The jury trial of a Richmond man accused of executing a damaging hacking attack of PaloAltoOnline.com and four other Embarcadero Media websites will begin on Tuesday, May 29, in San Jose federal court.
Ross M. Colby, 35, formerly of San Francisco, is alleged to have hacked the online news sites PaloAltoOnline.com, Mountain View Online, Almanac Online, PleasantonWeekly.com and DanvilleSanRamon.com on Sept. 17, 2015, after gaining access to the corporate Google email accounts of at least three Embarcadero Media employees. He allegedly used the information to cancel four domain names on the company's GoDaddy.com account and changed the company's mail exchange ("MX") records to redirect email.
The website content was replaced with an image of Guy Fawkes, the icon of the activist group Anonymous. The hacker posted a message indicating unhappiness with The Almanac, which covers Menlo Park, Atherton, Portola Valley and Woodside: "Greetings, this site has been hacked. Embarcadero Media Group (Alamanac) (sic) has failed to remove content that has been harmful to the wellbeing and safety of others. Failure to honor all requests to remove content will lead to the permanent shutdown of all Embarcadero Media websites."
As part of the hack, each website's URL was replaced with the text "Unbalanced journalism for profit at the cost of human right. Brought to you by the Almanac." The message concluded with a partial tagline used by Anonymous: "We do not forgive, we do not forget, we are legion."
Colby has no known ties to the company nor to any of its papers. He did not respond to a reporter's question outside the courthouse in May 2017 about his motive. Bill Johnson, Embarcadero Media president and CEO, said at the time of the attack that it had caused extensive damage. There was no indication that website users' personal information had been hacked, however.
Court documents indicate the attack was well planned, however. Federal Bureau of Investigation (FBI) special agents discovered that a number of different Internet Protocol (IP) addresses had been used to access the email accounts of Embarcadero Media internet-technology employees more than 200 times between July 22 and Aug. 8, 2015.
One special agent linked at least three of the IP addresses back to John Colby, Ross Colby's father, who lives in Massachusetts. Another IP address was connected to Colby's San Francisco residence, and one was connected to the Flying Pig Bistro Pub on South Van Ness Avenue, which is across the street from Colby's residence, according to court papers.
Colby's roommate is expected to testify at the trial about discussions he had with the defendant regarding computer intrusions and how to configure IP addresses through virtual private network (VPN) providers. VPNs allow a user to connect from an outside location to a company's private network using public networks as if the computers were directly connected to the private network, according to a Wikipedia entry citing a Cisco handbook.
The FBI launched an 18-month investigation immediately after the hacking attack, which resulted in a federal grand jury indictment of Colby. He is charged with felony intentional damage to a protected computer and felony attempted damage to a protected computer. He is also charged with three misdemeanor counts of intentionally accessing a protected computer without authorization and obtaining information for acts allegedly committed on July 23-25, 2015.
He was arraigned on April 11, 2017, in federal District Court in San Jose and entered a not guilty plea. He is out of custody on a $50,000 bond.
Palo Alto Online will be reporting on the trial, which is estimated to last five days.
Read more articles on Colby's trial: