FBI Anonymous Anti-Sec LCSO - Org FOIA Documents

FEDERAL
FOI/PA
DELETED
FOI/PA#
BUREAU
OF INVESTIGATION
PAGE INFORMATION
1272054-0
SHEET
Total Deleted Page(s)

8
Page 21
b6 ; b7C; b7D;
Page
Page
Page
Page
Page
Page
Page
22
23
26
27
38
39
40
b6 ;
b6 ;
b6 ;
b6 ;
b6 ;
b6 ;
b6 ;
b7C;
b7C;
b7C;
b7C;
b7C;
b7C;
b7C;
b7D;
b7D;
b7D;
b7D;
b7E;
b7E;
b7E;
XXXXXXXXXXXXXXXXXXXXXXXX
X
Deleted Page(s)
X
X
No Duplication Fee X
X
For this Page
X
XXXXXXXXXXXXXXXXXXXXXXXX
(Rev. 0501-2008)
UNCLASSIFIED
FEDERAL BUREAU OF INVESTIGATION
Precedence:
To:
ROUTINE
Date:
04/24/2012
Jacksonville
From:
Jacksonville
11
Contact: SA L...r---...,...----------
.....
b6
b7C
Approved By:
Drafted
Case ID
b7E
Title:
UNSUB (S);
LAKE COUNTY SHERIFF's OFFICE - VICTIM
Synopsis: To open case and document meeting with

Sheriff's Office (LCSO).
county
Details:
On 4/23/2012 SAl
land SAl
of FBI JK met withl
I at~I------------~~~~~----r--~
Florida 32778 to discuss information that was passed from FBI HQ
on 4/21/2012 to SAl
I about a possible computer intrusion by
I
I into the t;cso network.
.
b6
b7C
of LCSO was interviewed on

4/23/2012 about a potential intrusion into the LCSO network.
I
Istated that he had been contacted by an FBI Agent out of
San Antonio (SA) and told of a possible computer intrusion back
in January of 2012. I
Istated that he attempted multiple times
to reach back out to FBI SA with negative results.
b6
b7C
L...-_~I
stated that he believed that the intrusion attempt
was un-successful and provided logs and data. Writer and SA
I
I advised I
I to look again for the possible intrusion by
checking server logs and legitimate user accounts for unusual
activity and gave him an overview of criminal hacking procedures
and techniques. I
I called Writer back on 4/23/2012 after the
meeting to report that he had found a user account that was being
accessed for illegitimate purposes and was going to contipue the
investigation.
b6
b7C
.~~-~--~-~~~~-~
UNCLASSIFIED
b6
b7C
To:
Re:
UNCLASSIFIED
Jacksonville From: Jacksonville

288A-JK-NEW, 04/24/2012
Writer reached out to Cyd HQ, Bucharest ALATI

I
~----~I, and FBI SA on 4/23/2012 to coordinate the investigation
and collect information pertaining to the possible intrusion at
LCSO. The following is the details of the information that was
provided:
b6
b7C
FBI SA provided the following:

Table name: SO TBL USERACCESS
Data:
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
LCSO,
b6
b7C
FBI ALAT Bucharest provided the following:

b7D
b6
b7C
UNCLASSIFIED
2
UNCLASSIFIED
To: Jacksonville From: Jacksonville

Re:
288A-JK-NEW, 04/24/2012
b7D
b6
b7C
UNCLASSIFIED
3
From:
UNCLASSIFIED
To:
Jacksonville
Jacksonville
Re:
288A-JK-NEW, 04/24/2012
[please note, some of the above may be misspelled]

b6
b7C
b7D
ALAT Bucharest advised that!
Based on the above information Writer requests the above

case be opened and assigned to SAl
and Co-Case SA
UNCLASSIFIED
4
b7D
b6
b7C
~D-340a (Rev. 1-27-03)
(Title)
(FileNo.)
Item
2~kJ"- 335:'/'
To be returned
Yes
No
.Date
Filed
Disposition
.
.
"
,,
,
.'
.
.
.
.
.,. .. ,,"
~.'<I!.W'"
.~. Jot
~.
. ~.;.:-~';~,!t'~;;%~~.sf.::.;..~
..:.,..\~J;:;~ ..~/':
,~'~ "
.
Field Office Acquiring' EVldenee ' __ .,
"0X~'
'..;.,'~, '_',,!-,-' '0,:..',",,-.,' __~ ,..."
..L,'~',':..",...' ,,..,..',
_.' ., __
.:,.-;'.,...'.,_:<_',...'/_"',...:'<! __' _': ., :;,-:'_'.'
.~.~:~
Serial # of Originating Do'cu,inent--:-- ....

~....
, .,;,;::~,
'..;.....,........,_....,....,-:--;.......,.__,..._,_'''~-,....
__,...'
.;~'., ,..0---",
cP'1 ).~lo
Date Received
I ~<:p
~..- ~
is: ,
"
"
.:.
....
i ....
_
_;:-,
From
, '. (Name ofContributorllntcrviewcc)
r,
_,t'
,..-
.'!_
-,.,
..
-"I
'.'
,,_
~,
,
e.
(Address)'
F
.
~
(City and State)
By
51A
"
To Be Returned 0 Yes
4p No
Receipt Given 0 Yes
~ No
Grand Jury Material- Disseminate Only Pursuant to Rule 6 (e)
Federal Rules ofCrirninal Procedure
DYes
~ No
Federal Taxpayer Information (FTI)
DYes
~No
Reference:
(Communication Enclosing Material)
Description:
b6
b7C
Original notes re interview of
Ii
o
-
FO-340 (Rev. 4-11-Ol)
File Number
field
88f) , \J'K - S 33~L{
ornee Acquiring
Evidence
_:J~...1.K'~
Serial # of Originating Document
::~~
1/?>f( t.cso
... Ived
b6
b7C
~------~~(N~a~m~eo~fA~=n~m~bu~to~r~~nre=N~ie~~=)~------------
3<;;0
\,J
,,(J, '8
5T
,I
(Address)
(City
andState)
By
5;&1
To Be Returned
Yes
~~
Jl.l
" Receipt Given

Yes
.FiJ GfJ
Federal Rules of Criminal Procedure
I'
DYes
DYes
Reference:
_
(Communication
Enclosing
Material)
Description:
Your Exam service request has been entered into the system and is pending review by the JK office. A representative, from the JK office will contact you shortly regarding the
status of your request with further information and instructions.
44687
Service Request ID:
Request Type:
Exam
Request Date:
04/27/2012
2 (Priority)
Request Priority:
Requested Completion Date:
05/0212012
Investigative Request?
Yes
UCFN:
288A - JK - 53354
Case Agent/Investigator:
I
I
Case Agent/Investigator Field Office: IJK
Case AgentlInvestigator Supervisor: .-,-------.
b6
b7C
Case Title:
Case Synopsis:
UNSUB (S); LAKE COUNTY SHERIFF'S OFFICE - VICTIM
SUbmitting Agency:
Agency Case/File Number:
Contact Information:
FBIJK
b6
b7C
b7D
6061 Gate Parkway

Jacksonville! FL 32256
b6
b7C
b7E
,
Assign Request To:
Evidence to be Examined:
Request Description:
Legal Authority:
JK
I External HOD containing backups and images of three (3) virtual servers and logs.
C9PyHDD
To,Be Determined
(" A RT ~prvir,p R Pl111Pc:t("nnfirmMinn
- 1A M~tpri~l
IPrintp/J nn
OdI?7I?OI?\
Page _-::-_0
FD-597 (Rev 8-11-94)
.L:
,UNITED STATES DEPA&TMENT OF JUSTICE

FEDERAL BUREAU OF INVESTiGATiON "
Receipt for Property' Received/Returned/Released/Seized
File #
."'-"
t"'t>,,,t>rt
,,'
-_,::...-:::
(City) __
&11 f/;(_/"7iJt~
d To
To
'"
b6
b7C
.I.'\.v."a;)vu
-:-.:..o....:-.
Description of Item(s):
'below were:
From
' ""'"-"..-'.:-_,~."...--......;"..;~".......,.
h.;(1 I2g ,-kt I All y $~0 k ~It""',~

tCc~kttf r alA d r,."aJ&~ 6 ;D
\,AIe5
- .- I~a
gq~
srr: ( c EO TTIf)
!
.- -,- r
Received By:
Received
From:i
L---
~_:-f -
b6
b7C
t-
.j
I FO340 (Rev. 411"()3)
b6
b7C
>f
-"
..
,.
(Address)
(Cjty
and State)
By
~ No
Receipt Given 0 Yes
9 No
Grand Jury Material- Disseminate Only Pursuaht to Rule 6 (e)
DYes
DYes
00 No
.,
r:..
j
Reference:
Description:
jQ

b6
b7C
j"
," .,
:0
DAILY GRIN
"
-l?
\
4460 wasfiYlgtoYl Road SlAite 2Q EvaYls, Georgia 30809

Office 706.854,8838 Fax 706.854.8022
,
~
:
',j
" ~ ,1
"
"
Serial # of Originating
Document
"'_.
Date Received
~
From
AUT t3 u cho (~.),'
(Name orContributorllntcrvicwec)
(Address)
;.
(City and State)

"
jI
By
b6
b7C
SA
~~------------~--------------------
I ' To Be Returned
0
0
Yes
No
lfJ
Receipt Given
Yes
No
DYes
Federal Taxpayer Information (FfI)
Yes
ji3 No
fl No
Reference:
..
Description:
VCe-$"5
/eIC~.f-C- ~<ffcJ
"
PRESS RELEASE
05/29/2012
Prosecutors Department for Organized Crime and Terrorism - Central structure

deconstructed a criminal-group, consisting of 14 persons, so they carried out 12 house searches
in Bucharest, Iasi, Alba Iulia, Piatra Neamt, Cluj Napoca, Turnu Severin, Arad, Craiova and
Targu Mures Resita.
.
Group leader was identified as the accused BALAEASA Gabriel, 24, of Piatra Neamt,
known in the virtual environment with nicknames "lulzcart, anonsboat, anonsweb, Cartman."
This, together with Gabor and Picos Fabian accused Michael Emil was a group, joined by
other people involved in the cyber terrorist attacks.
The group conducted an extensive criminal activity specific for cybercrime, which
consisted of illegal access to computer systems, misuse of confidential or non public and
published in the online environment seep data.
Databases confidential 1classified subjects were given preference for public institutions
and businesses, both in Romania and abroad.
For technical and practical way of operating, cyber attacks launched on the target server
and Web pages, were SQL injection, using different applications, namely Havij, SQL, etc.
Map. In most cases, after compromise and obtain unauthorized access to targeted sites, the
group members brought changes to computer data, executing attacks "deface", consists of
applying a web page instead of the main site, which was to change general in certain posting
messages, links and images that promote group claims attack and hackers.
Attacks were launched in order to obtain computer data, appropriate data were copied 1
transferred without the right and subsequently published in the virtual environment on various
sites as evidence of hacking activity.
Group members did so to launch attacks on a total of 29 sites, information infrastructure
such unauthorized penetration achieved by infringement of security measures implemented in
the server that housed the target Web sites.
.
Criminal activity led to total or partial compromise of Internet sites and areas covered,
resulting in significant costs to recover data and implement new security measures.
.
At the D .I.I.C.O.T. will be brought to hear 12 people, to which research is carried out for
crimes without the right to access information systems in order to obtain computer data in
violation of security measures, modification of computer data without right and unauthorized
transfer of data a computer system provided. of art ..Article 42. 1,2,3 and art. Article 44. 1,2
of Law no. 16112003.
The investigations were carried out with the judicial police officers in DCCO. - S .C.C.!.
and Special Operations Division.
The action was carried out with the support of the Romanian Gendarmerie.
Technical support and information was provided by SRI.
Comunicat de presa - 29.05.2012
http://www.diicot.ro/index.php?view=articlc&catid=38:mass-m ...

Marti, '29 Mai 2012 00:00
COMUNICAT DE PRESA
29.05.2012
Procurorii Dlrectlel de Investigare a Infractiunilor de Criminalitate Organizata ~i Terorism

- Structura centrata au destructurat 0 grupare,infractionala, constltulta din 14 persoane, sens
in care au efectuat 12 perchezltll domiciliare in municipiile Bucure~ti, Iasl, Alba lulia, Piatra
Neamt,Cluj Napoca, Drobeta Turnu Severin, Arad, Craiova, Re~ita ~i Targu Mure~.
Liderul gruparif a fost identificat ca fiind invinuitul BAlAEASA Gabriel, 24 de ani, din
municipiul Piatra Neam], cunoscut in mediul virtual cu nickname-urile "Iulzcart, anonsboat,
anonsweb, cartman".
'
Acesta, tmpreuna cu tnvinuitii Fabian Gabor sl Picos Mihai Emil a constltult '0 grupare, la
care,au aderat ~i alte persoane, implicata in derularea agresiunilor de terorism cibernetic.
Gruparea a desfasurat 0 vasta activitate lnfractlonala speciflca, de, crimlnalltata
informatica, ce a constat in accesarea i1egalaa sistemelor informatice, sustragerea de date
confldenflate sau nedestinate publicitatii, precurn ~i publicarea in mediul on-line a datelor
exfiltrate.
Bazelede date confidentiale/clasificate vizate erau de predllectle administrate de lnstltutll
~i persoane juridice publice, atat din Romania cat ~i din stralnatate,
Din punct de vedere tehnic ~i al modalitatii concrete de operare, atacurile Informatlce
lansate asupra serverelor ~i paginilor web tinta, erau de,tip Sql Injection, prin folosirea unor
diferite aptlcatu informatice, respectiv Havij, SQl Map,'etc. In majoritatea cazurilor, dupa
compromlterea ~i obtlnerea accesului neautorizat la site-urile vizate, membrii gruparii
aduceau modiflcarl datelor informatice, executand atacuri de tip "Deface", constand in
introducerea unei pagini web in locul paginii prlnclpale a site-ului, modificare care consta in
general in postarea anumitor mesaje, link-uri sl imagini prin care se revendica atacul ~i se
promova gruparea de hackeri.
Atacurile erau lansate in scopul obtlnerii de date informatice, date care erau dupa caz
copiate/transferate fara drept sl publicate ulterior in mediul virtual pe diverse site-uri, ca
dovada a 'activitatii de hacking.
Membrii gruparii au procedat astfel la lansarea de atacuri informatice asupra unui numar
de 29 de site-uri, patrunderea neautorlzata in respectivele infrastructuri lnformatlonale
realizandu-se prin tncalcarea masurilor de securitate implementate la nivelul serverelor care
gazduiau site-urile web tinta.
Activitatea infractionala a dus la compromiterea totala sau partlala a paginilor ~i
domeniilor de internet vizate, generand costuri semnificative in vederea recuperaril datelor
~i lmplementarll de noi masurl de securitate .
lof2
5/29/129:58
AM
" ..."
http://www.diicot.ro/index.php?view=article&catid=38:mass-m ...
La sediul D.LI.C.O.T.vor fi aduse in vederea audierii 12 persoane,fata de care se

efectueaza cercetarl pentru savarslrea lnfracflunllor de acces fara drept la sisteme
informatice, in scopul obtlnerli de date informatice prin lncalcarea rnasurllor de securltate,
modificare fara drept de date informatice ~i transfer neautorizat de date dintr-un sistem
informatic, prey.de art. 42 alin.1, 2, 3 ~i art. 44 alln. 1,2 din Legeanr.161/2003 .
.
,
Cercetarileau fost efectuatetmpreunacu oflterl de politle judiciara din cadrul D.C.C.O. S.C.C.I.~i DlrectiaOperatlunlSpeciale.
Actiunea a fost efectuatacu sprijinul Jandarmeriei Romane,
Suportul tehnic'~i informativ a fost asigurat de catre SRI.
20f2
5/29/129:58 AM
'.
Field
om Acquiring
Serial #
or Originating
-:
Document
5130/, .;l
Date Received
From
_~\J~.r...I<~
E~ldence
~
b7D
::
'"
"
r!IF~1~34~)~30~-----------\.
jl-
(City and State)
By
sf
To Be Returned
f,
t
0
0
.'
lSi No
121 No
Yes
Receipt Given
Yes
DYes
Federal Taxpayer Information (FfI)
b6
b7C
g] No
"
'.
:
.:
J&] No
DYes
_"
-I
1
'
Reference:
'I

~'
Description:
Letfrl .froVVl
I~-r
?f,'ffrtr1T
'
<iF- ~vjp"ce
".!
,,
~
~
~ . ~,..
..
b7D
v:
..
CART Exam Service Request Confirmation - lA Material

Your Exam service request has been entered into the system and is pending review by the JK office. A representative from the JK office will contact you shortly regarding the
status of your request with further information and instructions.
Service Request 10:
45405
Request Type:
Exam
05/30nOl2
2 (priority)
Request Date:
. Request Priority:
Requested Completion Date:
06/0sn012
Investigative Request?
Yes
UCFN:
Case AgentlInvestigator:
288A - JK - 53354
SAl
Case AgentlInvestigator
Field Office: JK
Case AgentlInvestigator
Supervisor:
Case Title:
Case Synopsis:
Submitting Agency:
SSALI
b6
b7C
...I
UNSUB (S); LAKE COUNTY SHERIFFS OFFICE - VICTIM

,..:O~ni!.,,2=..lwAi:l~pl:!lr~il-=2~0.!.i12!:.1U
Jn,l!!::::ot~ifi~le~d..!:L~E~G~A~T~B~u~c:!!h~are~s~t.!:th~a~d ~
JK
Agency Case/File Number:

Contact Information:
. Assign Request To:
904-2487214
JK
Evidence to be Examined:
Request Description:
copy media and give to SA and retum originals to evidence.
Legal Authority:
Consent
CART Service Request Confirmation - lA Material
(Printed on 05/30/2012)
b7D
Fjeld Office Acquiring Evidence

Serial # of Originating Document
'~
__=_
Date Received
,r.~;
From
b6
b7C
afl",c e
----~~--~~--~--7(N~am=e~o~f~C~o=nt~ri~bu~t=ot~/l~nt~eN~ie~w=ee~)~~~------------_;------
3({J
Werr- ~ v-b'1cs:+(~T /
I
(Address)
"
Tov are~ Fi , 3 ;).77 8'
,"'
..
')
By
SA
(City and State)

e:
;, ToBeRetumed
Yes
No
Receipt Given
Yes
No
/;

DYes
FederalTaxpayerInfonnation(F11)
<
DYes
b6
b7C
51 No
rn No
Title:
"
Reference:
(Communication
Enclosing
Material)
Description:
b7D
L_
~~
1 Serial
# of Originating Document
~i
il
t
Date Received __
From'
_3~_7=-,-
"
--;::===::::;-
.. ,
'I
~b
I
----~~-1--~c~,,-=,J,!~o~fcfcownm~bbtU~w~dl~nt~eN~i;e~~)-----------
(Address)
(City
and State)
i'
r. By
frEer
--"-l..~"""-"--L_
__
1;
'l:,
1.
,.1,
t
.;
0 Yes
0 No
0 No
1,
4
i'
y.
:. Reference:
-...,.~I;,;;::,....,._-------------,.-_::_
(Cominunica'tion
Enclosing
Material)
I.t:
l'
:t
.r
,;
'"
V-
Title:
~ Description:
., )
0 No
( Receipt Given 0 Yes
Cl No
t Grand Jury Material- Disseminate Only Pursuant to Rule 6 (e)
0 Yes
Federal Taxpayer Information(FfI)
,,
4
J__----------,~
t'
b6
b7C
0 Original notes re interview of
CYj
C6c.
llS 1
Cfr ED- 19'Z..

~o,_ .1-g?
'.-
ICMIPR01
Page 1
O.~/25/12
16:16:22Title and Character
of ,Case:
,LAKE COUNTY SHERIFFS OFFICE

Date Property Acquired:
Source from which Property Acquired:

LCSO
360 W RUBY STREET
TRAVORES FL 32778 .
04/25/2012
Anticipated Disposition: Acquired By:
b6
b7C
Case Agent:
De'scription of Property:
1B 1
Date Entered
WESTERN DIGI~AL MY BOOK STUDIO EXTERNAL HARD DRIVE,

SN: WCAZA3,18'8836(2TB,W/POWER SUPPLY & USB CABLE)
CONTAINING: BACKUPS & IMAGES,OF LEO APP1, LEO CITRIX,
APP2{LEO TTA) , AS WELL AS LOGS FROM LEO APPL, LEOCITRIX,
LEOASP1,WEBSITE LOGGING
Barcode: E472S431
Location: ECR
CART
BIN14
Q4/25/2012
--_
Case Number:
Owning Office:
288A-JK-53354
JACKSONVILLE
,'_'
FD.I0Q4
FEDERAL BUREAU OF INVESTI
Revised
EVIDENCE CHAIN-OF-CUSTODY
162009
Evidence Type:
o Firearm/Weapon
o Drug
o Valuable
0 General
~CART
o Firearm/Other
b6
o
o
o
o
Batteries
HAZMA T
Req. Charging
Other
0 Biohazard
0 Latents
0 None
o
o
FOJ
Refrigerate
I-S_ig_n_at_ur-1e
I
I
I
Printed N~:
h--r:======:!=::::;__ -t
/0:001}VV\
Reason: Collected
Signature:
Signature:
Printed Name:
Printed Name:
Reason:
Reason:
Firearms Certification:
Printed Name:
Case 10: ~<g~A
lfj')..5/;)01 J.\/ b7C
JK- 53354
Signature:
IB: __
Date:
-I-
Barcode:
G' '-17 ;? 51/-3[
l'
...
Continuation Page
'Signature:
Signature:
Printed Name:
Printed Name:
Reason:
Reason:
.',Date ahd '~.'
~',
:A.ccept~~C~siO~1-:....:.: .',-,:':;:;;,~Dat'e ~rt'd;Y
."
-Tlme
Signature:
Signature:
Printed.Name:
Printed Name:
Reason:
Reason:
,
,,'
, , ': .:,rime .:,
. D~te and". :Accepted:Custody,:,<,; ':.'~.':,:':"

" .' ,D~t~'arid;:~::
, "Time",'" ,,::
"','
"',>~-/,-:::->:,:, J,:~tP~";':--<
"'.','
Signature:
Signature:
Printed Name:
Printed Name:
Reason:
.Reason:
.
,;
and-,
...~
", .':Date
....
--. 'TillIe' ,
Signature:
Signature:
Printed Name:
Printed Name:
Rea~on:
~ Signature:
Signature:
Pr_intedName:
Printed Name:
Reason:
Reason:
Signature:
Signature:
Printed Name:
Printed Name:
Reason:
Reason:
Case ID:
IB:
Barcode:
Page
FD-597 (Rev 8-11-94)

_f
of
UNITED STATES DEPARTMENT OF JUSTICE

FDERAL BUREAU OF INVESTIGATION
Receipt for Property Received/Returned/Released/Seized
File #
;)~?lA - J 1<- 5335'i
LJ/_ a sjao I J.
On (date)
(Name)
LIA keG (()
f't
(City)
~4e /',r Fis 0 f(,'c,e 1

!(t/;l~
-_7
Wb~t
J?O
(Street Address)
tAn
,--
/ eQ
item(s) listed
G:V Received
D Returned
D Released
D Seized
.5fkcf
below were:
From
To
To
TaVQ1/'-e.s 7 FL
b6
b7C
J..27711
\......:;_"'<
C;/ r,' X
!tlf2
( L EO T7 A)
"
-'
Received By:
L...I
__
----.,..
____JI---
__
-".
~_=";:J.
~s~
Received From: 1L..
_;---
__-~-_. ~~ .. ~~c.j
0.2/04'12
09:03:36
ICMIPR01
Page 1
FD-192
Title and Character of Case:

LAKE- COUNTY SHERIFFS OFFICE.
HTTP PASTEHTML COM VIEW BW2M4UWHB HTML
b6
=D-a-:-te-P=r-o-p-e-r--:t~y--:A:-c-q-u--:i:-r-e-:d;-:--::S~o-u-r-c-e--;::'f-r-om-w--:h;-~c""h--:P:::-r-o-p-e-r""7t-y---=A-c-q-u""":i-rb7D
05/30/2012
Anticipated
Description
1B 2
Disposition: Acquired By:
Case Agent:
b6
b7C
Date Entered
of Property:
1.2: SEAGATE 1TB HDD, SN:W1D07MG6 (EXCHANGE LIVE ACQUISITION

,4/30/12, SECOND ORIGINAL FORENSIC IMAGE,
2.2: SEAGATE 1TB HDD, SN:W1D06LAK (LOG SERVER_4/30/12,
SECOND ORIGINAL FORENSIC IMAGE)
3.2: SEAGATE 500GB HDD, SN:9QM9T8PD (IMAGES FROM LCSO,
LEOCITRIX, LEOAPP1, LEOTTA APP2, SECOND ORIGINAL FORENSIC
IMAGE)
4.2: COMPACT DISK (CD), COpy OF LSCO-120490-4 CD REC'D FROM
LCSO HELP DESK E-MAIL
5.2: SEAGATE 500GB HDD, SN:W1D072K7 (IMAGES FROM (USERS +
DEPTS BACKUP FROM 3-31-12) SECOND ORIGINAL FORENSIC IMAGE
6.1: SEAGATE 1TB HDD, SN:5VP9S0H9 (IMAGES FROM LSCO 5/7/12,
ORIGINAL FORENSIC IMAGE)
Barcode: E4725693
Case Number:
Owning Office:
Location: ECR
288A-JK-53354
JACKSONVILLE
CART
131 tJ I Y.
05/30/2012
li'D-I004
Revised
9-16-2009
o CART
o
o
Batteries
HAZMAT
o Biohazard
o Latents
o None
o Firearm/Weapon
o Firearm/Other
o Drug
o Valuable
Evidence Type: 0 General
o
o
5/30/1d-
FGJ
Refrigerate
I-----I.___,...-----,-,
,-1',-,----1,) ~CkJptV\
..__~ 5/3(:'/1 ~
!:;':Y/ pM
Reason:
Firearms Certification:
Printed Name:
Case
ID:J'6'8fr- J/4-5335~
Signature:
IB: __
Date:
_..;;;.~-=--
Barcode:
El{ 7a 5<093
b6
b7C
Continuation
Page
b6
b7C
Signature:
Printed Name:
Reason:
Signature:
Signature:
Printed Name:
Printed Name:
Reason:
Reason:
Signature:
Signature:
Printed Name:
Printed Name:
Reason:
Reason:
Signature:
Printed Nan:.~:
Reason:
Signature:
Sign~_tm.e:...
, .~
t-P-r-in......:te::..d.;_N-a.,.
m....,~..;.:_;....;
..~--.,.........;;.,::..--.._-,..."-.;.,;,,.;-_;~, ".:". '
Printed Name:
~--------------------------------~
Reason]
Reason:
Case ID:
"
--_".
_.~,
IB:
__ Barcode:
._.
t..
FD-302 (Rev. 10-6-95)
- 1FEDERAL BUREAU OF INVESTIGATION
Date of transcription
04/26!2012
On April 26, 2012 Federal Bureau of Investig-ation (FBI)

Special Agent (SA)I
I connected to the Internet and'
navigated to the following Uniform Resource Locator (URL):
b6
b7C
http://pastehtml.cQm/view/bw2m4uwhb.html
The resulting web page appeared to be a tree listing of the Lake
County Sheriff's Office (LCSO) server files. The web page, r-'~::.:' f=--_...,
printed, would have been 194 pages in length; therefore, SAl
sayed the web page to a Portable Document Format file (PDF). SA
I
I then captured a screen print of the top of the web page,
scro11ed to the bottom of the web page and captured another screen
print.
b6
b7C
The screen captures and.web page content pdf were copied

to a CDR and placed in an FD-340 1A envelope and added to the lA
section of the case file.
Investigation on
File #
_04/26/2012
_
___;
_.;...
288A-JK-53354 _..}-
- at
Jacksonville, Florida
----------------------------------------------
~ __ S_A~I
Date dictated
Not dictated
Jr=J~~--------------------------------------
This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency;
it and its contents are not to be distributed outside your agency.
S:\ORAFTS\S~RUl~r\117sp0212.wpd
;
b6
b7C
t'
FD302 (Rev. 10695)
04!30/2012
On 4/27/2012
of the Lake
county Sheriff's Office (LCSO) at 360 West Ruby Street, Tavares,
Florida 32778 was contacted telephonically to discuss the
investigation into the LCSO network intrusion. Writer informed
I
I that data related to the intrusion had been placed on-line at
the Uniform Resource Locator (URL)
http://pastehtml.com/view/bw2m4uwhb.html. The resulting web page
appeared to be a directory tree 'listing of the LCSO files. The web
page, if printed, would have been 194 pages in length and contained
the names of directories and files that may have been exfiltrated
from the LCSO network. It was later learned that four (4) files
were posted to pastebin.com which were named Cyber Crime.zip, 911
Calls. zip, Swat Team Files.zip and Full Dump With Even More files
then above. zip. Writer downloaded the above referenced files which
were over 4.7 GB of data. I
I said that he would report the
posting of the data to his command staff.
b6
b7C
During the night of 4/27/2012 I

I contacted writer
again multiple times about email that was sent out to all the users
on the LCSO network from the hackers. The email informed al.lthe
users that received the email that the LCSO network had been
hacked. Writer again informed I
I that it was safe to assume that
the entire LCSO network was compromised and that proper incident
resporse and remediation should be undertaken by an outside firm.
asked if Writer could recommend any good groups to which
Writer gave I
I a list of IT consulting firms. I
I said that
they had changed all the passwords that they believed were
compromised but that obviously did not work. He stated he would
brief his command staff again and emphasize the severity of the
situation and the need to have an external professional team come
in and conduct the proper incident response and mitigation.
b6
b7C
On 4/28/2012 I
I met with I
I which is a Cyber
Security Firm located at IL--__ ~
=---------- ~ :--~~I
~I~~~---~--~I Writer reached out to contacts in the Tampa
Division
and was assured that
was a credible C ber Securit
Firm. ~~~~~~~~~~~~~~--~~~~~~~~~~~~~~~~~-,
b6
b7C
b7D
Investigation on
4/30/2012
at
--=---:....-----
t1
File #
2881\-JK-53354......
by
SA
Tavares, Florida
Date dictated
s:\ORAF'I'S~
~1.2011..2.wpd
b6
b7C
b6
b7C
'I
FD-302a (Rev. 10-6-95)
Continuation of FD-302 of
________________________________________
,On
4/30/2012
, Page _....:2=--__
contacted Writer and provided his cell phone number

~------_'--~Iand office number I
I and said that they were
taking steps to secure the LCSO network and would retain any and
all evidence of the intrusion to assist in the on-going
investigation. I
I believed that the intrusion was related to
multiple other intrusions by the same group of hackers and had
located several IP addresses that he believed went back to
infrastructure controlled by the hackers.
On 4/28/2012 I
I informed Writer by telephone that the
Florida Department of Law Enforcement (FDLE) had contacted him
because of some information they had received about the intrusion
into the LCSO network. Writer s oke with
of FDLE and
for FDLE and
s.
b6
b7C
b6
b7C
~~~~~~_r~~~~~~~------------------~
On 4/28/2012
with the LCSO
reached out telephonically to Writer about a possible press report
that would be coming from a news team out of the Orlando area. The
news team received a tip and was asking LCSO for a
statement/interview. Writer contacted and briefed
of FBI Jacksonville on the situation. I
I contacted ~I
...
and asked him to limit his comments if possible and would not
object to mentioning the FBI if he and/or the Sheriff thought it
would help. I
lof the Office of Public Affairs, National
Press Office, FBI HQ was briefed on the situation and advised all
to use the statement "We1re aware of this report but cannot comment
further."
b6
b7C
FBI HQ Cyber Criminal PM SSA

who has
been working with Jacksonville on this intrusion was updated and
advised of the current situation and continues to coordinate with
FBI Jacksonville.
b6
b7C
I~--------------~
Writer identified the following online reports about the

intrusion:
news.softpedia.com/news!AntiSec-Hackers-Leak-40-GB-of-Data-fromLake-County-Sheriff-s-Office-266784.shtml
paintsthefuture.com/lake-county-sheriffs-office-hacked-by-antis~cand-leaked-4-7-gb-of-stolen-data/
s. \DRAFTS\lc=::::J.il2Dll2.'Wpd
b6
b7C
(.
4.
"
Ii
'l
FD-302a (Rev. 10-6-95)
Continuation ofFD-302 of
________________________________________
,On 4/30/2012
,Page
_3_
jimmy89vl.blogspot.com/2012/04/lake-county-florida-sheriffsoffice.html
gnsec.com/modules/d3pipes/index.php?page=clipping&clipping_it71380
On 4/30/2012 I
I stated via telephone that they had
collected images of drives and other evidence of the intrusion and
believed that it involved three 3 people, 1 in the US, 1 in Moscow
and 1 in the Ukraine.
on 4/30/2012 I
I was contacted telephonically and
stated that the LCSO was in lock down mode with the email server
and website down as well as other services and that they were
working withl
Ito review all systems and bring them up one at
a time once they had been secured. I
I is currently collecting
data related to the intrusion and cop1es will be made and provided
to the FBI to support the ongoing investigation. News channel 9
reported the LCSO intrusion.
S: \OAAFTs\lL. __
---Ih 20112. wpd
b6
b7C
b6
b7C
b7D
b6
b7C
r
FD302 (Rev. 10.695)
04/25/2012
On 4/23/2012 SA I
I and SA I
lof
FBI JK met with I
lof the Lake County
Sheriff s Off,ice (LCSO) at 360 West Ruby Street, Tavares, Florida
32778 to discuss information that was passed from FBI HQ on
4/21/2012 to SAl
I about a ,possible computer intrusion by
I
I into the LCSO network.
b6
b7C
I
I was interviewed about a potential intrusion into
the LCSO network. I
I stated that he had been contacted by an FBI
Agent out of San Antonio (SA) and told of a possible computer
Lntrus Lon into the LCSO back in January 2012. I
I stated that he
checked his systems and found no evidence of the intrusion and
attempted multiple times to reach back out to the FBI SA with
negative results.
b6
b7C
~ ~I was asked about any new intrusions into the LCSO

network and stated that there were un-successful attempts and
provided logs and data to back up his conclusions. Writer and SA
I
I advised I
I to look again for the possible intrusion by
checking server logs and legitimate user accounts for unusua l
activity and gave him an overview of criminal hacking procedures
and techniques. I
I called Writer back on 4/23/2012 af'terthe
meeting to report that he had found a user account; that was being
accessed for illegitimate purposes and was going to continue the
investigation. I
I was given part of a database table that FBI
San Antonio had provided to Jacksonville when Jacksonville had
reached out and inquired about the January 2012 contact with LCSO
after' leaving the LCSO meeting.
On 4/25/2012 Writer met with I
I and other 'staff from
the LCSO. LCSO was again informed that the FBI had an open ongoing
investigation into the intrusion and was working with international
partners. I
I provided one (1) hard disk drive (HDD) that
contained ,mages1of 3 virtual servers, logs and data related to the
intrusion.
was given a property receipt (FD-597) for the HDD
and signed a consent to search computers form. The HDD was placed
into evidence and a CART request was completed requesting the
imaging of the drive. HQ was contacted and forwarded a case support
request form for assistance in reviewing the HDD and data provided
by LCSO.
Investigation on
____4/25/2012
-=-- :..,._
at
b6
b7C
b6
b7C
Tavares, Florida
_..;
File #
288A-JK-53354 -
by
SA
Date dictated
This .document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency;
S~\DRAFTS\JMBOL~N\~~6jbOl12.wpd
b6
b7C
(Rev. 05012008)
UNCLASSIFIED/ ZFOR OFl"IC!AfItlSEONLi::

Precedence:
To:
ROUTINE
Date:
04/30/2012
Jacksonville
From:
Jacksonville
1~
Contact:
Approved By:
SA ~ __~==~
L.....-_JI
Title:
288A-JK-53354
b6
b7C
sf, Il-1.
Drafted By:
Case ID #:
(Pending)
.,Le
UNSUB (S);
Synopsis:
To update case.
Details: (Uj/FOUO)
b6
On 21 April 2012
not~~'f~~~'e-d~~L=E~G~A=T~B~u-c~h-a-r-e-s~t
b7C
b7D
(U//FOUO) FBI Jacksonville immediately notified LCSO of

the suspected intrusion. On 23 April 2012 Jacksonville met with
LCSO and provided them an overview of criminal hacking
techniques. Shortly thereafter, LCSO identified an unauthorized
user account being accessed for illegitimate purposes. LCSO was
instructed to begin remediating the problem and capturing
forensic evidence.
(UtiFOUo+ LCSO was unsuccessful in fully eradicating the
malicious actors, and on 27 April 2012 the LCSO mail server was
compromised and used to distribute a mass e-mail message alerting
all system users to the intrusion activity. One of the
recipients of the message 'was the Florida Department of Law
UNCLASSIFIED/ /FOR OFFiCIAL "{JSE
q!S'JJI~FTS~.r--""U20212.WPd
b6
b7C
.",
'NLY
UNC!SSIFIED/ IFOR Oli'FIe:!A!J USE

To:
Re:

288A-JK-53354, 04/30/2012
Enforcement (FDLE), the state's central law enforcement agency.

Later the same day, Twitter user "EviISecurity" tweeted links to
approximately 4.7 GB of LCSO's data, as well as a username and
password to an account on Leso's mail server.
(u//~)
On 28 April 2012 the Romanian-owned website
Softpedia reported the theft of 40 GB of data from Leso. The
breach was attributed to Operation AntiSec, a series of hacks
performed by members of Anonymous and LulzSec. According to
Softpedia, one of the hackers, presumably I
I, claimed 35 GB
of the stolen data consisted of law enforcement software
applications. The remaining 5 GB, which was posted online,
consisted of "everything stored in the office's internal network
that could be considered of value," including cyber crime
information, audio recordings of 911 calls, photographs and
personal details of SWAT operators, subpoena records, and FBI
Intelligence Bulletins.
<
Investigative Action Plan: (u~

Jacksonville is currently
coordinating this investigation with LeSO, FDLE, FBI Phoenix,
LEGAT Bucharest, and I
I The following investigative activity
is ong linn nr ::Inril""in::lrl=>"
1.
b6
b7C
b7D
b6
b7C
2.
3.
4.
5.
6.
7.
8.
UNCLASSIFIED/ /FOR OFl"IeIAL

2
OSE
ONLY
'/J
.,
FD302 (Rev. 10-6-95)
05/01!2012
Lt.
I, Lake county Sheriff's Office (LeSO),
Florida was interviewed by the Federal Bureau of Investigation
(FBI) regarding a recent computer intrusion into Leso. After being
advised of the identity of the interviewing Agent and the nature of
the interview, I
Iprovided the following"information:
I
I contacted FBI Special Agent (SA)
and
advised that she had gone through the files that they believe were
compromised and identified a file named FBI UPDATE TARGETING OF
PRISONERS FOR IDENTITY THEFT.pdf from 2010 and that it was
unclassified. I
I is not aware of any classified information at
the Leso.
According to a conversation I
I had with Lt. c::J
who coordinates the Leso S.W.A.T team, there were no FBI
agent's personal information obtained.
~~~I
Investigation on
05/01/2012
at
'1
Fi[e II
288A-JK-53354 ".....
by
SA
b6
b7C
b6
b7C
b6
b7C
(telephonically)
Jacksonville, Florida
Date dictated
Not dictated
b6
[]~-----------------------------------------------------------------------------------------------------
This document contains neither recommendations nor conclusions of the FBI. It is the property of the FB[ and is loaned to your agency;
it and its contents are not to be distributed o~tsille your agency,
S:\ORAFTS\~OL1N\122jbOlt2.wpd
b7C
!.;J
\:;;
~4
FD302(Rev. 10.6.95)
05/01/2012
~ Lake
b6
Coun t y SheL:-r~~"""lf"""lf
....
,r-s~o~f""f""'i~c-e~('""'L""'C'="'S'="'O=:"')!'"",-'I"'IF
.....
l~o~r~l.~d~a~w~a~.s~l.~n~t-::-e~r~v~l.~e-::-w~e~dT"""'Ib
the
b7C
Fede ra L Bureau of lnvestig'ation
(FBI) regarding
a recent
computer
intrusion
into LCSO. After being advised
of the identity
of the
interviewing
Agent and the nature
of the interview,
I
I provided
the following
information:
I contacted
After
report
receiving
the
the incident.
Investigation on
04/2 7/2 012
File #
288A-JK-53354
by
S_A~.~I
,/
FBI Special
emaLL, several
I
I stated
at
Jacksonville,
'%
Agent
(SA)
LCSO members
b6
b7C
b7D
contacted
I to
Florida
Date dictated
~I~~~
b6
b7C
b7D
(telephonically)
Not dicta ted
___
;S: \DRAf'I'S\SPRU!'l'T\1.22sp0212. wpd
b6
b7C
CONFIDENT1Al:i/IFeI
ROe/RELI '1'1' liSA
ROU
ROUTINE
Precedence:
To:
From:
Date: 5/02/2012
Cyber
Attn:
Jacksonville
Attn:
~~Ir-a-------"II-----J
International Operations
Attn:
Eurasia Unit, SSA ....

-----., 1
Bucharest
Contact:
Approved By:
Drafted By:
Case 1D #:
Title: (U)
ALAT~ __
CCU1, SA ~I;::::::=====!...,_ .....

CCU2, SSA
SSAI
~===-
~_____.DD
b6
b7C
b6
b7C
(U) 163K-BO-893
(pending)A3 tit
(U) 288A-JK-53354
(Pending)"
Anonymous Romania
bl
b3
b7D
_nonymous
Sources
bl
b3
(U) Legat Bucharest's coordination with the FBI's Cyber

Initiative and Resource Fusion Unit (CIRFU) previously identified
b6
b7C
b7E
CONF1nENT1Ali/IFeI
ROe/REI;; '1'()
ugh
ROU
..,
cONFtIN'l'IALI /E GI RO~/RElL 1'0 USA!ou

To:
Re:
Cyber
From: Bucharest
(U) 163K-BO-893, 5/02/2012
b6
b7C
b7E
(U) On 4/21/2012, ALAT L..I__

----II contacted LCSO and
the d .
administrator there, I
e-mail
regarding the possib~l~ty of an ~ntrusion.
L..-._~
acknowledged the notification and began conducting research
to veri,fythe intrusion.
b6
b7C
bl
b3
CONE'IIlElIl'1':tAL//PEU
ROe/REL
'1'0 USA,
ROU
To:
Re:
Cyber
From: Bucharest
(U) 163K-BO-893, 5/02/2012
bl
b3
b6
b7C
CONFIDEN'I'IAL//FSI
ROuiML
TO USA, BOU
'\
f'UlIIFT1r,
......."' ~,-,-i:'"0i:I::c
......,._
, ' ..."T ROU/REIi
!=
~.L>J..&r
To:
Re:
r;ro
TTSl
e
j
goO
Cyber
From: Bucharest
(U) 163K-BO-893, 5/02/2012
bl
b3
jC)
(U) The information resulted in coordination with CyD

and JK Division, resulting in the initiation of case 288A-JK533S4.
CONFIDENTIAL//PS!
OO'6i:REL TO USA, ROU
"
..
.'
"'t
eMF I DEfII'!'IAL,
To:
Re:
",-FSI ROU, ,-REL '1'0 USA~QU
Cyber
From: Buch_arest
(U) 163K-BO-893, 5/02/2012
LEAD (s) :
Set Lead 1:
(Info)
ALL RECeIVING OFFICES

(U) For infQrmation .
CONFTDEN'l'lAl://FSI ROe{REL
5
'1'0 "SA,
ROU
Legat ..Bucharest
NaDle.~
_
Legal Attache
.'-U.S. Embassy ..Bucharest
5260 Bucharest Place
Dulles, VA 20189
FOR INTERNAL USE ONLY
..
~--~----------(011-4(}"21)200..3339
TO:
cHouston
C Albuquerque c Indianapolis
cNorfolk
oOklahoma City
cAbuDhabl
o Jakarta
cAmman
CAncborage
cOmaha
oAnksra
oAstana
cKabul
o Kiev
o KualaLumpar
CLagos
o London
cMadrid
CManila
cMexlco City
cThilisi
CTclAviv
CTokyo
OVienna
o Warsaw
oBctlln
cMoscow
E:l
cBern
o Bogota
CBrasllia
CBridgetown
cNairobi
cNewDclhi
o Ottawa
o Panama City
cAlbany
ClJ~
~
Cl Kansas City
oKnoxville
o Las Vegas
ClLittle Rock
oAtlanta
oBaltimore
ClBinningham
CBoston
CBuffalo
CI Charlotte
oLos
ClMemphis
CJ Cincinnati
CJ Cleveland
oColumbia
CDallas
CJDenver
CDetroit
CJElPaso
CFBIHQ
ClHonolulu
J:JButt~ ose
Cl Cluksbmg (CJIS)
OFt. MonmouthITC
CPocatelJo ITC
Angeles
Cl Louisville
ClChicago
OP~tadcJphia
cPhoeniX
oPiUsburgh
oPortland
CJRicbmond
Cl Sacramento
CISaint Louis
c:::J Salt Lake City
CBcUfng
CBeirut
CJMiami
CJMilwaukee
ClSan Antonio
t:::I M'mneapoUs
ClMobilc
CSan Frimcisco
cSanJuan
CNewark
c Seattle
o Brussels
oPeris
o BuenosAires ClPrague
oCalro
CPretoriA
ONcwHavcn
ONcw Orleans
cNcw YorkCity
ClSpringficld
cCanberra.
ClTampll
cWasbing10n Pield
cCaracas
CJ Copenhagen
pDakar
cDoha
CQuantico (ClRG)
OQuan(lCO (Div. 2)
C Quantico(ERF)
0Qllantico (Lab)
CLASSIFICATIONLEVEL
ClSanDiego
c:J Savannah
asc
Cl WInchester (RMD)
J:J
OFrec:town
oHongK'Ong
ClRabat
o Riyadh
CRome
C San Salvador
CSanaa
CSanliago
C santo Domingo
cIsl~abad
c S1lI'8jcvo
ATfENTION: S_.:.;._'A---1!i...,___
(QJECKONB)
cUNCLASSlFIED NOT SENSITIVE
<!~s;nw
cAthau
o Baghdad
o Bangkok
CO~IAL
cSeoul
oSingaporc
cSofaa
oTallinn
___J.--L..
....J
b6
b7C
(Rev, 0501.2008)
.
CONFIOEI'I'IAL//FGI
ROeY:REL '1'0 USA, BOIT
ROUTINE
Precedence:
To:
Date:
Cyber
Attn:
Jacksonville
Attn:
Attn:
From:
Approved By:
Drafted By:
,...1
b6
b7C
........
~I---r--,_---------~
'_____~ID
Case ID #: 163L-BO-893
288A-JK-53354
Title:
Svnppsisu;
I'
CCU1, SA 1....,..
...... _....,
CCU2,
SSA
I
SSA~I
r--~
SA
1
SA ....
~_~ 1
__
____,I r----....,
Eurasia Unit, SSA ....
__
1 ~
Bucharest
Contact: ALAT
IC)
05/02/2012
(pending)...-I'\'
(~ending)/IO
ANONYMOUS ROMAN1A
bl
tII:!Q!Jmt-$ylu
I regard1ng
the
Anonymous Romania hack ,into the Lake County Sheriff's Office.
Derive~iple
Declas~0502
b3
b7D
Sources
bl
b3
IC)
CbNFIDEN'!'I1Gi//FGI
ROe,'ML
'1'0 uSA, Ron
CONFIIN'PIAL/
To:
Re:
/FGI ROt1/REL'1'0 USA!lou
Cyber
From: Bucharest
163L-BO-893, 05/02/2012
bl
b3
(U) ALAT I
I provided the l.ink to pastehtml. com to
Jacksonvi11e Cyber on 04/26/2012.
CONFTOEN'I'lAI:! /FSI
ROe/REL '0 USA,
ROU
b6
b7C
"
To:
Re:
Cyber
From: Bucharest
163L-BO-893, 05/02/2012
LEAD (s) :
Set Lead 1:
(Info)
CYBER
AT CCU-1, DC
Read and clear.
Set Lead 2:
(Info)
JACKSONVILLE
AT JACKSONVILLE, FL
Read and clear.
Set Lead 3:
(Info)
INTERNATIONAL OPERATIONS
AT EURASIA UNIT, DC
Read and clear.
++
CONFIDEN'fIAL//!GI
ROO/REL fO USA, ROU
!t\.,
(Rel~05-01-2008)
UNCLASSIFIED
ROUTINE
Precedence:
To:
Date:
Cyber
Attn:
Jacksonville
Attn:
UC --:::-;:r==::::::!...----...,
CCU1, SA .1_.,....
........ ___,
CCU2, SSA I
SSA I
SA ~I
SA
r---___,
Eurasia Unit, SSA
.....I
!":;I
From:
Buchares~
Contact: ALAT~I
Approved By:
Drafted By:
...,....._r-
___.
L....I
__
___'
L...--....------'O
288A-JK-53354
Title:
Attn:
b6
b7C
~-----------r-~
L...-
05/02/2012
(pending~
(pending)..-II
ANONYMOUS ROMANTA
b7D
CIRFU searches on the

I
Details: I
UNCLASSIFIED
b6
b7C
b7D
UNCLASSIFIED
To: Cyber From: Bucharest

Re:
163L-BO-893, 05/02/2012
b7D
ALAT
met with
b7D
UNCLASSIFIED
To:
Re:
UNCLASSIFIED
Cyber From: Bucharest

163L-BO-893, 05/02/2012
LEAD (s) :
Set Lead 1:
(Action)
CYBER
AT CIRFU, DC
Conduct I
~ and/or ~ny other
relevant checks for nicknames prov~ded and coord~nate any
positive results with Bucharest and Jacksonville for
I
Set Lead 2:
(Info)
CYBER
AT CCU-l, DC
Read and c.rear.
Set Lead 3:
(Info)
JACKSONVILLE
AT JACKSONVILLE, FL
Read and clear.
Set Lead 4:
(Info)
AT EURASI-AUNIT, DC
Read and clear .
UNCLASSIFIED
3
b7D
b7E
CONFIDEN'!'IAL//P(!!
RO'6/REL '1'0 USA, ROO
Precedence:
To:
ROUTINE
Date:
Cyber
Attn:
Jacksonville
Attn:
Attn:
From:
Bucharest
Contact: ALAT
Approved By:
Drafted By:
CCU1,
CCU2, ~~A1
SSA I
SA I
I
SA I
I
Eurasia Unit, SSAI
I
~-----r------~----------------~
I
~--------------~
b6
b7C
b6
b7C
IL--------L____J
I
I
288A-JK-53354
Title:
05/10/2012
(Pending)";JJ
(Pending)....
l~
ANONYMOUS ROMANIA
bl
b3
b7D
oman~a, reporte
Sources
bl
b3
Il'l
gONE'IDENTTls'fl//FGI ROY/~L
'fa USA( ReQ
To:
Re:
Cyber
Frpm: Bucharest
163L-BO-893, 05/10/2012
bl
b3
~ONFIDEN'li Iln,llFGI
Reg/REX. T!! OSA, ROO::
...
CONF&I'.1.'lALI /PS!
To: Cyber
Re:
ReetREL '1'0 aSA~OIJ
From: Bucharest
163L-BO-893, 05/10/2012
bl
b3
CpNFIOE~ITIliL//PS:f ReetREL '1'0 aSA, ;OTJ
,...
CPNF:lN'l'Ila/
J.
To:
Re:
/PSl: ft06/REL
'1'0 gSA~OTT
Cyber
From: Bucharest
163L-BO-893, 05/10/2012
LEAD (s) :
Set Lead 1:
(Ipfo)
CYBER
AT CCU-I, DC
Read and clear.
Set Lead 2:
(Info)
JACKSONVILLE
AT JACKSONVILLE, FL
Read and clear.
Set Lead 3:
(Info)
AT EURASTA UNIT, DC
Read and clear .
CONFIOEN'!'IAL//FSiROe/R!lL '1'0
4
USA, BOTT
ov.8.30.2010)
Accomplishmenl Report
Squad supervisorapproval
(pleaseinitial)
AccomplishmentInvolves:
(check all that apply)
Orugs
A Fugitive
BankruptcyFraud
ComputerFraud/Abuse
(Accomplishmenlmust be reportedand loadedinto

ISRAAwIthin 30 days from date 01 accomplishment)
Investigative Asslstanco or Technique Used
B I0i8}iA-JK-S335l/ I
1. Used,but did not help

3. Helped,substanliaUy
2. Helped,minimally
4,Absolutelyessential
For Sub, Invest.Assist. by other FO(s) indicateA. O. C, 0 for correspondingFO
F~oNumber
E
~!
0011
Corruption01 PubliCOlliCial
' Moneylaundering
I
I1-__
Stat Agent Soc. Sec. No.
Stal Agent Name
Rato FO
IAT
:::J
-!
;;';;:::':';ll::.:':':':'~::;'I __
q "------- ........
,
Sub Invosl Asst by FO(s)

IAsst. FO(s)
A. O. C. O.
II
RA
AssistingAgents Soc. Sec. No.
TaskForce
11
Rate
ro
IAT
Rate FO
IAT
Rata FO
Aireron Asst.
PenRegisters
Computer
PholoCover
eons""Mon.
Polygraph
~wNcq
ELSUR/FISC
Sc3lChwarran
~lsisne9'l~
rlnVNS
l!IIdAS$
ELSURIT.III
Show Money
RTAsst.
fOIlS~wortProt
Eng. fJeldSpl.
SOGAssl.
vUeOSC
TFOSICTO
Eng. Tape Ex.
~vOSC
CXSICTO
'Legats AnI.
Tcct~AglEqvlp
ee-sc
InI(~G3rdlCyO
OChRospOM
OFClCIO
Phone TollReo
1.
2.
InflONlnfo
UCOGroup'
~or.lang ASSI.
lab Oiv. Exam
UCOGroupli
~onF6Ilabe:
Name:
Qedorlll
DLocal
Complaint 0310:
F. Conviction
Check if ClVltRico Complaint
IndiclmenIOale:
sh
Arrest Oato:
f/aol
'{
SubjectResistedArrest
OMisdemeanor
'
x
_
Section
Months
K. Administrative Sanction 03te:

_
SUbJoctDescription Code _'
Type:
length:
suspenSion Dpcrmanonl
or
Debarment
Yoar
Months__
Injunction
B
o
IICounts
l. Assot Sei~uro Oate:

Asset Forfalture Oale:
CATS II Mandotory
_
_
_
_
Circle belowone of the three assetforfeiture:
0 local
Federal
'
Suspension;Years__
SubjectArrestedwas Armod
C. Summons Date:
o
o
Title
"
JudiCIalOutcome
AmountS
G. U.S. code Violat!on

Required(or sectionsA, B. r: and J
(Fed()raIOn!y)
l8lC
.5/J.9. Jol ~
locate Dale:
or
Tria!
JudicialOistrict;
State:
.I8I!nlornatlonal
SubjectPriority: OA~B
or
Folony
o Plea
O. Locale I Arrosl
OLocal
(---)
Judgment__
for SF.G, HlncludaAgoncyCode
Oate:
Other Civil Matters OMo:
SubjectDescriptionCode
_
PPP
Also complete'Sochon G'
Federal
Convictlan Oalo:
Information Oale:
oFederal
J. Civil RIco Matters
Olnternatronal
_
CART
Assetfori Prog
Evid. Purctlaso
b6
b7C
b7E
SARs
FO(
NamJ
A. Comp!alnt /Information/lndlctment
IAT
10 WanlOd Flyet
~CAVClV~CM
AssistIngAgencies x
2.
b6
b7C
nate loader's Initials
Admin, Civil Judicial, or C(imlnal

00 nol indlcate-Svaluein Section0
O. Recovery I Restitution / PELP X

Fedoral
local
Olntcrnatiooal
Recovery Oale:
_
Code ' __
",
Amount $
Code' _,__
.r
Amounl $
Restitution Oato:
H. Sentenco 0310:
SentencoType:_
OCourt Ordered DPrclrial Diversion

_
Code' __
'" Amount S
PElP Oalo:
_
M, Acquiltall Dismissal/, Prolrial Olvors!on
Yellrs
Months
Suspended: Years
Months
Probation:
Years
Months
Flnos:,
In Jan:
_
(Circleone) Oale:
N.Drug Solzures.r
_
0310:
OrugCode '
Weight
-::Code'
_
_
FDIN
00 nol indicale $ in Section0

Code
'"
I. Olsruption/Olsmantlemont:
Amount S
E. lIost390S(S) Ro!o~sod Oalo:

Releasedby:DTorrorist
'"
OisruptionOato:
0Other
OismanUomentOato:
Numberof Hoslagos:
Childlocated/ identined Date:
Required for all blocks excluding block 0 (Recovery/PElP), blocks E,I, Land N
I
I
Name
Raco"
Svb.<><I' .... 1odIO.VILCN."" ..",

CoMpIol. f().S 15.>.$<I, I
Sub,,,,,'o,",,,,,
~""Cr_
e~.I\-E
10.... OCf~
~f()'51S..s.o.1
o-..."e '(I()C~1l....
(AOC~ _00ll....
'0<1
""""'''''Y. r... '''WOP'-
otOb""""".
"""",A-(;o<>Y_
VCMO I'W-NO!","", Ca"Q SUo!O?Y"'0"
Oateof Birth
Sex
1M
fot ...,_</CoII'iIcOoOM O<tf'
DOeccased
CompletionOfFO515aSide 2 Mand~lory
P.Subjocllnformatlon
..
O. Child Victim Inforrnatlon
Social SocurotyNo. (if ava~able)
~""MI.,.c....
Of>O"'\.
b6
b7C
Car_ .....Of t:o.,...,()r~"""'"

0-_ Ctou:>.
g""'l>. Qt VCMOPIOQIAI'I110>1""'"rrOOlty... ~....... !;vQ<41J1_'
I SerialNo. of FO515
x AddItionalinformationmay be added by attachinganotherform ()t a plain sheet of papor for additionalentries.
, See codes on reverseside
./ ReqUItesthat an exptanatlonbe attachedand loadedInto ISRAAfo( recovoryover S1m and PElP over $5 m, dISruption.drsmanucment, and drug secures,
1.&:\
For Further lnstructlcns

Revised 12192006
Sec: MAO I', Part Il, Sections 35 thru 35,3,

JUI)1('IAI.01,rCOMt:
l'IHlP.:!l'l'V ('()1m;
01
02
OJ
01
OS
06
en
OS
09
II
20
c..-.h
S.ods.1londs 0< N,..'Q~Imtnm:nl>
G<n<r>1
K..... I Mmhond...,
Vd,icl<$
I Ie:>vy Mod"n<I)' &
Ainnfl
r.q"pmo:n.
Jew<11)'
V....,I.
ArI, AnU~
or K.... Colk><li<>n>
RnIProperly
AIIOth<t
Air Force om..,o(spiaJlnv<Stit.bon<

AnnyClimiruJ Inv.,..;;.uve Smi
llurc.>lIo( Alcohol, Tob.>o& .; re..,,1$
1l.. ""uoflndi'onAlTairs
(.\o;,onl$ and Honk< I'ro,"";on
1).".., Contn<l AIId,' A;<n<y
De(en><:Crin';n>I.lnvcsl".tivc Savke
0.'-'0: [n(orccm<nl Ad:niniotra"Dn
~",",of(,orroctions
lh-pt. o( In,erio<
V<pt. o( Ilomdw Srity
[nvironma>U1 Pro,:Iion A~<n<y
f<dcr:ll Aviation Admin4~,ion
1'00<1and ON!: Adminislt'lIon
Dcpt.'oWcallh & II"",.,.. Servlccs
I>cpc. ofllousin.: & Urb.ln DevclOI'Il_
1lMliU;.tion >rod (,,,,tenU I:nforccm<nl
1nt<tN1 Revenoe Seviee
MOSI
ACIS
UATF
iliA
ClIP
DCM
DCIS
VIlA
DOC
DOl
OilS
I:PA
I'AA
lllA
CI'
JS
LI'
lS
NS
I'll
5J
VC
'Copiul P",i$hn>mt
J';IS",.""",
WoP"",1e
1.l(eScnloxc
No Seoteece (S"l>jedis fugibve,
Ins>ne, Nufo<d, I.. Co<ponIion or
p>y rUle ""Iy)
Probotion
Suspension'o( Joll Sa>'mo<
YoulhC.omx~ionAct
m",'
1'.'1,1'('()lIK~
UIIS
UUI>
ICI!
IRS
NASA
1'1'11Acronollli<s &.51<0 Admin
NUIS
we
N.n NA RC Honlet Intmliction

N.voI Criminollnvcst,s-livc
S<I\'i.:e
Royal CoNdi .. Mountcd Police
Sm.lll1usln<>'S Adln",Muon
US. ('_, Gu>td
U.S, tx.p.. t",<t>t o( S.. te
U.s, M.I>NI$ Service
U S~ Posw SctV~CC
US. S.uct service
U.s, 1)
1"".1
NCIS
RCMP
SllA
USCG
USOS
USMS
USPS
Z2
0,,,,,<11<>.
S,oel.slllo<ld>lC"m-n.;yl
N,..'OIi.t>Ie rn.uunentS
USSS
Co""roclVl'ir:l,<d Sound
RCO)rdll~~s Motion PKtm:::
II"'" Thcl\ S<ha"" Abort<d
Ronson"
or Ilribe
1)aNn<! Abortod
Thtfl I'rom'or Frolld Apr""
Govan",,,,. Sd><me AI>oo1l
CITY
e,y
COUN
Co""'Y
ST
S"'e
27
C<>,,..,,,,,,," or ~I
CJ
JO
"'10th
2J
24
lS
26
u.ortlOll
'11><[1 SdlCnlCAbortod
A.i.,.tl>cifid.l~
II
UI><:k
I
U
W
X
Indl#11AI1)Cncatfi
"""'y
usia
OTUR
co
01'
DI
IN
Other
C<>nstnlJ""!:>ncnl
C<>urtOnJon-dSct"cmcnI
Def.ult Jud-.:,ncnI
I>i.m~
MV
J""g1l><I" Notw11h>1on<J10!:
Mncd Verdict
81
S",nm>IY1""!:>ncnI
VI>
VI'
Vrd1<1
(<< Deftnd.v>t
Vmll<l (or I'J.;n,i.f
AG
ilK
CC
DC
fl
FI
FR
PS
RN
SI'
VR
AS""<:I11<n'
14m'dIKanov<d
Ci,il('Qn(""'fII
I>>>clplln>!)'CNI1."<$
I'rclimin>ry Injunction
T~R<>It';nin.:Ordcr
rrc-riH,,; Satlcma~
ROIl'"'ion
S.,penslon
Volunto>y R.. il",ion
OT
OIll<'l'
t,ne
SIIIIU'C'r 1'lUOllrrV
s"bied W>nt<d(01 enol<>o( viol<r>ce.
(I e, , """do:r,nuns4\JShta.Jorobl< rape)
>pins' another '",,"vid .. l _v""cd of
w<h a aim" In ,he J>3>Irivcrc=
Subject """,<d (or aim"" involv"" loss
II
dsI'uctionofprol"'1y
voIocd in excess
of S2S,OOO
01 convict<d o(sud>. en'''''
in.he ~ fi"" YO"'"
AU otl>.:rsubiu-
IllHJC: C()t)K~
coc
('(>..1in<:
III,R
IlSJI
KAt
lSI)
MAR
MDM
lI"I"O'n
IIashish
Kh31
I,sO
M.. iJI.Ot\O
Mcthylcned'O')'In<tJwnfll>n'''''
Mer M<I}",nph<uminc
MOR Motphi""
OPM Opi en
Oft) OIherdtlrj;S
Illllle Wt:,GIII' ("()Ut~~
Unlr.own
\Vhil~
Nonj,..hvi<fu>1
GM
Gt;U1~$)
lW
Kil<>gr'I1l(S)
I..
~Il,
P
I)U
Li!<t(.)
Milhht.,(s)
Pbnt(.)
l>osoS.Uni'(s)
SUII,n:CTnt:SCUIP'I'IONcom:s
OJH:ANll,t:1l
clu~n:
SI>
$I!
II'
,:~
lIos.
Un<JcrlJoso
$1'
II
A<tin.: Bess
C>pod<I.;no
Soldfa
51
$J
II:
II,
eon.is.li=
KNOWN ('KI~IINAI.s
2A
21l
2('
TopTa,,,, to, t'ug,tive

TopThi<f
Top Con M..
HlRt'lGN NA'IIOSAIS
lA
311
JC
3D
Jll
31'
I.<g>lAI,<I'I
1IIq:>lAlicn
.'orclgnOmciolWlout
ViplOlN-uc: Inun~i'y
U,N. ~~Ioy WI"",
DiplQlmtl(" Imm~il)'
J'orcignStud<n1
AIJOthm
ItJ(R()RJ~'TS
SO
$11
~"
~1.
~M
SN
~l
~Q
5R
55
ST
~U
6A
611
u:
61)
6t!
411
KnownMcmwQr.
T<n"\)1u, Organit>uon
1''''''bfeTnroIUIM.mb<r
Q' S)TnP>'l>iLCt
w
611
6J
6K
61.
6M
6K
6S
State Prosecutor
Statol.ow r"'(0I'00"eI1100i<cf
Sure- AIIOO""
Ma)'Ol
Lo.:.>II.q;l,l.tor
6T
1"""l1l1dgcIM'l:'s",'.
6Q
6U to.::all'ro$uIO<
6V 1",,~I""w 1:"(0"'01'<111 Ofli<cr
6W loo.',I-AII0tI>cn
6X C<>unI)'Conll1l;s,;"nct
6Y CllyCo"""ilnwl
00;\.'(' MaNger
Cr",k
!lANK .:r.lrl,Ovn~"
SI>o;'>S.eward
M",>b<~
'A
'(nISI""
" II
OIl,er
C;OVt:JtNMt:NTSIIJU.:C'rs
(6t;6G, 611. Inclu<leAgf"'Y (,O<k)
61'
4A
6N
6P
r, esidcnt
Vio-P.... Kl<nt
TI'<..",~r
sr<W)l/rl'CON<~
ll""",.iv.lloard M<ln()<r
lIoslnas AJ:cnt
k~alUtivc
~3IIi ...
lI .. in~ Man>!:er
!'.nonciaJ S"'fct>ry
K.'>rdi",S=tury
r....id<ntiaJ Appoilll<x:
U,S, ScnatorlS .. rr
lWlI.Om",~
H"'" C"'l'loY'""
.!.U:!!!::!lli
3A
811
AUOther Subjros
('o""",ny '" ('o.ror:l,ion
CIIII.P1'lItllATOIIS
U,S Rcpre><nlOuvelStarr
fcxkt.uu.%.n.lagl$tn,e
J'cdcr-.Ip~r
.' .)".... L:ow [nfOlc<nl<lll om""
t'cdo:r.1 Cmploy' GS J) &..Al>ov.
~"cdo:r.Il:mploy. OS 12 & lleIow
GOYmm
Ll. Gov""",
St)te J..4o&isl.tor
S... eJoo':<lM.~istra..
-2-
9A
911
9C
CI>,'dc....provj"'~
Ckrl')'
Athl<ti. (,0Kh
9J) T.w...~IAi<le
9H
law Ui[on,('I'flj,."!I\II'ersoMd
,)1~ ("oUl\S(lor
90 R<I>t>vc
911 Sltan.:cr
91
0Iher
05/31/2012
***************** ARREST ****************

SENSITIVE / UNCLASSIFIED
Case Number: 288A-JK-53354

Serial No.: 15
Does Accomplishment
Stat Agent Name:
Assisting Joint Agencies
Involve
b6
b7C
Report Date: 05/31/2012

Accom Date.: OS/29/2012
___~
Stat Agent SOC.: .__
Subject Name
Assisting Agents SOC
............ -_... -.+-__.. -.-"""'' '

Drugs
A Fugitive .
Bankruptcy Fraud.
Computer Fraud/Abuse.
Corruption of Public Officials:
Money Laundering. :
._____ ___.U
N
N
N
Y
I
I
I
I
I
N
N
Investigative Assistance or Technique Used
................................ -.-'-~".--.-
LAB FIELD SUP

PEN REGISTERS
PHOTO COVERGE
POLYGRAPH
SRCH YAR EXEC
SHOY MONEY
SOG ASST
SYAT TEAM
TECH AG/EQUIP
TEL TOLL RECS
UCO-GROUP I
OCO-GROUP II
RA
HQ
1
2
3
4
Sub. Invest. Asst by Other FOs:
INAN ANALYST
IRCRAFT ASST
OMPUTER ASST
ONSEN MONITR
LSUR/FISC
LSUR/III
NG FIELD SUP
NG TAPE EXAM
EGATS ASST.
VIDNCE PURCH
INFORMANT/CY
AB DIV EXAMS
b6
b7C
CO - NAr BAC
NCAVC/VI-CAP
CRIM/NS INTEL
CRIS NEG-FED
CRIS NEG-LOC
ERT ASST
BUTTE OSC
SAV OSC
POC SC
FT. MON-NRCSC
FOR LANG ASST
NON FBI LAB E
=
=
=
=
Squad
Task Force
11
Used, but did not help

Helped, Minimally
Helped, Substantially
Absolutely Essential
b7E
VICT-YITN COOR
10 YANTED FLYR
SARS
CART
ASSET FORF PRO
FORF SUPPORT P
TFOS/CTD
CXS/CTD
INFRAGARD/CYD
OFC/CID
PPP
FUSION CENTERS
..
_-_
Arrest is for Federal, Local, or International (F/L/I)

Arrest Subject Priority (A/B/C) : C
Did Subject Resist (Y/N). : N
Yas Subject Armed (Y/N)...: N
United States Code Violation
---------------------------Title
................................ -.-"
_-_._
Section
Count
.. _
-_-
Accomplishment Narrative
_._
..

Embassy of the United States of America
Office of Legal Attache
Bucharest, Romania
File No.
...~'>
.,. l~
163L-BO-89.3; 288A-JK-53354
1 June 2012
b7D
RE:
DearL-I
Anonymous Romania
.....
b7D
b6
b7C
Yours truly,
SA~I
--I
FBI
Legal Attache
I
By: SA
Assistant Legal Attache
L-I
__.
This document contains neither recommendations, nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; it and
its contents are not to be distributed outside your agency,
(Rev, 05-01-2008)
UNCLASSIFIED//FOR OFFICIAL USB ONLY=
Precedence:
To:
ROUTINE
Date:
OS/29/2012
Jacksqnville
From:
Jacksonville
11
Contact: SA ~-,~==,-
Case ID #:
Title:
b6
b7C
Approved By:
Drafted By:
....___------'lD
288A-JK-53354
(Pending)
UNSUB (S) i
Synopsis: To update case on arrest of multiple individuals

related to the above referenced investigation.
Details: (UII~~TT~\On 5/29/2012 ALATI
b6
b7C
b7D
Iadvised that
(U LI_ru:\U()_) I
(U/~ALATI
Iprovided a link to the official
press release which was printed out and placed in a 1A and sent
to the file.
b6
b7C
b7D
b6
b7C
(U/~LCSO
was contacted and'advised of the arrest
and stated that they will continue to coordinate with the FBI on
any press releases they provide. ~
~
UNCLASSIFIED//FOR OP'FIC!AI:i USE g~la:iXFTs~~~~150312'WPd
b7C
UNCLA~SIFIED/
To:
Re:
lEOR Ol"l'Ie!!Afi USB
Oly .

288A-JK-53354, OS/29/2012
Leso
~h~a-s--a-l~s-o--p-r-o-v~id~e-d~I----------------------------------------=;1 b7D
copies of data from the intrusion which were shipped to FBI
Jacksonville on 5/25/2012.
++
UNCLASSIFIED/ /FOR OI:'!"Ie!zAfi USB ONLY

2
(Rev. 0501-2008)
UNCLASSIFIED/ /FOR Ot'I"IC!A:!:I USE ONLY
FEDERAL BUREAU O,F INVESTIGATION
Precedence:
To:
ROUTINE
Date:
05/30/2012
Jacksonville
From:
Jacksonville
11
Contact: sA~1
--r-----T-----------------~
b6
b7C
Approved By:
Drafted By:
Case ID #:
Title:
288A-JK-53354
(Pending)
UNSUB (S);
Synopsis:
To document rece~pt of evidence.
Details: {U/~OOOr- On 5/30/2012 Writer received two (2)

shipments of evidence I
I relating to the above
investigation. The two (2) shipments contained the following
which were placed in evidence on 5/30/2012:
Item ff
b7D
Descrip~ion
b7D
UNCLASSIFIED/ /FOR OI"'ICfA:fi USE qR:r;axF'l'S~""----'11500112'WPd
b6
b7C
FD-S42 (Rev. 03-23-2009)
UNCLASSIFIED//JiOROFl"IC!AI:I OSB ONLY
Precedence:
To:
ROUTINE
Date:
05/31/2012
Jacksonville
From:
Jacksonville
11
Contact: SA
Drafted By:
Title:
b6
b7C
Approved By:
Case ID #:
____~
L...-
\<\
288A-JK-53354
(Pending) ."
UNSUB (S);
Synopsis: (U//FOUO) To update case and claim statistical

accomplishments.
Details: (U//FOUO) Writer has worked with the Lake County
Sheriff's Office I
L~~
b6
b7C
b7D
......
J and a copy p.raceo a n a 1A and sent to tne
file.
UNCLASSIFIED//ECR Ol'Fl:IAI:J
USE Y'biX;rs~r--""h5:[]O:!12'WPd
b6
b7C
To:
Re~

288A-JK-53354, 5/31/2012
Accomplishment
Information:
Number: 1
Type: CIP CASE
ITU: CIP
~--------------------------------~
Claimed By:
SSN:
Name: ~I~~
~
Squad: 11
1"'"1
------,
Number: 1~
Type: CIPI
ITU: CIP
Claimed By:
SSN: ....
------, 1
Name: I~~
Squad: 11
b6
b7C
~
IARREST/SEARCH WARRANT CONDUCTED
b7E
b6
b7C
Number: 1
Type: CIP SUBJECT IDENTIFIED
ITU: CIP
Claimed By:
SSN:
Name: ~I~
~
Squad: 11
1"'"1
b7E
b6
b7C
---------,
Number: 1
Type: CIP SUBJECT TOOL/EXPLOIT/MALICIOOS CODE IDENTIFIED
ITU: CIP
Claimed By:r--...,
SSN: I
Name:
Squad: 11
~I~------~--~
Number: 1
Type: CIP VICTIM CONTACTED/INTERVIEWED
ITU: CIP
Claimed By:.--~
SSN: I
Name: ~Ir-----L..--...,
Squad: 11
Number: 1
Type: CIP CASE
ITU: CIP
~--------------------------------~
Claimed By:
UNCLASSIFIED/jJ!OR OFP'!IAL USE OlSlLY
b6
b7C
b6
b7C
b7E
To:
Re:

288A-JK-53354, 5/31/2012
SSN: ~I
Name: I~
Squad: 11
.......__--,
~
Number: 1
Type: CIP~
ITU: CIP
Claimed By :~
SSN: I
Name:
Squad: 11
b6
b7C
~--------~
~ARREST/SEARCH
WARRANT CONDUCTED
b7E
.....,
b6
b7C
~I------~--~
Number: 1
Type: CIP SUBJECT IDENTIFIED
ITU: CIP
Claimed By:~
~
~!~~:
L..~r----___'_--.....,
Squad:
b6
b7C
11
Number: 1
Type: CIP SUBJECT TOOL/EXPLOIT/MALICIOUS CODE IDENTIFIED
ITU: CIP
Claimed By:
SSN: r-r---~
Name:
.....I
,Squad: 11
lL-
Number: 1
Type: CIP VICTIM CONTACTED/INTERVIEWED
ITU: CIP
Claimed By :~
--,
SSN:
I
Name:
~I~
Squad:
L-__~
11
++
UNCLASSIFIED//F!lOR OFFIOIAL USE ONLx
b6
b7C
b6
b7C
j,'
'.
''c.
..
(Rev. 05.01:2008)'
UNCLASSIFIED//FOR OFlIC!AL OSE ON~
Precedence:
To:
ROUTINE
Date:
06/04/2012
Jacksonville
From:
Jacksonville
11
Contact: SA
.___;:::=::::;-
----'
b6
b7C
Approved By:
.____------JlcD
Drafted By:
Case ID #:
Title:
288A-JK-53354
Lnq) .'"
( Pend~ng
dO
UNSUB ($);
Synopsis:
To document
b7E
Details: (U/tF05ot On 5(30/2012 writer received tw~ (2) shipments

of evidence I
. relating to the above investigation. The
two (2) shipments contained the following which were placed in
evidence on 5/30/2012:
UNCLASSIFIED/ /EOR IJFP'!!IAL

USE
gr'l\tIIFTs~r--.....
u5Oo212.wpd
b7D
b6
b7C
.. . Ii
UNclsSIFIED/
To:
Re:
liaR
OFl"le!AfI
~SATOf

288A-JK-53354, 06/04/2012
(u/tt?Sgg)- CART made copies of the above media
.+
UNCLASSIFIED/ /'ilOR Ol1'o'IC!Afi eSB ON~
b7E
Embassyof the UnitedStates of America

Office of Legal Attache
Bucharest, Romania
'Y~
;'
,-?-\
File No. 163L-BO-893; 288A-JK-53354
6 June 2012
b7D
RE:
Anonymous Romania
Dea~
b7D
b7D
b6
b7C
Legal Attache
I
I
.....
By: SA .....
Assistant Legal Attache
This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency; it and
its contents are not to be distributed outside your agency.
Legat - Bucharest
Name~__ ~
__
Legal Attache
U.S. Embassy - Bucharest
5260 Bucharest Place
Dulles, VA 20-189
FOR INTERNAL USE ONLY
(011-40-21) 200..3339
TO:
cAlbany
cHouston
cNorfoIk
CAlbuquerque
CJ Indianapolis
oOklahoma City
oOmaha
t::I Anchorage
e
ty
CJAtlanta
~
t::J Baltimore
CJBinningham C Knoxville
cLasVegas
CJBoston
CJ Little Rock
ClBuffalo
oLos Angeles
CCharlotte
CJChicago
Cl Louisville
o Cincinnati
o Cleveland
I:JColumbia
ClDallas
o Denver
o Detroit
t:lMemphis
CJEIPaso
t:JFBIHQ
CHonolulu
r::JButt~ osc
C Clarksburg (CJIS)
OFt. Monmouth rrc
cPocateUo ITC
Cl Saint Louis
t:JSalt Lake City
o Miami
ClMilwaukee
c:J M'mneapolis
CJMobile
aSan Antonio
a San Diego
ONewark
ONcwHavcn
ClNew Orleans
ClNew York City
oSeattle
c:JSan Francisco
OSanJuan
c:::::JSpringficld
CJTampll.
ClWasbington Field
r::JCaracas
r::JCopenhagen
cQuantico (Div. 2)
c SavannahOSC
o Wmchester(RMD)
!=JDakar
cDoha
CFreetown
CIQuantico
CI
CJ Hong
c:J Quantico
(CIRG)
(ERF)
CJQuantico (Lab)
CLASSIFICATION LEVEL
(<lma0NB)
i$'UNCLASSlFIEDc::JUNCLASSIFIEDc::JCONPJDBNTIAL
CJSECRET
O})h]tadeJphia
OJlhOenlX
cPittsburgh
oPortland
CJRicbmond
C Sacramento
cAbuDhabi
cAmman
cAnkara
cAstana
cAthens
cBaghdad
CBangkok
cBeijing
o Beirut
o Bedln
cBcm
CBogota
CBrasllla
cBridgetown
o Brusscls
CI Buenos Aires
oCalro
cCanberra
NOT SENSITIVE
SENSITIVE
K-ong
clslamabad
ATTENTION:
~L
cSeoul
CJaIcartB
cSingapore
cKabuJ
cSof.a
CKiev
C Kuala Lumpar o Tallinn
cThilisi
cLagos
CTclAviv
CLondon
CTokyo
CMadrid
CVienna
oManila
CWarsaw
cMexlco City
C
cMoscow
cNairobi
ClNewDelhi
o Ottawa
o Panama City
o Paris
ClPrague
CPretoria
ca Rabat
CRiyadh
CRomc
C San Salvador
cSanaa
C Santiago
o Santo Domingo
c::J Sarajevo
__J-I
b6
b7C
..L-I
__
....J-
(Rev. 0501.2008)
UNCLASSIFIED/ {FOR Ol"I'ICIAL USB ONLY
.FEDERAL BUREAU OF INVESTIGATION
Precedence:
To:
ROUTINE
Date:
06/14/2012
Jacksonville
From:
Jacksonville
11
Contact: SA~I
--,_---r--------------------~
Approved By:
Drafted By:
Case ID #:
Title:
.____-_____.D
288A-JK-53354
b6
b7C
:>.:1-
(pending)"
UNSUB (S);
LAKE COUNTY SHERIFF's OFFICE, - VICTIM
Synopsis: To document the receipt of a report

I
lof data for the above referenced case for th~ period
6/4/2012 ~ 6/8/2012.
Details: (U/~Writer
received the following report from the
first part of the data analysis of the Lake County Sheriff's
Office data I
~
UNCLASSIFIED/ /OE'OR OFFI9IAL gSE
g~t~TSlr--""'h6tOOl12'WPd
b7E
b7E
b6
b7C
UNAsSIFIED/
(.FOR Ol"l"'Ie::fA!I
USLY:

Re:
288A-JK-53354, 06/14/2012
b6
b7C
b7E
UNCLASSIFIED/noR
ClD'FIHALUSE I !NLY
2
. ...
~,
UNAsSIFIED/
lEOR Ol"l"Ie!A:f1
USEtltr'f

Re:
288A-JK-53354, 06/14/2012
b7E
UNCLASSIFIED/liaR
!IOGFICIAL USE ()NL~

3
(Rev. 05:01-2008)
.
CONFIOgNTIAL//FGI
RO:S-/REL TO II$A( ROU
Precedence:
To:
ROUTINE
Cyber
Attn:
Jacksonville
Attn:
International- Operations
Attn:
From:
CeU1,
SA. ,1-1.,.....
CCU2, $SA.
SSA I
SA. ===='::::::::==::;-I-_,I
....1----,
b6
b7C
~I
SA
EUrasia Unit, SSA
I
r-I
--....,
Bucha re's t;
Contact: A.LAT
Approved By:
Drafted By:
~I-------r--~------------------~
L--.
__.
~--O
Case 10 #: 163L-BO-S93
;288A-JK-5'3354
Title:
06/26/2012
Date:
ANONYMOUS
..
Synopsis; ---{l/~o~
(Pending) ~ -tJ"'
(Pending) ,..,.
ROMANrA
00-+-
regard~ng member's
IArn~o-n~y-m-o~,u-s~R~o-m~-a-n~i~a-.----------------~
,of
bl
b3
b7D
bl
b3
CONE'IDEN'l1IAL//F8:E
R06iREL
'1'0 ~SA,
BrlIt
CONFI!NTIAtilIFI
To:
Re:
ROU/REL '1'0 TTSA,'tOU

163L-BO-893, 06/26/2012
bl
b3
cbNFIDEN'l'lAI;//FSI
Rae/REI;
'1'0 USA,
ROU
To:
Re:
Cyber
From: Bucharest
163L-BO-893, 06/26/2012
bl
b3
(U//F0f:10)
Cyber and Detroit divisions confirmed the
hack related to Berrien, Michigan.
CdNFIOEN'!'lAli//FSI
RO'e/REL TO USA, gon

CONFI!N1!'IAL//FSI
To:
Re:
ROT:1/REL'1'0
uSA/lton
eyber
From: Bucharest
16JL-BO-B93, 06/26/2012
LEAD(s) :
Set Lead 1:
(Info)
CYBER
AT CCU-I, DC
Read and clear.
Set Lead 2:
(Info)
JACKSONVILLE
AT JACKSONVILLE, FL
Read and clear.
Set Lead 3:
(Info)
AT EURASIA UNIT, DC
Read and clear .
CONFTlle:NTIAIi//F8I
ROu/REL '1'0
liSA
ROU
~1(Rev.05012008)
CONFIDENTIAL,../F6!
Re'6/nEL '1'0 USAI ROU
ROUTINE
Precedence:
To:
Date:
Cyber
Attn:
Attn:
Jacksonville
06/27/2012
b6
b7C
CCU1,
CCU2,
CIR~F~UL-~~
lA
SA \--------....,...----.
SA ~-----~~
SSA
From:
Bucharest
Contact:
Approved
Drafted
By:
By:
ALAT ~I
288A-JK-53354
Title:
Ie)
~_~
~-
Attn:
.,..'~"
(Pending);'
(Pending),.
ANONYMOpS ROMANIA
bl
sYnoPsisu:mmu(I~)mu+
regard~ng Anonymous Romania's

members, activities, and plans.
b3
b7D
bl
b3
JI'I
CONFIDENTIAL//FS!
RO'6"REL ''0USA, ROU
To:
Re:

163L-BO-893, 06/27/2012
bl
b3
CONE'IDENT!:ATe/,'PSI
M'g'/REL
'I'O USA.
ROO
COUE'!!NfI1tLJ
To: Cyber
Re:
lEG!
ROO, Hfi
'1'0 eSA~
Frpm: Bucharest
163L-BO-893, 06/27/2012
bl
b3
CONe' I DENTlAIi//F61
Roe/REL TO USA,
ROH
CONFI!N'l'IAL//EGI
ROO/REL TO USA~U
To: Cyber From: Bucharest

Re~ 163L-BO-893,06/27/2DL2
bl
b3
~ONFIDENTJ1n'l !FGI 009/REL
TO
uSA, ROU~
"
CONFIDEN'l'IAL,TFG:f RO'tfrREL ''0 OSA;-ioO
To:
Re:
Cyber
From: Bucharest
163L-BO-893, 06/27/2012
LEAD (s) :
'SetLead 1:
(Action)
CYBER'
AT PITTSBURGH, PA, CIRFU
conduct searches of relevant, dat.aae.t
s and
provide any informat,ion on the channels #OpRomania and
#tangodown. Also, provide any information on planned attacks on
Romania due to the recerrtar-r-ests,
of Anonymous Romania members i-f
encountered.
Set Lead 2:
(Info)
JACKSONVILLE
AT JACKSONVILLE, FL
Read and cl.eer .
Set Lead 3:
(Info)
INTERNATIONAL OPERAT'IONS
AT EURASIA UNIT, DC
Read and clear .
CONFIDEN'fIAL//FG!
ROt1/ML fO USA, ROU
~~
(R,~v."QSOI.2008)
UNCLASSIFIED
ROUTINE
Precedence:
To:
Date:
Cyber
Attn:
Jacksonville
Attn:
Attn:
From:
b6
b7C
Eurasia Unit, SSA '---__ .....
Bucharest
Contact: ALATI~
-r__
~
~I
~I
Drafted By:
288A-JK-53354
b6
b7C
c==J
Approved By:
Title:
06/25/2012
-;~
(Pending)'"
(Pending)",Ot1
ANONYMOOS ROMANIA
Synopsis: Provide details of arrest and case update.

Details:
On 5/29/2012
I The prosecutor placed

two of 't,hesubj ects under arrest including the primary suspect
implicated in the Lake County Sheriff's Office (LCSO) computer
intrusion, I
arrested was ~I
__.!J The other' person
b6
b7C
b7D
b6
b7C
b7D
Although Legat Bucharest would have liked to work

towards I
I extradition to the United st.ates to face
prosecution, due to the extradition treaty between Romania and
the United States (US), he cannot be extradited until all legal
proceedings in Romania, including the prison sentence, are
complete. Once judicial authority has been requested in a
UNCLASSIFIED
b6
b7C
UNCLASSIFIED
TQ:
Re:
Cyber
From:
Bucharest
163L-BQ-893, 06/25/2012
Romanian investigation,
such as a search warrant, the" police" are
unable to pass the case to another jurisdiction
for p.rosecut.i.on ,
Addit.LonaLl y , because" Romania charged the Leso in their
indictment,
extradition
proceedings would face a more fundamental
double-jeopardy
issue in both the US and Romania.
UNCLASSIFIED
2
UNCLASSIFIED
To:
Re:
Cyber
From: Buch~rest
163L-BO-893, 06/25/201'2
LEAD (s) :
Set Lead 1:
(Info)
CYBER
AT CCU-l, DC
Read and clear.
Set Lead 2:
(Ipfo)
JACKSONVILLE
AT JACKSONVILLE, FL
Read and clear.
Set Lead 3:
(Info)
AT EURASrA UNIT, DC
Read and clear .
UNCLASSIFIED
3

FBI Anonymous Anti-Sec LCSO - Org FOIA Documents

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

FBI Anonymous Anti-Sec LCSO - Org FOIA Documents

Hochgeladen von

Copyright:

Verfügbare Formate

FEDERAL

Total Deleted Page(s)

FEDERAL BUREAU OF INVESTIGATION

Synopsis: To open case and document meeting with

of LCSO was interviewed on

Jacksonville From: Jacksonville

Writer reached out to Cyd HQ, Bucharest ALATI

FBI SA provided the following:

FBI ALAT Bucharest provided the following:

To: Jacksonville From: Jacksonville

[please note, some of the above may be misspelled]

ALAT Bucharest advised that!

Based on the above information Writer requests the above

~D-340a (Rev. 1-27-03)

'..;.,'~, '_',,!-,-' '0,:..',",,-.,' __~ ,..."

.:,.-;'.,...'.,_:<_',...'/_"',...:'<! __' _': ., :;,-:'_'.'

Serial # of Originating Do'cu,inent--:-- ....

(City and State)

Original notes re interview of

FO-340 (Rev. 4-11-Ol)

88f) , \J'K - S 33~L{

Serial # of Originating Document

" Receipt Given

Original notes re interview of

UNSUB (S); LAKE COUNTY SHERIFF'S OFFICE - VICTIM

6061 Gate Parkway

(" A RT ~prvir,p R Pl111Pc:t("nnfirmMinn

FD-597 (Rev 8-11-94)

,UNITED STATES DEPA&TMENT OF JUSTICE

h.;(1 I2g ,-kt I All y $~0 k ~It""',~

I FO340 (Rev. 411"()3)

Original notes re interview of

4460 wasfiYlgtoYl Road SlAite 2Q EvaYls, Georgia 30809

AUT t3 u cho (~.),'

(City and State)

Original notes re interview of

Prosecutors Department for Organized Crime and Terrorism - Central structure

Comunicat de presa - 29.05.2012

Comunicat de presa - 29.05.2012

Procurorii Dlrectlel de Investigare a Infractiunilor de Criminalitate Organizata ~i Terorism

Comunicat de presa - 29.05.2012

La sediul D.LI.C.O.T.vor fi aduse in vederea audierii 12 persoane,fata de care se

(City and State)

(Communication Enclosing Material)

Original notes re interview of

CART Exam Service Request Confirmation - lA Material

Service Request 10:

UNSUB (S); LAKE COUNTY SHERIFFS OFFICE - VICTIM

Agency Case/File Number:

copy media and give to SA and retum originals to evidence.

CART Service Request Confirmation - lA Material

Fjeld Office Acquiring Evidence

Tov are~ Fi , 3 ;).77 8'

(City and State)

Grand Jury Material- Disseminate Only Pursuant to Rule 6 (e)

Original notes re interview of

0 Original notes re interview of

Cfr ED- 19'Z..

,LAKE COUNTY SHERIFFS OFFICE

Source from which Property Acquired:

Anticipated Disposition: Acquired By:

WESTERN DIGI~AL MY BOOK STUDIO EXTERNAL HARD DRIVE,

FEDERAL BUREAU OF INVESTI