Convicted Fraudster Uses DDoS Attack To Clean Up Search Results, Fails Spectacularly
from the engage-self-destruct dept
A Seattle man has found a surefire way to clean up negative search engine results: get arrested for threatening (and apparently executing) a denial-of-service attack against a legal web site for refusing to take down an unflattering link.
Federal prosecutors announced the arrest of Kamyar Jahanrakhshan, 32, on a criminal charge of extortion by threats to cause damage to Leagle.com. If convicted, he faces up to 5 years in federal prison and a $250,000 fine.
A man named Andrew Rakhshan allegedly contacted the website in December 2014 and asked that a link to the offending court decision be taking down.
Then Rakhshan was done asking.
“On January 24, 2015 Rakhshan again sent an e-mail claiming that he met a group of hackers online who were willing to launch a massive cyber-attack on Leagle.com,” prosecutors said in a statement. “Rakhshan claimed that he had no other options to resolve the matter. He threatened to use these hackers to conduct a Distributed Denial of Service (DDoS) attack to force Leagle.com to comply with his demands. On January 25, 2015, a large amount of traffic targeted the IP address for Leagle.com.”
The website was unable to mitigate the attack traffic, which subsided when it removed the link.
Nice work, Andrew. Generating a federal indictment is a surefire way to ensure your vanity search results remain unmarred by "offending court decisions." But this DDoS wasn't Rakhshan's only attempt to scrub the web of negative info. Searching through the Lumen (formerly Chilling Effects) database reveals post-alleged attack efforts Rakhshan made to clean up unflattering search results.
Several takedown notices sent to Google reference a court order obtained by Rakhshan targeting three URLs set up by someone who wanted the world to know about Rakhshan's fraudulent Canadian escapades.
Rakhshan's requests demand the removal of the following URLs by Google.
http://jahanrakhshan-credit-card-embosser.blogspot.com/
http://jahanrakhshan-impersonated-police.blogspot.com/
http://jahanrakhshan-rakhshan-fraud-trial.blogspot.com/
http://rakhshan-vs-whatcom-county-washington.blogspot.com/
http://whistleblower-legislation-canada.blogspot.com/p/blog-page.html
However, the court order [PDF] he cites (in increasingly angry tones) only specifies the removal of three URLs.
http://rakhshan-vs-whatcom-county-washington.blogspot.com/
http://jahanrakhshan-rakhshan-fraud-trial.blogspot.com/
The third URL refers to a Google Drive document.
The court's order says the person posting these must remove them, not Google. In fact, a handwritten note appended to the end of the approved order makes it clear Google is not responsible for the removal of the URLs.
(In case you can't see it, the handwritten note reads "Google is not a party to this lawsuit.")
The three other URLs listed in Rakhshan's takedown notices were struck from the court order before approval. That's because there was nothing even possibly libelous about the posts. All they contained were Canadian court documents pertaining to Andrew Rakhshan/Kamyar Jahanrakhshan which, no matter how unflattering, cannot possibly be considered defamatory.
Not that it seems to matter to Rakhshan. This note is appended to his September 2016 takedown request:
Next month is ONE-YEAR anniversary of when I first submitted this Complaint. I am attaching BOTH my Court Orders once again. TELL ME what is the problem or issue. I will then PRINT your comments, attach them to my sworn affidavit, and take it before the SAME Judge and wont leave his courtroom until he gives me a THIRD Order which is to your standards. Once again, the first 2 URLs above are explicitly stated in both orders. That means the Judge has found them to be unlawful, not once, but TWICE - No further explanation is therefore required. The 3rd, 4th and 5th URLs above are an exact replicate of what you removed between December to April. I could elaborate extensively if you wish, but in sum, the Defendant either accuses me of DDoS, or else being a same person as a convicted fraudster from Canada. Last week Google Security called me and asked that I stop contacting Google. I will NEVER do that until these 5 URLs are removed, even if it takes 10 ...
Strange that it mentions a DDoS. But by this point, he'd probably been hearing about the accusations for at least a year. According to the indictment, the attack took place in January 2015. Also stranger that it says the URLs claim he's the same person as a convicted fraudster from Canada. The URLs that remain live don't connect the two names. But the multiple takedown notices -- coupled with the recent indictment of Andrew Rakhshan -- seem to indicate these are both the same person.
However, both a 2011 Canadian news article about Rakhshan…
Westpac, St George Bank and Bankwest were just three banks and card issuers from around the world that gave evidence this year against Kamyar ''Andy'' Jahanrakhshan of North Vancouver.
In spending almost $C500,000 of other people's money, Jahanrakhshan used forged credit cards that carried his real name and supplied the various car dealers with his driver's licence.
He was found guilty last month of multiple counts of fraud by the Supreme Court in British Columbia.
And the DOJ's indictment…
Kamyar Jahanrakhshan, aka “Kamyar Jahan Rakhshan,” “Andy or Andrew Rakhshan,” “Andy or Andrew Kamyar,” and “Kamiar or Kamier Rakhshan,” 32, of Seattle, Washington, was arrested today on a federal criminal complaint charging him with extortion by threats to cause damage to the Dallas, Texas hosting company for Leagle.com, announced U.S. Attorney John Parker of the Northern District of Texas.
...make it explicit this is the same person, despite Rakhshan's protests to the contrary.
And it could be Rakhshan is impersonating the Canadian Broadcast Corporation as well. There are three notices purportedly from the CBC demanding takedowns of archived versions of the CBC's original story about Rakhshan's Canadian legal troubles.
So, it appears Rakhshan is -- or at least was -- engaging in a lot of questionable behavior attempting to scrub the web of mentions of his Canadian criminal past. Adding bogus DMCA takedown notices to an alleged DDoS isn't the ideal course of action one should pursue if they feel their search results are already a bit sketchy.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: andrew rakhshan, ddos, kamyar jahanrakhshan, reputation management, search engine optimization, seo
Companies: leagle
Reader Comments
Subscribe: RSS
View by: Time | Thread
If only he'd used a DMCA as his weapon instead of a DDOS, he might not be in prison now.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I believe...
[ link to this | view in chronology ]
Re: I believe...
"You're doing it wrong" isn't the bon mot you think it is...
By Streisanding himself, he's doing it right, and proving his true colors for all the world to see!
[ link to this | view in chronology ]
jahanrakhshan-ddoses-self-with-repeated-fraudulent-activity-and-a-multiplicity-of-monikers.blogspot. com
Kamyar Jahanrakhshan, aka “Kamyar Jahan Rakhshan,” “Andy or Andrew Rakhshan,” “Andy or Andrew Kamyar,” and “Kamiar or Kamier Rakhshan,” or... "Frank Pohl".
[ link to this | view in chronology ]
Court Order: Blog Author
My blog pages were accurate and well-considered. The content was true, written like a physics research paper where everything is proven as you go. Personal note: I am a physicist, a UBC graduate (now retired).
My blog did not give Rakhshan any platform to argue about "opinion." Contents:
My blog had modest beginnings: I published the single webpage that Rakhshan took down on my main website, plus a few of his emails bragging about his DDoS attack. But after seeing my blog online, the Toronto Police Cyber-Crimes Unit contacted me, they "applauded" the blog and encouraged me to continue. Police explained that Rakhshan was "living a very transient existence" and could not be located.
And so my blog grew, but not with any aim to defame Rakhshan. The blog served a quite different purpose: to help police track Rakhshan via my Google Analytics logs. The logs were useful in case Rakhshan ever slipped up from hiding behind a VPN network – a possibility in view of his frenetic, relentless hits on any page containing his name.
Regarding the Court Order last year which forced my blog offline:
Sequence in King County Court:
October 27, 2015: Judge Oishi of King County Court signed the Order for Default against my Blog pages. I had to beg Google for a copy of the Order and did not see it until January 2016 (months after the decision).
July 5, 2016: Judge Oishi apparently signed a follow-up Order for Contempt against my Blog pages. This I saw for the first time on TechDirt today.
July 26, 2016: The FBI filed a Charging Document listing cyber-crimes committed by Rakhshan (aka Jahanrakhshan). The Toronto Police and Australian Police closely assisted. The document was sealed for a year.
Incidentally, the United States court had no jurisdiction over my Canadian web content. My website and blog were both passive (read-only) and thus fell at the lowest end of the "Zippo Sliding Scale". Refer to the landmark precedent Zippo Manufacturing Co. v. Zippo Dot Com (1997) which says: "A passive website alone is never sufficient grounds for the exercise of personal jurisdiction."
[ link to this | view in chronology ]
Takedown Petition - Duty of the Judge
TechDirt reports that DMCA and defamation claims are increasingly used as a substitute for DDoS attacks. A Judge hearing a petition to take down webpages has an obligation to perform minimal checks, especially if the site owner is not present in Court. Examples:
While a short header in an email can be spoofed, the long header cannot be faked. The long header is designed for security: You can run the header through a tracer program to determine the source, and also analyze how long the email was delayed. Judge Oishi failed to perform this basic check.
The web being international in scope, the petitioner and site owner may well live in different countries. If the petitioner claims he met the site owner in person to discuss things, the Judge can check with Passport Control to determine whether the supposed cross-border travel ever took place. Judge Oishi failed to do so.
Excerpted below is some of my correspondence with Google Blogger for the period Oct 2015 to July 2016 (between the first and second Orders). Certainly I beat my brains out trying to comply. The only info I had was a copy of the Order for Default from Google. At that time, the logical interpretation was that Rakhshan took issue with how I phrased things in a few places on my Blog. Thus I expanded my Blog pages, cross-referencing my evidence and adding detailed footnotes. I had no idea Rakhshan was abruptly denying the DDoS attack – this would not occur to anyone who saw his hundreds of intimidating emails. "You will never had a website while I am alive!" said Rakhshan.
2015 December 20 / Gmail - Sil to The Google Team:
Most of the proof of the truth of my Blog content is ON the actual Blog pages. As to upgrades: In one email to Rakhshan, I told him that if he disagreed with anything I expressed on my Blog pages, then he could rewrite the phrase or paragraph and email the text to me, and it could replace my own words if suitable. Rakhshan never did any writing though; he never once mentioned it over subsequent months. My email is attached.
I placed a Google Analytics Tracking ID on my Blog pages. It gathered useful statistics, which I sent to Toronto Police on December 12, 2015. Then on December 15, suddenly these same Blog pages disappear. You might consider whether that is what drives Rakhshan: his fear of being tracked, and arrested.
In any event, I pride myself on accuracy, and if there really is anything that needs attention on Blogger, I will listen and act. But I cannot work in a vacuum. Specifics are required. (1) The Google Team said a "US Court Order" is attached, but I cannot find the Order. Who signed the Order? Who is the complainant? (2) I am guessing the complainant is Andrew Rakhshan (aka Kamyar Jahanrakhshan) because he is the topic of discussion on the Blog pages which disappeared. Can you confirm?
2016 January 6 / Gmail - The Google Team to Sil:
Hello, Attached the court order in question. Please note that we contacted the Superior Court of Washington, Kings County, and they verified that the order >is legitimate. Regards, The Google Team
2016 January 12 / Gmail - Sil to The Blogger Team:
My Blog page "DDoS Timeline Andrew Rakhshan" is not in violation of the Blogger Content Policy. When I (re-published) the page, I took care to add links to material verifying the truth and accuracy of every statement made in the article. The timeline is (now) presented in a table. On the right side of the table is a major column titled "Verification." That column contains material which corroborates the rest of the page.
After all, this Blog page is a timeline. The evidence is in the actual correspondence (emails) exchanged over time, plus the server logs, and my account registration for the web-host. This evidence is what a Court calls black-and-white.
2016 January 18 / Gmail - Sil to The Blogger Team:
It was the Toronto Police who encouraged me to write and keep afloat the Blog pages, which served their investigation in practical ways. As to the Order, we checked with King County Court in Washington State, and found the Order does exist. It was obtained in my complete absence; no-one notified me that a court process was underway. The normal position is to infer prejudice when one party is given no opportunity to present evidence.
Rakhshan does not use the normal definition of "defamation." He does not mean material that is false. By "defamation" he means any mention of his name at all. Especially he does not want the connection known between his two legal surnames (he uses "Rakhshan" in the USA, and and "Jahanrakhshan" in Canada). To avoid confusion, you need this background. His two names are equated in court rulings:
Status of Court Order: Summary
[ link to this | view in chronology ]
Court Order: Blog Author
My blog did not give Rakhshan any platform to argue about "opinion." Contents:
Some blog pages presented emails signed by Andrew Rakhshan. The words were strictly verbatim, quotes from Rakhshan's own emails to me.
Another page showed the server logs from the DDoS attack on my website. These are mathematical graphs and cannot defame anyone. Source of the logs: Arvixe, a well-reputed web host.
As your article points out, some other pages were Canadian court rulings from the Jahanrakhshan fraud case, obviously not defamatory as they were written by a court.
[ link to this | view in chronology ]