nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Romney tax return 'hacker' Dr Evil gets his sentence reviewed

Appeal offers a laugh-a-minute how-not-to guide for would-be criminal masterminds

By Richard Chirgwin, 16 May 2017

Michael Mancil Brown, aka Dr Evil, who tried to extort a million dollars from PricewaterhouseCoopers on the basis that he'd nicked Mitt Romney's tax returns, has had a win on appeal and will be sentenced anew.

Brown's original four-year sentence (and US$200,000-plus fine) came last year, punishment for pretending he'd hacked PWC servers, secured copies of Romney's tax returns and threatening to publish them if the ransom wasn't paid.

In spite of a relatively light sentence compared to the maximum possible quarter-century behind bars, Brown reckoned it was too long, and appealed.

The basis of the appeal was that part of the sentence was for a charge of trying to obstruct justice, because Brown had tried to convince investigators that someone else with access to his computer might have been the perp.

Perhaps surprisingly, the appeal judges R Guy Cole, Jeffrey Sutton and Raymond Kethledge agreed (PDF) on that one point, and have sent the case back for sentencing with Brown in remand.

The judgement provides three reasons that Brown didn't obstruct justice:

  • Brown had said other people than him had “access” to his computer, but that didn't result in any “significant” obstruction of justice;
  • When he provided prosecutors with a list of visitors to his home, it was in response to a question they'd asked; there was no accusation that the list was false; and the lawyers said the list wasn't an attempt to clear his name; and
  • Anyhow, the list didn't impede the investigation, it helped, because all eight were called as witnesses and undermined Brown's testimony.

Brown had also asked the judges to overturn his conviction, but they weren't having any of it: “We affirm Brown’s convictions but vacate his sentence”.

How not to opsec

Brown clearly thought all he needed to protect himself from discovery was Tor, because everything else about his opsec was hilariously bad.

Nobody needed to crack Tor, however: when he offered his story around, he left enough information about himself on the USB keys he sent media outlets (as well as a couple of cat pics).

From the judgement:

All three flash drives contained a file named “Romney1040-Collection.7z.” ... The unallocated space on the drives also held text strings and two photos of cats. The PricewaterhouseCoopers flash drive held the text string, “5276 dolphin kathryn.” … The Democratic Party drive had the string “4154 dolphin KnightMB.”

A series of Google searches using “KnightMB” revealed an email address, knightmb@knightmb.dyns.org, and that a 33 year-old Tennessean named Michael Brown made online posts connected to that address.

From there, it was trivial: Tennessee's Department of Motor Vehicles provided his address and the detail that his wife's name is Kathryn, he'd used the knightmb@knightmb.dyns.org in his AT&T customer records, he'd posted YouTube videos of himself using the moniker “KnightMB”, and more.

The judgement remarks: “When criminal-law cases imitate art, they do not always choose its highest form. In Austin Powers: International Man of Mystery, Dr. Evil develops a plan to steal a nuclear warhead and to hold the world hostage for $1 million.”

This Dr. Evil was just as hopeless, it seems. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing