Convicted Fraudster Uses DDoS Attack To Clean Up Search Results, Fails Spectacularly

from the engage-self-destruct dept

A Seattle man has found a surefire way to clean up negative search engine results: get arrested for threatening (and apparently executing) a denial-of-service attack against a legal web site for refusing to take down an unflattering link.

Federal prosecutors announced the arrest of Kamyar Jahanrakhshan, 32, on a criminal charge of extortion by threats to cause damage to Leagle.com. If convicted, he faces up to 5 years in federal prison and a $250,000 fine.

A man named Andrew Rakhshan allegedly contacted the website in December 2014 and asked that a link to the offending court decision be taking down.

Then Rakhshan was done asking.

“On January 24, 2015 Rakhshan again sent an e-mail claiming that he met a group of hackers online who were willing to launch a massive cyber-attack on Leagle.com,” prosecutors said in a statement. “Rakhshan claimed that he had no other options to resolve the matter. He threatened to use these hackers to conduct a Distributed Denial of Service (DDoS) attack to force Leagle.com to comply with his demands. On January 25, 2015, a large amount of traffic targeted the IP address for Leagle.com.”

The website was unable to mitigate the attack traffic, which subsided when it removed the link.

Nice work, Andrew. Generating a federal indictment is a surefire way to ensure your vanity search results remain unmarred by "offending court decisions." But this DDoS wasn't Rakhshan's only attempt to scrub the web of negative info. Searching through the Lumen (formerly Chilling Effects) database reveals post-alleged attack efforts Rakhshan made to clean up unflattering search results.

Several takedown notices sent to Google reference a court order obtained by Rakhshan targeting three URLs set up by someone who wanted the world to know about Rakhshan's fraudulent Canadian escapades.

Rakhshan's requests demand the removal of the following URLs by Google.

http://jahanrakhshan-credit-card-embosser.blogspot.com/

http://jahanrakhshan-impersonated-police.blogspot.com/

http://jahanrakhshan-rakhshan-fraud-trial.blogspot.com/

http://rakhshan-vs-whatcom-county-washington.blogspot.com/

http://whistleblower-legislation-canada.blogspot.com/p/blog-page.html

However, the court order [PDF] he cites (in increasingly angry tones) only specifies the removal of three URLs.

http://rakhshan-vs-whatcom-county-washington.blogspot.com/

http://jahanrakhshan-rakhshan-fraud-trial.blogspot.com/

The third URL refers to a Google Drive document.

The court's order says the person posting these must remove them, not Google. In fact, a handwritten note appended to the end of the approved order makes it clear Google is not responsible for the removal of the URLs.

(In case you can't see it, the handwritten note reads "Google is not a party to this lawsuit.")

The three other URLs listed in Rakhshan's takedown notices were struck from the court order before approval. That's because there was nothing even possibly libelous about the posts. All they contained were Canadian court documents pertaining to Andrew Rakhshan/Kamyar Jahanrakhshan which, no matter how unflattering, cannot possibly be considered defamatory.

Not that it seems to matter to Rakhshan. This note is appended to his September 2016 takedown request:

Next month is ONE-YEAR anniversary of when I first submitted this Complaint. I am attaching BOTH my Court Orders once again. TELL ME what is the problem or issue. I will then PRINT your comments, attach them to my sworn affidavit, and take it before the SAME Judge and wont leave his courtroom until he gives me a THIRD Order which is to your standards. Once again, the first 2 URLs above are explicitly stated in both orders. That means the Judge has found them to be unlawful, not once, but TWICE - No further explanation is therefore required. The 3rd, 4th and 5th URLs above are an exact replicate of what you removed between December to April. I could elaborate extensively if you wish, but in sum, the Defendant either accuses me of DDoS, or else being a same person as a convicted fraudster from Canada. Last week Google Security called me and asked that I stop contacting Google. I will NEVER do that until these 5 URLs are removed, even if it takes 10 ...

Strange that it mentions a DDoS. But by this point, he'd probably been hearing about the accusations for at least a year. According to the indictment, the attack took place in January 2015. Also stranger that it says the URLs claim he's the same person as a convicted fraudster from Canada. The URLs that remain live don't connect the two names. But the multiple takedown notices -- coupled with the recent indictment of Andrew Rakhshan -- seem to indicate these are both the same person.

However, both a 2011 Canadian news article about Rakhshan

Westpac, St George Bank and Bankwest were just three banks and card issuers from around the world that gave evidence this year against Kamyar ''Andy'' Jahanrakhshan of North Vancouver.

In spending almost $C500,000 of other people's money, Jahanrakhshan used forged credit cards that carried his real name and supplied the various car dealers with his driver's licence.

He was found guilty last month of multiple counts of fraud by the Supreme Court in British Columbia.

And the DOJ's indictment

Kamyar Jahanrakhshan, aka “Kamyar Jahan Rakhshan,” “Andy or Andrew Rakhshan,” “Andy or Andrew Kamyar,” and “Kamiar or Kamier Rakhshan,” 32, of Seattle, Washington, was arrested today on a federal criminal complaint charging him with extortion by threats to cause damage to the Dallas, Texas hosting company for Leagle.com, announced U.S. Attorney John Parker of the Northern District of Texas.

...make it explicit this is the same person, despite Rakhshan's protests to the contrary.

And it could be Rakhshan is impersonating the Canadian Broadcast Corporation as well. There are three notices purportedly from the CBC demanding takedowns of archived versions of the CBC's original story about Rakhshan's Canadian legal troubles.

So, it appears Rakhshan is -- or at least was -- engaging in a lot of questionable behavior attempting to scrub the web of mentions of his Canadian criminal past. Adding bogus DMCA takedown notices to an alleged DDoS isn't the ideal course of action one should pursue if they feel their search results are already a bit sketchy.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: andrew rakhshan, ddos, kamyar jahanrakhshan, reputation management, search engine optimization, seo
Companies: leagle


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Toom1275 (profile), 3 Aug 2017 @ 10:19am

    If only he'd used a DMCA as his weapon instead of a DDOS, he might not be in prison now.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 3 Aug 2017 @ 11:10am

    I believe...

    "You're doing it wrong" is pertinent here.

    link to this | view in thread ]

  3. icon
    Ninja (profile), 3 Aug 2017 @ 11:15am

    Re:

    Even though both of them have the same effect in the end. Of course the DMCA is more effective.

    link to this | view in thread ]

  4. identicon
    Christenson, 3 Aug 2017 @ 12:04pm

    Re: I believe...

    "You're doing it wrong" isn't the bon mot you think it is...

    By Streisanding himself, he's doing it right, and proving his true colors for all the world to see!

    link to this | view in thread ]

  5. icon
    orbitalinsertion (profile), 3 Aug 2017 @ 5:25pm

    jahanrakhshan-ddoses-self-with-repeated-fraudulent-activity-and-a-multiplicity-of-monikers.blogspot. com

    Kamyar Jahanrakhshan, aka “Kamyar Jahan Rakhshan,” “Andy or Andrew Rakhshan,” “Andy or Andrew Kamyar,” and “Kamiar or Kamier Rakhshan,” or... "Frank Pohl".

    link to this | view in thread ]

  6. icon
    tuum-est (profile), 5 Aug 2017 @ 6:18pm

    Court Order: Blog Author

    My blog pages were accurate and well-considered. The content was true, written like a physics research paper where everything is proven as you go. Personal note: I am a physicist, a UBC graduate (now retired).

    My blog did not give Rakhshan any platform to argue about "opinion." Contents:

    • Some blog pages presented emails signed by Andrew Rakhshan. The words were strictly verbatim, quotes from Rakhshan's own emails to me.
    • Another page showed the server logs from the DDoS attack on my website. These are mathematical graphs and cannot defame anyone. Source of the logs: Arvixe, a well-reputed web host.
    • As your article points out, some other pages were Canadian court rulings from the Jahanrakhshan fraud case, obviously not defamatory as they were written by a court.

    My blog had modest beginnings: I published the single webpage that Rakhshan took down on my main website, plus a few of his emails bragging about his DDoS attack. But after seeing my blog online, the Toronto Police Cyber-Crimes Unit contacted me, they "applauded" the blog and encouraged me to continue. Police explained that Rakhshan was "living a very transient existence" and could not be located.

    And so my blog grew, but not with any aim to defame Rakhshan. The blog served a quite different purpose: to help police track Rakhshan via my Google Analytics logs. The logs were useful in case Rakhshan ever slipped up from hiding behind a VPN network – a possibility in view of his frenetic, relentless hits on any page containing his name.

    Regarding the Court Order last year which forced my blog offline:

    • Properly it is called an "Order of Default" from King County Court in Washington State, USA.
    • Rakhshan obtained it through an entirely one-sided process: He ensured I knew nothing of the proceedings so I could not attend, represent myself, or file any evidence.
    • Key to the scam: Rakhshan fabricated an Affidavit of Service to make it appear I was served with court documents (when I wasn't). Police have a copy of this document (which they call "compelling") and are investigating.
    • Rakhshan wrote a Declaration for King County Court, denying he ever launched DDoS attacks against anyone, and vowed he never sent any threatening emails. That was the foundation of his court action, namely that my blog was "defamatory" because no emails or DDoS existed.
    • His then-lawyer Peter Montine wrote a Motion for Default saying: "The emails (published by Sil) supposedly came from the address Andrew.rakhshan@gmail.com. Mr. Rakhshan does not own or use this email address and possesses no knowledge of the email address's true owner."

    Sequence in King County Court:

    • October 27, 2015: Judge Oishi of King County Court signed the Order for Default against my Blog pages. I had to beg Google for a copy of the Order and did not see it until January 2016 (months after the decision).

    • July 5, 2016: Judge Oishi apparently signed a follow-up Order for Contempt against my Blog pages. This I saw for the first time on TechDirt today.

    • July 26, 2016: The FBI filed a Charging Document listing cyber-crimes committed by Rakhshan (aka Jahanrakhshan). The Toronto Police and Australian Police closely assisted. The document was sealed for a year.

    • Late July 2017: The FBI unsealed the Charging Document. It confirmed that Rakhshan used the email address Andrew.rakhshan@gmail.com for his DDoS cyber-crimes against many websites. Rakhshan was arrested and is now held without bail in the Administrative Security Federal Detention Center at SeaTac (FDC Seattle-Tacoma). Search the inmate locator under one of his many personas, Kamyar Jahanrakhshan.

    Incidentally, the United States court had no jurisdiction over my Canadian web content. My website and blog were both passive (read-only) and thus fell at the lowest end of the "Zippo Sliding Scale". Refer to the landmark precedent Zippo Manufacturing Co. v. Zippo Dot Com (1997) which says: "A passive website alone is never sufficient grounds for the exercise of personal jurisdiction."

    link to this | view in thread ]

  7. icon
    tuum-est (profile), 6 Aug 2017 @ 3:43am

    Takedown Petition - Duty of the Judge

    TechDirt reports that DMCA and defamation claims are increasingly used as a substitute for DDoS attacks. A Judge hearing a petition to take down webpages has an obligation to perform minimal checks, especially if the site owner is not present in Court. Examples:

    • While a short header in an email can be spoofed, the long header cannot be faked. The long header is designed for security: You can run the header through a tracer program to determine the source, and also analyze how long the email was delayed. Judge Oishi failed to perform this basic check.

    • The web being international in scope, the petitioner and site owner may well live in different countries. If the petitioner claims he met the site owner in person to discuss things, the Judge can check with Passport Control to determine whether the supposed cross-border travel ever took place. Judge Oishi failed to do so.

    • If the respondent (site owner) is not present in Court, find out WHY. An Affidavit of Service cannot be taken at face value when parties to the action are spread wide across the globe. An Affidavit of Service contains concrete details of when and where court documents were served. Check whether the address shown on the Affidavit matches the respondent's real physical address – or whether it represents some random address two provinces away. The Affidavit of Service is a dichotomy: it is crucial, yet easy to fake. It must be checked by the Judge himself (not by the petitioner's lawyer). Judge Oishi did not bother.

    Excerpted below is some of my correspondence with Google Blogger for the period Oct 2015 to July 2016 (between the first and second Orders). Certainly I beat my brains out trying to comply. The only info I had was a copy of the Order for Default from Google. At that time, the logical interpretation was that Rakhshan took issue with how I phrased things in a few places on my Blog. Thus I expanded my Blog pages, cross-referencing my evidence and adding detailed footnotes. I had no idea Rakhshan was abruptly denying the DDoS attack – this would not occur to anyone who saw his hundreds of intimidating emails. "You will never had a website while I am alive!" said Rakhshan.


    2015 December 20 / Gmail - Sil to The Google Team:

    Most of the proof of the truth of my Blog content is ON the actual Blog pages. As to upgrades: In one email to Rakhshan, I told him that if he disagreed with anything I expressed on my Blog pages, then he could re­write the phrase or paragraph and email the text to me, and it could replace my own words if suitable. Rakhshan never did any writing though; he never once mentioned it over subsequent months. My email is attached.

    I placed a Google Analytics Tracking ID on my Blog pages. It gathered useful statistics, which I sent to Toronto Police on December 12, 2015. Then on December 15, suddenly these same Blog pages disappear. You might consider whether that is what drives Rakhshan: his fear of being tracked, and arrested.

    In any event, I pride myself on accuracy, and if there really is anything that needs attention on Blogger, I will listen and act. But I cannot work in a vacuum. Specifics are required. (1) The Google Team said a "US Court Order" is attached, but I cannot find the Order. Who signed the Order? Who is the complainant? (2) I am guessing the complainant is Andrew Rakhshan (aka Kamyar Jahanrakhshan) because he is the topic of discussion on the Blog pages which disappeared. Can you confirm?


    2016 January 6 / Gmail - The Google Team to Sil:

    Hello, Attached the court order in question. Please note that we contacted the Superior Court of Washington, Kings County, and they verified that the order >is legitimate. Regards, The Google Team


    2016 January 12 / Gmail - Sil to The Blogger Team:

    My Blog page "DDoS Timeline Andrew Rakhshan" is not in violation of the Blogger Content Policy. When I (re-published) the page, I took care to add links to material verifying the truth and accuracy of every statement made in the article. The timeline is (now) presented in a table. On the right side of the table is a major column titled "Verification." That column contains material which corroborates the rest of the page.

    After all, this Blog page is a timeline. The evidence is in the actual correspondence (emails) exchanged over time, plus the server logs, and my account registration for the web-host. This evidence is what a Court calls black-and-white.


    2016 January 18 / Gmail - Sil to The Blogger Team:

    It was the Toronto Police who encouraged me to write and keep afloat the Blog pages, which served their investigation in practical ways. As to the Order, we checked with King County Court in Washington State, and found the Order does exist. It was obtained in my complete absence; no-one notified me that a court process was underway. The normal position is to infer prejudice when one party is given no opportunity to present evidence.

    Rakhshan does not use the normal definition of "defamation." He does not mean material that is false. By "defamation" he means any mention of his name at all. Especially he does not want the connection known between his two legal surnames (he uses "Rakhshan" in the USA, and and "Jahanrakhshan" in Canada). To avoid confusion, you need this background. His two names are equated in court rulings:

    Status of Court Order: Summary

    • Rakhshan, by some method we are looking into, lied to the Court to keep me completely unaware of the court process.
    • Then Rakhshan went himself to Court and obtained an Order removing my Blog pages. These are the identical pages he tried to take down via DDoS from January to August 2015.
    • The Order benefits the person who lied to keep me absent from the court proceedings.
    • Before I saw the Order, the Toronto Police advised me it was "almost certainly counterfeit" based on the truth of the material plus the fact my Blog pages were contributing to a police investigation in Canada.
    • When I finally saw the Order, I questioned its authenticity. So did the Toronto Police, again based on their knowledge of the case built against Rakhshan. Exploration reveals a question more complex. We are following up, and I will advise Google and Blogger in due course.
    • In the meantime, I value my reputation with Google. I make a personal, definite statement here: The content of my Blog pages is true, accurate, and well-considered. My intent is positive. The Toronto Police said my Blog pages "are incredibly helpful" to their investigation. Rakhshan knows I am aligned with law enforcement, and that my duty is to victims.

    link to this | view in thread ]

  8. identicon
    VINIT SINGH, 24 Aug 2018 @ 12:33am

    Court Order: Blog Author

    My blog pages were accurate and well-considered. The content was true, written like a physics research paper where everything is proven as you go. Personal note: I am a physicist, a UBC graduate (now retired).

    My blog did not give Rakhshan any platform to argue about "opinion." Contents:

    Some blog pages presented emails signed by Andrew Rakhshan. The words were strictly verbatim, quotes from Rakhshan's own emails to me.
    Another page showed the server logs from the DDoS attack on my website. These are mathematical graphs and cannot defame anyone. Source of the logs: Arvixe, a well-reputed web host.
    As your article points out, some other pages were Canadian court rulings from the Jahanrakhshan fraud case, obviously not defamatory as they were written by a court.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.