News

Trial of alleged Palo Alto Online hacker to begin

Ross Colby faces five federal counts in 2015 attack on Embarcadero Media websites

The jury trial of a Richmond man accused of executing a damaging hacking attack of PaloAltoOnline.com and four other Embarcadero Media websites will begin on Tuesday, May 29, in San Jose federal court.

Ross M. Colby, 35, formerly of San Francisco, is alleged to have hacked the online news sites PaloAltoOnline.com, Mountain View Online, Almanac Online, PleasantonWeekly.com and DanvilleSanRamon.com on Sept. 17, 2015, after gaining access to the corporate Google email accounts of at least three Embarcadero Media employees. He allegedly used the information to cancel four domain names on the company's GoDaddy.com account and changed the company's mail exchange ("MX") records to redirect email.

The website content was replaced with an image of Guy Fawkes, the icon of the activist group Anonymous. The hacker posted a message indicating unhappiness with The Almanac, which covers Menlo Park, Atherton, Portola Valley and Woodside: "Greetings, this site has been hacked. Embarcadero Media Group (Alamanac) (sic) has failed to remove content that has been harmful to the wellbeing and safety of others. Failure to honor all requests to remove content will lead to the permanent shutdown of all Embarcadero Media websites."

As part of the hack, each website's URL was replaced with the text "Unbalanced journalism for profit at the cost of human right. Brought to you by the Almanac." The message concluded with a partial tagline used by Anonymous: "We do not forgive, we do not forget, we are legion."

Colby has no known ties to the company nor to any of its papers. He did not respond to a reporter's question outside the courthouse in May 2017 about his motive. Bill Johnson, Embarcadero Media president and CEO, said at the time of the attack that it had caused extensive damage. There was no indication that website users' personal information had been hacked, however.

Court documents indicate the attack was well planned, however. Federal Bureau of Investigation (FBI) special agents discovered that a number of different Internet Protocol (IP) addresses had been used to access the email accounts of Embarcadero Media internet-technology employees more than 200 times between July 22 and Aug. 8, 2015.

One special agent linked at least three of the IP addresses back to John Colby, Ross Colby's father, who lives in Massachusetts. Another IP address was connected to Colby's San Francisco residence, and one was connected to the Flying Pig Bistro Pub on South Van Ness Avenue, which is across the street from Colby's residence, according to court papers.

Colby's roommate is expected to testify at the trial about discussions he had with the defendant regarding computer intrusions and how to configure IP addresses through virtual private network (VPN) providers. VPNs allow a user to connect from an outside location to a company's private network using public networks as if the computers were directly connected to the private network, according to a Wikipedia entry citing a Cisco handbook.

The FBI launched an 18-month investigation immediately after the hacking attack, which resulted in a federal grand jury indictment of Colby. He is charged with felony intentional damage to a protected computer and felony attempted damage to a protected computer. He is also charged with three misdemeanor counts of intentionally accessing a protected computer without authorization and obtaining information for acts allegedly committed on July 23-25, 2015.

He was arraigned on April 11, 2017, in federal District Court in San Jose and entered a not guilty plea. He is out of custody on a $50,000 bond.

Palo Alto Online will be reporting on the trial, which is estimated to last five days.

Read more articles on Colby's trial:

Roommate: Alleged hacker said he was paid to attack news site

Second day of hacking trial focuses on FBI investigation

Accused Palo Alto Online hacker allegedly intended economic damage

---

Follow the Palo Alto Weekly/Palo Alto Online on Twitter @PaloAltoWeekly and Facebook for breaking news, local events, photos, videos and more.

What is democracy worth to you?
Support local journalism.

Comments

19 people like this
Posted by resident
a resident of Downtown North
on May 28, 2018 at 10:12 am

This incident taught me to never give up personal information to websites that do not absolutely need it.


7 people like this
Posted by musical
a resident of Palo Verde
on May 28, 2018 at 11:20 am

Calendar for Judge Lucy H. Koh
Courtroom 8, 4th Floor, San Jose
Tuesday, May 29 2018 09:00am
USA v. Ross Colby Jury Trial/Selection

Federal Building is kitty-corner to Original Joe's.


14 people like this
Posted by the_punnisher
a resident of Mountain View
on May 28, 2018 at 1:45 pm

the_punnisher is a registered user.

REAL hackers never get caught. This guy should never have been called a hacker in the first place. Getting IPs is easy as they are in the public domain.Using anything above layer 4 of the TCP/IP stack is stupid, as the tracks are easy to find. He was stupid, even at a stack level. " White Hats " see this type of attack all the time. On a scale of 1 to 10, he gets a 2. Please refer to him as a FAILED attacker, not a hacker. He dosn't deserve the name " hacker "...8P...


Like this comment
Posted by the_punnisher
a resident of Mountain View
on May 28, 2018 at 1:52 pm

the_punnisher is a registered user.

I did not list my " White Hat " qualifications:

Network Engineer

Network Security Engineer

Cray Research, Inc.


I have been both a UNIX ( licensed ) and Linux Administrator decades of experience and a Sun System Administrator. Cisco interface Admin.


7 people like this
Posted by l33t
a resident of Barron Park
on May 28, 2018 at 7:01 pm

Wow punnisher. So impressive. Much armchair hax0rz cred to you.


32 people like this
Posted by Paly Grad '73
a resident of Old Palo Alto
on May 28, 2018 at 8:25 pm

What was the alleged hacker's motive?


12 people like this
Posted by AnUnbiasedObserver
a resident of another community
on May 30, 2018 at 1:09 pm

An interesting read. Interesting also that this is one story that
is actually well reported on with minimal typos and grammar errors.
Good job.

It doesn't sound like there was really much in terms of damages, but
they were not listed. I don't think anyone deserves to be hacked or
asks to be hacked but an online "things to remember", presumable
cleartext document with passwords is a real no-brainer.

Having been the recipient of arbitrary deletions and insults from two
Palo Alto Online bloggers and edits from censors on PAO - for no
real point other that a seeming intent to frustrate, confound and anger
potential discussion participants, or marginalize certain points of views,
I agree with resident's above comment about the fake-news and extreme
partisanship of most of Palo Alto Online.

When you treat people unfairly, rudely or you lie to them ostensibly
offering an online town forum, and then you censor and delete things
in an uneven manner you can build a lot of resentment in people. I
look forward to the reporting on what the defendant went through
all the trouble to hack this site about. People or groups do not
tend to waste the time necessary to protest, hate or hack sites that
they think treat them fairly and with respect.

That is the whole purpose of trolling, and as a long time reader
and participant in the Town Square Forum my opinion is that it
does not operate in good faith, though it is not horrible, except
for the two bloggers mentioned who behave like out of control
children and should be fired or forbidden from editing and censoring
their own blogs.

Almost decades old now online forums sites have proven unable
to fairly moderate, censor or provoke reasoned discussions and the
advertising/profit motive of most post and more clicks seems to
blind companies to their public duty. There needs to be standards
and regulation on these things as if it was the Russians distorting
the American political process in the last election, it is not really
any better if it was any other group that happened to be domestic
or even the owners of the media.

I would point out to "resident" that at least. in my opinion. there is
nothing socialist, and indeed everything Stanford Business
School-style capitalist ... i.e. militant capitalism. about PAO.

But perhaps if Palo Alto Online/Embarcadero Media took its
civic duty a bit more seriously and worked a bit more
professionally at that civic duty it would not create enemies.

Also, it would be interesting to know why the FBI is so interested
in this case and if that is common, or is there some connection
between the government or any corporate consortium, business
groups, etc, and Embarcadero Media?

Again, I have not seen the damages, but this does seem a bit
vengeful to take this guy to court over some minor hacking that
embarrassed Embarcadero Media, but did not seem to do any
major or lasting damage. How much is being spent on legal
fees to prosecute this case ( civil? ) verus the damage done?
How much of this is ultimately being funded by the taxpayer?

Maybe there is not that much to be gained by prosecution as
their is from lessons learned and trying to be a good community
citizen instead of forcing opinions on the city. There is a lot
Embarcadero Media could be doing for the City that it doesn't
do and probably doesn't see as its purview, but that is the
core of technological innovation, isn't it?

Why is it Palo Alto Online always has to shut discussions
down by forcing people to login, when said discussions get too
close to the issues they seem to think might go against them?
It is not a true Town Forum, and it is an invasion of people's
privacy. Have a Town Forum or don't why not? See if your
opinion pieces are enough to hold anyone's interest without
being able to comment freely?


7 people like this
Posted by resident
a resident of Downtown North
on May 30, 2018 at 1:36 pm

Forcing people to login is a ploy to collect your personal information which they will of course use for advertising. They claim that hackers cannot access customer information, but no one really believes that.


Sorry, but further commenting on this topic has been closed.

All your news. All in one place. Every day.

Su Hong Palo Alto's last day of business will be Sept. 29
By Elena Kadvany | 15 comments | 5,125 views

Troubling safety issues in our fair city
By Diana Diamond | 16 comments | 1,524 views

Natural Wines?
By Laura Stec | 1 comment | 1,284 views

Premarital, Women Over 50 Do Get Married
By Chandrama Anderson | 0 comments | 1,278 views

Electric Buses: A case study
By Sherry Listgarten | 2 comments | 1,019 views

 

Register now!

On Friday, October 11, join us at the Palo Alto Baylands for a 5K walk, 5K run, 10K run or half marathon! All proceeds benefit local nonprofits serving children and families.

More Info