The jury trial of a Richmond man accused of executing a damaging hacking attack of PaloAltoOnline.com and four other Embarcadero Media websites will begin on Tuesday, May 29, in San Jose federal court.
Ross M. Colby, 35, formerly of San Francisco, is alleged to have hacked the online news sites PaloAltoOnline.com, Mountain View Online, Almanac Online, PleasantonWeekly.com and DanvilleSanRamon.com on Sept. 17, 2015, after gaining access to the corporate Google email accounts of at least three Embarcadero Media employees. He allegedly used the information to cancel four domain names on the company's GoDaddy.com account and changed the company's mail exchange ("MX") records to redirect email.
The website content was replaced with an image of Guy Fawkes, the icon of the activist group Anonymous. The hacker posted a message indicating unhappiness with The Almanac, which covers Menlo Park, Atherton, Portola Valley and Woodside: "Greetings, this site has been hacked. Embarcadero Media Group (Alamanac) (sic) has failed to remove content that has been harmful to the wellbeing and safety of others. Failure to honor all requests to remove content will lead to the permanent shutdown of all Embarcadero Media websites."
As part of the hack, each website's URL was replaced with the text "Unbalanced journalism for profit at the cost of human right. Brought to you by the Almanac." The message concluded with a partial tagline used by Anonymous: "We do not forgive, we do not forget, we are legion."
Colby has no known ties to the company nor to any of its papers. He did not respond to a reporter's question outside the courthouse in May 2017 about his motive. Bill Johnson, Embarcadero Media president and CEO, said at the time of the attack that it had caused extensive damage. There was no indication that website users' personal information had been hacked, however.
Court documents indicate the attack was well planned, however. Federal Bureau of Investigation (FBI) special agents discovered that a number of different Internet Protocol (IP) addresses had been used to access the email accounts of Embarcadero Media internet-technology employees more than 200 times between July 22 and Aug. 8, 2015.
One special agent linked at least three of the IP addresses back to John Colby, Ross Colby's father, who lives in Massachusetts. Another IP address was connected to Colby's San Francisco residence, and one was connected to the Flying Pig Bistro Pub on South Van Ness Avenue, which is across the street from Colby's residence, according to court papers.
Colby's roommate is expected to testify at the trial about discussions he had with the defendant regarding computer intrusions and how to configure IP addresses through virtual private network (VPN) providers. VPNs allow a user to connect from an outside location to a company's private network using public networks as if the computers were directly connected to the private network, according to a Wikipedia entry citing a Cisco handbook.
The FBI launched an 18-month investigation immediately after the hacking attack, which resulted in a federal grand jury indictment of Colby. He is charged with felony intentional damage to a protected computer and felony attempted damage to a protected computer. He is also charged with three misdemeanor counts of intentionally accessing a protected computer without authorization and obtaining information for acts allegedly committed on July 23-25, 2015.
He was arraigned on April 11, 2017, in federal District Court in San Jose and entered a not guilty plea. He is out of custody on a $50,000 bond.
Palo Alto Online will be reporting on the trial, which is estimated to last five days.
Read more articles on Colby's trial:
• Roommate: Alleged hacker said he was paid to attack news site
• Second day of hacking trial focuses on FBI investigation
• Accused Palo Alto Online hacker allegedly intended economic damage
Comments
Downtown North
on May 28, 2018 at 10:12 am
on May 28, 2018 at 10:12 am
This incident taught me to never give up personal information to websites that do not absolutely need it.
Palo Verde
on May 28, 2018 at 11:20 am
on May 28, 2018 at 11:20 am
Calendar for Judge Lucy H. Koh
Courtroom 8, 4th Floor, San Jose
Tuesday, May 29 2018 09:00am
USA v. Ross Colby Jury Trial/Selection
Federal Building is kitty-corner to Original Joe's.
Registered user
Mountain View
on May 28, 2018 at 1:45 pm
Registered user
on May 28, 2018 at 1:45 pm
REAL hackers never get caught. This guy should never have been called a hacker in the first place. Getting IPs is easy as they are in the public domain.Using anything above layer 4 of the TCP/IP stack is stupid, as the tracks are easy to find. He was stupid, even at a stack level. " White Hats " see this type of attack all the time. On a scale of 1 to 10, he gets a 2. Please refer to him as a FAILED attacker, not a hacker. He dosn't deserve the name " hacker "...8P...
Registered user
Mountain View
on May 28, 2018 at 1:52 pm
Registered user
on May 28, 2018 at 1:52 pm
I did not list my " White Hat " qualifications:
Network Engineer
Network Security Engineer
Cray Research, Inc.
I have been both a UNIX ( licensed ) and Linux Administrator decades of experience and a Sun System Administrator. Cisco interface Admin.
Barron Park
on May 28, 2018 at 7:01 pm
on May 28, 2018 at 7:01 pm
Wow punnisher. So impressive. Much armchair hax0rz cred to you.
Old Palo Alto
on May 28, 2018 at 8:25 pm
on May 28, 2018 at 8:25 pm
What was the alleged hacker's motive?
another community
on May 30, 2018 at 1:09 pm
on May 30, 2018 at 1:09 pm
An interesting read. Interesting also that this is one story that
is actually well reported on with minimal typos and grammar errors.
Good job.
It doesn't sound like there was really much in terms of damages, but
they were not listed. I don't think anyone deserves to be hacked or
asks to be hacked but an online "things to remember", presumable
cleartext document with passwords is a real no-brainer.
Having been the recipient of arbitrary deletions and insults from two
Palo Alto Online bloggers and edits from censors on PAO - for no
real point other that a seeming intent to frustrate, confound and anger
potential discussion participants, or marginalize certain points of views,
I agree with resident's above comment about the fake-news and extreme
partisanship of most of Palo Alto Online.
When you treat people unfairly, rudely or you lie to them ostensibly
offering an online town forum, and then you censor and delete things
in an uneven manner you can build a lot of resentment in people. I
look forward to the reporting on what the defendant went through
all the trouble to hack this site about. People or groups do not
tend to waste the time necessary to protest, hate or hack sites that
they think treat them fairly and with respect.
That is the whole purpose of trolling, and as a long time reader
and participant in the Town Square Forum my opinion is that it
does not operate in good faith, though it is not horrible, except
for the two bloggers mentioned who behave like out of control
children and should be fired or forbidden from editing and censoring
their own blogs.
Almost decades old now online forums sites have proven unable
to fairly moderate, censor or provoke reasoned discussions and the
advertising/profit motive of most post and more clicks seems to
blind companies to their public duty. There needs to be standards
and regulation on these things as if it was the Russians distorting
the American political process in the last election, it is not really
any better if it was any other group that happened to be domestic
or even the owners of the media.
I would point out to "resident" that at least. in my opinion. there is
nothing socialist, and indeed everything Stanford Business
School-style capitalist ... i.e. militant capitalism. about PAO.
But perhaps if Palo Alto Online/Embarcadero Media took its
civic duty a bit more seriously and worked a bit more
professionally at that civic duty it would not create enemies.
Also, it would be interesting to know why the FBI is so interested
in this case and if that is common, or is there some connection
between the government or any corporate consortium, business
groups, etc, and Embarcadero Media?
Again, I have not seen the damages, but this does seem a bit
vengeful to take this guy to court over some minor hacking that
embarrassed Embarcadero Media, but did not seem to do any
major or lasting damage. How much is being spent on legal
fees to prosecute this case ( civil? ) verus the damage done?
How much of this is ultimately being funded by the taxpayer?
Maybe there is not that much to be gained by prosecution as
their is from lessons learned and trying to be a good community
citizen instead of forcing opinions on the city. There is a lot
Embarcadero Media could be doing for the City that it doesn't
do and probably doesn't see as its purview, but that is the
core of technological innovation, isn't it?
Why is it Palo Alto Online always has to shut discussions
down by forcing people to login, when said discussions get too
close to the issues they seem to think might go against them?
It is not a true Town Forum, and it is an invasion of people's
privacy. Have a Town Forum or don't why not? See if your
opinion pieces are enough to hold anyone's interest without
being able to comment freely?
Downtown North
on May 30, 2018 at 1:36 pm
on May 30, 2018 at 1:36 pm
Forcing people to login is a ploy to collect your personal information which they will of course use for advertising. They claim that hackers cannot access customer information, but no one really believes that.