company One's premises, Agarwal installed and connected his laptop computer ("Persona-l Computer One") to Company One's computer network. Using the fraudulently obtained login credentials and Personal Computer One, Agarwal gained the ability to remotely access Company One's network without authorization. 5. After obtaining unauthorized remote access into Company One's network, Agarwal stole, transferred, and exfiltrated Company One's data. 6. Agarwal specifically targeted data related to the Emerging Technologr and the employees assigned to work on the Emerging Technologz ("Emerging Technologr Team"). Beginning in or about March 2017, Agarwal created a computer code designed to exfiltrate data (the "Exfil Script"). From in or about March 2Ol7 until in or about September 2017, Agarwal executed the Exfil Script -2- against multiple computers used by the Emerging Technologr Team. Using these tactics and methods, Agarwal stole data relating to the Emerging Technologr and personal information associated \Mith multiple members of the Emerging Technologr Team. 7. From in or about January 2OLB to in or about February 2OL8, Agarwal targeted and obtained unauthorized access to the computers used by additional Company One employees, including its Chief Network Engineer Officer ("CNEO") and a network engineer. 8. In or about April 2018, Company One employees responsible for network security detected Agarwal's intrusion into the network and began an investigation. Agarwal, without authorrzation, accessed Company One's network and surveilled and eavesdropped on the investigation into his own activity. Company Two Intrusion 9. In or about June 2016, Agarwal physically trespassed onto the premises of Company Two. Using the means of identification of another person, Agarwal fraudulently obtained an access badge that granted him continued access to Company TWo premises in New Jersey. Agarwal installed onto Company Two's computers a hardware key-logger device that covertly recorded employees' keystrokes. Agarwal later recovered the key-logger device and fraudulently obtained several of Company TWo's employees'login credentials. -3- iO. While on Company Two's premises, Agarwal also installed and connected, without authorrzation, his laptop computer ("Personal Computer Two") to Company TWo's computer network. By using fraudulently obtained employees' credentia-ls and Personal Computer TWo, Agarwa-l gained the ability to remotely access, without authorization, Company TWo's computer network. 11. After gaining unauthorized remote access to Company TWo's network, Agarwal stole, transferred, and exfiltrated Company Two's data and information. Among other things, Agarwal stole information about the Emerging Technologr stored on Company Two servers. Beginning in or about April 2017, Agarwal used the Exfil Script to steal Company Ttwo's email files and documents relating to the Emerging Technologz, as well as personal documents relating to Company Two employees. The Charges Count One (Obtaining Information from Protected Computers-Company One) 1. Paragraphs 1 through 11 of this Information are incorporated as though fully set forth herein. 2. On or about the dates set forth below, in the District of New Jersey and elsewhere, the defendant, ANKUR AGARWAL, 4- intentionally accessed a computer without authorization, and thereby obtained information from protected computers used in and affecting interstate commerce and communication, and the value of the information obtained exceeded $5,OOO: Approximate Description Date February 2017 February 2017 February 2017 February 2017 LIarch 20 17 A/1arch 2017 A/1arch 2017 R/1arch 2017 Agarwal accessed the computer assigned to Employee One and obtained information, including the login credentials of Employee One, instructional manuals relating to Company One's computer network, and approximately 7OO additional files associated with Employee One. Agarwal accessed the computer assigned to Employee Two and obtained information, including the login credentials of Employee Two, Employee Two's security questions needed for account access, and a human resource file containing information about over 50 of Company One's senior management employees. Agarwal accessed the computers assigned to the End-UserSupport ("EUS") Team and obtained information, including the login credentials of members of the EUS Team, manuals relating to Company One's computer systems, and over 7,000 email files associated with the EUS Team. Agarwal accessed the computer assigned to Employee Three and obtained information, including the login credentials of Employee Three, Employee Three's personal information, and over 8,000 email files associated with Employee Three. Agarwal accessed the computer assigned to Employee Four and obtained information, including email files and documents related to the Emerging Technologr and Employee Four's personal information. Agarwal accessed the computer assigned to Employee Five and obtained information, including email files and documents related to the Emerging Technology. Agarwal accessed the computer assigned to Employee Six and obtained information, including email files and documents related to the Emerging Technology. Agarwal accessed the computer assigned to Employee Seven and obtained information, including email files and documents related to the Emerging Technologz and Employee Seven's personal information. 5 Approximate Description Date September 2017 October 20 17 January 20lB February 20L8 Agarwal accessed the computer assigned to Employee Eight and obtained information, including email files and documents related to the Emerging Technologr and Employee Eight's personal information. Agarwal accessed the computer assigned to Employee Nine and obtained information, including email files and documents related to the Emersing Technolosy. Agarwal accessed the computer assigned to the CNEO and obtained information, including email files and documents related to the Emerging Technology. Agarwal accessed the computer assigned to the CNEO and obtained information, including email files and documents related to the Emerging Technology. In violation of Title 18, United States Code, Sections 1O3O(a)(2) and (c)(2)(e)(iii). Count Two (Obtaining Information from Protected Computers-Company Two) 1. Paragraphs 1 through 11 of this Information are incorporated as though fully set forth herein. 2. On or about the dates set forth below, in the District of New Jersey and elsewhere, the defendant, ANKUR AGARWAL, intentionally accessed a computer without authortzation, and thereby obtained information from protected computers used in and affecting interstate commerce and communication, and the value of the information obtained exceeded -6- $5,OOO: Approximate Description Date April 2Ol7 April 2Ol7 Agarwal accessed Company TWo's servers and thereafter obtained information and data related to the Emerging Technologr. Agarwal accessed the computer assigned to Employee Ten and thereafter obtained email files and documents related to the Emerging Technologr and Employee Ten's personal documents. In violation of Title 18, United States Code, Sections 1030(a)(2) and (c)(2)(e)(iii). Count Three (Aggravated ldentity Theft) 1. Paragraphs 1 through 1 1 and Paragraph 2 of Count Two of this Information are incorporated as though fully set forth herein. 2. In or about May 2O 17, in the District of New Jersey and elsewhere, the defendant, ANKUR AGARWAL, did knowingly transfer, possess, and use, without lawful authority, a means of identification of another person during and enumerated in relation to a felony violation in Title 18, United States Code, Section 1028A(c), to wit, Title 18, United States Code, Section 1030(a) (computer fraud), knowing that the means of identification belonged to another actual person, namely, Agarwal transferred, possessed, and used the means of identification of an individual with the initials S.A., to obtain a Company Two access badge, and therea-fter used the access badge -7 - to maintain his unauthorized access to Company Two's premises in New Jersey for the purpose of furthering his hacking scheme. In violation of Title 18, United States Code, Section 1028A(a)(1). FORFEITURE ALLEGATION AS TO COUNTS ONE AND TWO 1. Upon conviction of the offenses in violation of 18 U.S.C. S 1O3O alleged in Counts One and TWo of this Information, Agarwa-l shall forfeit to the United States: a. pursuant to 18 U.S.C. SS 982(aX2)(B) and 1030(i), any property, real or personal, constituting, or derived from, proceeds obtained directly or indirectly as a result of the offenses charged in Counts One and Two of this Information; and b. pursuant to 18 U.S.C. S 1030(i), all right, title, and interest of the defendant in any personal property that was used or intended to be used to commit or to facilitate the commission of the offenses charged in Counts One and Two of this Information, including, but not limited to: all right, title, and interest of the Defendant in the items listed in Attachment A hereto. SUBSTITUTE ASSETS PROVISION 2. If any of the above-described forfeitable property, as a result of any act or omission of the defendant: a  b cannot be located upon the exercise of due diligence; has been transferred or sold to, or deposited with a third party; -B- c. d. e. has been placed beyond the jurisdiction of the court; has been substantially diminished in value; or has been commingled with other property which cannot be divided without difficulty; the United States shall be entitled, pursuant to 21 U.S.C. S 853(p) (as incorporated by 28 U.S.C. $ 2461(c), 18 U.S.C. S 1030(i), and 18 U.S.C. S 982(b)), to forfeiture of any other property of the defendant up to the value of the above-described forfeitable property. United States Attorney -9- Attachment A Item# 1 2 3 4 5 6 7 8 9 10 12 13 14 15 16 17 18 19 20 21 22 23 24 Make / Model / Description Western Digital My Book externa-l hard drive Western Digital My Book external hard drive (enclosure only) Dark green rain iacket Western Digital My Passport Ultra external hard drive with power cord Dell Latitude E6430 laptop computer with power cord and cordless mouse Black USB kevloqser Western Dieital external hard drive Deli Latitude D630 laptop computer and power cord with Logitech wireless USB Bluetooth transmitter Miscellaneous technical notes and Office Depot notepad Nokia Microsoft RM1O3O XL cellphone with power cord Samsung Yerrzon 4G LTE cellphone Acer Aspire 5742\aptop computer iomega Screenplay SPMCAHD hard drive Red National brand record notebook 3.5" Sony floppy disk Staples 3 subiect notebook Five CD-R disks containing SafeGuard recovery and backup data Power Spec external portable hard drive Western Digital WD5OOOC032 external portable drive Toshiba 2 TB portable hard drive Western Digital 2217Q externa_l portable drive Dell 87 25 laptop computer EP Memory 1.0 GB SD card Cruzer NIlini l.O GB flash drive -10- Serial Number WXllDB5NEOHH / Identifier N/A N/A WX」 lAA5001VX 9CGM」 Xl N/A VLH3U53Y DNWDDFl N/A 740485700 99000023037066 LXR4F02002034465461601 83AJ3201lX N/A DEA B2405A N/A N/A V627361 WCAPW0003145 14SATEG町 18B VKOEL3XY PKRNVWE725 N/A N/A Item# 25 26 27 28 29 30 31 32 Make / Model / Description Silver Dell GWZSRWl laptop computer with power cord Hewlett Packard 840G1 laptop computer (refurbished) with blue Ethernet cable USB kevlosser Black thumb drive with circle imprint White CR203 2.O thumb drive with UBON"printed on it “ Silver thumb drive with "Gemalto" and "Security to be Free" printed on it Swipe card C-84793O; AT&T tenant card in the name of Shashi Agarwal; AT&T contractor card in the name of Ankur Agarwal; Swipe card CO93OO24: Swipe card PP- 00878858 Sarnsung Galaxy S4 SGH― 1337 Seria-l Number 637230991978 / Identifier CNU409FOXD N/A N/A N/A N/A N/A IⅣ IEI:359721051256459 cellphone with black Otter Box case 33 Sarnsung Galaxv Note 4 Sh/1-N910V cellphone with Neo Hybrid black/silver casc 34 35 36 37 IA/1EI:990004812971194 N/A Silver thumb drive Black and red notebook with "Record" N/A on spine Two power adapters N/A Samsung Galaxy 54 SCH-IS4SUD I1/1EI:990004510333960 cellphone with blue and black case -11- CASE NUMBER:19‐ United States District Court District of New Jersey UNITED STATES OF AMERICA V。 ANKtrR AGARWAL INFORMATION FOR 18 UoS.C.§ 1030 18 UoS.C.§ 1028A Cnarc Cenpprrto UNITED STATESATTORNEY NEWARK, NEW JERSEY ANTHONY N10SCATO NIAttHEW FELDMAN NIKIC ASSIS7ス プマTひ S A2oRⅣ 973-645-2779 EyS