Former YouSendIt CEO Pleads Guilty to Launching a Cyber Attack Against His Former Company
|U.S. Attorney’s Office June 24, 2011|
SAN JOSE—United States Attorney Melinda Haag announced that Khalid Shaikh pleaded guilty yesterday to transmission of a code to cause damage to a protected computer, in violation of 18 U.S.C. §§ 1030(a)(5)(A) & (c)(4)(A). This guilty plea is the result of an investigation by the Federal Bureau of Investigation.
In pleading guilty, Mr. Shaikh admitted that YouSendIt, Inc. (“YouSendIt”) was a company based in Campbell, California and engaged in the business of digital content delivery through the Internet. YouSendIt enabled users to send, receive, and track large files of digital data. YouSendIt’s web servers were located in San Jose, California. These servers are also used to facilitate interstate and foreign commerce and communication.
Shaikh was one of the founders of YouSendIt in 2004 and served as the Company’s Chief Executive Officer until August 2005. Thereafter, Shaikh served as the Company’s Chief Technology Officer until he departed from YouSendIt in November 2006.
Beginning in or about December 2008 and continuing through June 2009, Mr. Shaikh sent an ApacheBench computer code to YouSendIt’s servers. ApacheBench is a benchmarking program used for measuring the performance of computers known as web servers. ApacheBench was designed to determine the number of requests per second a server is capable of serving. By intentionally transmitting the ApacheBench program to YouSendIt’s servers, Mr. Shaikh was able to overwhelm the servers’ capabilities and render it unable to handle legitimate network traffic.
A Federal Grand Jury in San Jose, California returned an indictment against Mr. Shaikh on October 28, 2009. He was charged with four counts of transmission of a code to cause damage to a protected computer, in violation of 18 U.S.C. §§ 1030(a)(5)(A) & (c)(4)(A). Under the plea agreement, Mr. Shaikh pled guilty to count one of the indictment.
Mr. Shaikh has been released on $100,000 bail. The sentencing for Mr. Shaikh is scheduled for September 29, 2011. The maximum statutory penalty for each count of transmission of a code to cause damage to a protected computer in violation 18 U.S.C. §§ 1030(a)(5)(A) & (c)(4)(A) is five years’ imprisonment, three years of supervised release and a fine of $250,000, plus restitution if appropriate. However, any sentence following conviction would be imposed by the court after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. § 3553.
Hanley Chew is the Assistant U.S. Attorney who is prosecuting the case with the assistance of Lauri Gomez.
Case #: CR 09-1049 JF
A copy of this press release may be found on the U.S. Attorney’s Office’s website at www.usdoj.gov/usao/can.