Matthew Keys Sentencing – 8. Comparable Anonymous Prosecutions

Jay Leiderman
By: Jay Leiderman
June 11 2016

This Post Continues A Series That Will Comprise The Entirety Of The Matthew Keys Sentencing Documents Filed By The Defense – Part 8


Raynaldo “Royal” Keys aka “Neuron” and Cody Kretsinger aka “Recursion_” – Central District of California (Los Angeles) One year and one day in Federal prison, 13 months house arrest and 3 years supervised release. 

In late May, 2011, Kretsinger received a call from his friend Monsegur.  Kretsinger and Monsegur had known each other for years.  Kretsinger was 24 and a long-time member of Anonymous.  He claimed he had participated in the DDoS of the Church of Scientology and other Anonymous “Ops.”  Monsegur called because he was looking to recruit talented hackers for LulzSec.  Kretsinger attended the prestigious Arizona School the University of Advancing Technology.  This little but massively prestigious school, barely heard of throughout most of the world, is a pipeline of some of the most gifted computer hackers to the NSA, FBI and top corporations.

Kretsinger was an administrator at the school’s computer lab.  In essence, he was the brilliant elite computer nerd among a small sea of brilliant elite computer nerds.  He recruited two other computer lab admins, Royal Keys and his roommate (known as DevRandom) into LulzSec at the height of LulzSec’s fame.  Keys and DevRandom were the most talented students at the school.

The three spent most of the day all day in the LulzSec private chat room.  They truly became part of the group.  DevRandom dropped out, but Kretsinger and Keys participated in the Sony Pictures hack.  Ackroyd had found a vulnerability in the Sony Pictures site, housed in LA.  Sabu commanded Kretsinger and Keys to use a proxy server, a VPN, like in Keys’ case, to hide their identities.  Then Monsegur commanded Kretsinger and Rivera to harvest parts of Sony’s database.  Altogether, 8 LulzSec members harvested just under 37,000 names and personal identifying information.  Monsegur made the information public.

Kretsinger left school thereafter.  He came back to Phoenix in January 2012 to talk to Rivera, out of the blue, in a Best Buy parking lot, about LulzSec.  Keys politely declined.  Keys, not being blind to basic concepts of police investigations, suspects Kretsinger was cooperating with authorities at that point in time.[1]  Nonetheless, Keys came home one day and was met by the FBI.  This was in April 2012.  Rivera confessed.

Keys, who was 18 and turned 19 during the two weeks he was part of LulzSec, and Kretsinger pled guilty and were sentenced as described above, plus they were ordered to pay $605,000.00 in restitution joint and severally.

Here we again see Monsegur’s role as not just leader, but as recruiter.  Neither Kretsinger nor Rivera had criminal records. Rivera had never been in any type of trouble in his life, nor had he ever been involved in any criminality.  Based upon Rivera’s observations and logical conclusions, Kretsinger was almost certainly an informant, yet he received more time than Monsegur.  Rivera’s criminality was but a speck compared to any other of the Internet Feds or LulzSec members, as was Keys’, yet Keys received a year and a day and Keys faces a presumptive term of up to 70-87 months.  It cannot be stated enough that Monsegur received 7 months in jail, not even prison.

Rivera lost his job at a prestigious tech firm in Chandler, AZ and was expelled from the University of Advancing Technology.  He is finishing up his degree at community college.  He is also earning copious certificates in network security, coding and like areas.

Kretsinger claims to be a “Security Researcher, Former LulzSec Member, and seriously amateur home brewer.”  His website states: “With the ever-changing nature of Security and Cody’s involvement with one of the most notorious hacking groups in history, Cody is dedicating his life to helping people understand the many facets of Security.”  Of note, as it no doubt factored into his sentence, militating against leniency due to Kretsinger’s presumed cooperation was that just about his entire family was sworn law enforcement personnel.

Rivera’s life is going very well, despite the fact that he has had myriad problems securing permanent employment.  He reports he stays out of IRC altogether.  He doesn’t want to go anywhere that there is even the possibility of trouble.  He spends his spare time earning additional computer certifications.[2]

Joshua Covelli aka “Absolem”; Santa Cruz County DDoS

PayPal 14 defendant Joshua Covelli was charged along with Christopher Doyon, who is commonly known by his sobriquet Commander X, for a DDoS protest on Santa Cruz County.  The DDoS was in response to laws that essentially outlawed homelessness in Santa Cruz by making it unlawful to sleep anywhere that is remotely public.  The DDoS activity hit the County servers at noon on December 17, 2010 (3 days after Keys is said to have passed the “ngarcia” credential) and slowed the system for 17 minutes.  Damage was assessed at approximately $6,300.00.  Commander X, believing pretrial release terms related to staying off of Twitter and out of the IRC were too onerous, fled the country and is still a fugitive, presumed to be in Canada.  Covelli was charged in a separate complaint from the PayPal case.  He pled guilty to both cases and received concurrent sentences of one year supervised release, and was then allowed to retract his two felony pleas and enter pleas to two misdemeanors.  Despite being charged in two cases, Covelli served no time.  Like PayPal, this case was in the Northern District of California (San Jose – Silicon Valley’s home court).

Likewise, Covelli is getting his life back together and is doing well since his case ended.  He initially went back to his home in Ohio and started a computer repair business.  After 9 months he moved to Colorado where he is happily employed.


Payback 13

2 years after the PayPal 14 case first came to court, and after the re-pleader plea agreement was reached, the USDOJ, apparently unsatisfied with a lack of blood taken from defendants in the in the Northern District of California, filed charges against 13 individuals in connection with the Visa and MasterCard DDoS protests.  In a move that was arguably heavy-handed, the Government filed the cases in the Eastern District of Virginia; the “Rocket Docket,” known as one of the toughest jurisdictions in the United States.  Pleas of 24 months prison time per defendant were offered to all 13 defendants.  When the Judge was advised of the proposed pleas[3] he erupted in furious anger at the government, demanding to know why the same crime would not be similarly punished as its twin.  Weeks later, all 13 “Payback” defendants had pled guilty to a felony.  The plea included a provision that after a year of supervised release wherein the only term was to not commit any new offenses, the felony plea would be withdrawn and a misdemeanor substituted therefor.  The damage in that case was reportedly $8,917,010.82.[4]  No one went to jail in that case.

For some cruel reason the Government chose to indict one person in both the PayPal14 and Payback13 – the terminally ill Dennis “Owen” Collins.  The Unites States of America chose to make his last few years on Earth miserable, causing Collins to contemplate suicide multiple times before he died.[5]  Keys mentions this because it seems that these Anonymous prosecutions may be brought forth more for the purposes of exacting vengeance, for public exposure and to advance the careers of the prosecutors who bring these cases than for achieving justice than for achieving justice.

Project Chanology aka Operation Chanology

In 2008, Anonymous launched widespread protests against the Church of Scientology.  The project was started in response to the Church of Scientology’s attempts to remove material from a highly publicized interview with Scientologist Tom Cruise from the Internet in January 2008.  The video, is colloquially known as the Crazy Tom Cruise video.”

In the video, music from Cruise’s Mission: Impossible films plays in the background, and Cruise makes various statements, including saying that Scientologists are the only people who can help after a car accident, and that Scientologists are the authority on getting addicts off drugs.[6] The Daily Telegraph (Australia) characterized Cruise as “manic-looking” during the interview, “gush[ing] about his love for Scientology”.[7]

The protests evolved into a response to the Church “acting as a brainwashing cult” and “not allowing their members to leave.”  Anons tried to get Scientology to be the first result for those that googled “Brainwashing Cult.”  There was an attempt to get the IRS to review the Church’s tax-exempt status, a black fax campaign, where one sends a fax of black paper to a fax machine in order for the machine to quickly run out of toner, repeated prank telephone calls, indeed the main Scientology “1-800” number was tied up for days, physical protests outside almost every Scientology Church on Earth on February 10, 2008, and a weeks-long DDoS campaign.  Guzner and Mettenbrink, as described below, were charged for the DDoS protests.

The Op was so-named because members of Anonymous find their roots in a website called, specifically  Those that use the website are not logged in, but are instead give the user name “Anonymous.”  “Chan” was combined with “ology” for the portmanteau Chanology.

Dmitriy Guzner, 19, known by the alias “Aendy,” was arrested by the FBI in 2008 for attacking Church of Scientology computers. He was sentenced in New Jersey in 2009 to a year in prison and two years of probation, making him the first hacker to ever be arrested in connection with Anonymous.[8]  He was ordered to pay $37,500.00 per the terms of a plea agreement.  The Church of Scientology alleged damages of $119,000 – the amount it cost the organization to hire an outside company to protect against the attacks.[9]

Brian Mettenbrink, 20, was also imprisoned for a year and ordered to pay $20,000 in restitution at a sentencing hearing held in Central District of California in May 2010. Mettenbrink had earlier pleaded guilty to taking part in attacks protesting internet censorship by the Church and organized under the loose banner of Anonymous.

As part of an earlier plea bargaining agreement, Mettenbrink admitted using custom software (A LOIC) from a message board run by Anonymous to throw useless traffic at Church of Scientology websites. Some sites became intermittently unavailable in January 2008 as a result of the efforts of Mettenbrink and many others. The attacks began after the Church demanded the takedown of videos featuring Tom Cruise at an awards event.[10]

Mettenbrink was charged with a misdemeanor.  He left his LOIC running in the background of his computer for days and caused the second most damage of anyone involved in the Operation Chanology DDoS.

Mettenbrink has been features in the documentary “We Are Legion: The Rise of the Hacktivists.”  Though still on supervised release at the time of the movie’s filming, he was doing well and his life was getting back on track.


Higinio Ochoa aka “W0rmer” or “Anonw0rmer”; Cabin Cr3w

Higinio Ochoa of Houston, TX, 33 when arrested, got his first computer when he was 10. “At the time my grandmother worked for NASA,” he said, “She was an EEG technician and did EEGs on the astronauts, so very early on she got this thing that people are calling a personal computer. Plugged that in, played with it, and I was hooked.”[11]

Suddenly, he had a new application for the skills he had been cultivating for the past 15 years. He was simultaneously politically motivated and really, really pissed off. So he hooked up with some hackers who were loosely affiliated with Anonymous calling themselves The Cabin Crew[12] and began to hack the cops. He hacked the West Virginia Chiefs of Police website. He hacked the Mobile, Alabama Police Department and the Texas Department of Public Safety. He hacked website of Houston County, Alabama.[13]  In the County of Houston’s website hack in Alabama Ochoa ‘created fake events on their online, posted images representing Anonymous and CabinCr3w, deleted all the administrator accounts except the one created by the attacker’.

When w0rmer posted the information he got from one of his hacks, he didn’t just post a wall of text. He wanted it to look nice. “All of my hacks have a pretty general layout to ’em,” he says. “I had done web design for a while so that kind of shows in the fact that I like themes. I like to use ASCII text. I like to have header images. I like to have something taunting. I like to have a music video at the end.”

Thus unlike Keys, who taunted no one and did not share any materials from the LA Times deface, Ochoa was proud to make his a spectacle.  Also in contrast to Keys, who gave a groggy statement that implicated only himself and had no intention of misleading the FBI, W0rmer wrote a Pastebin open letter: ‘I did tell FBI that I would participate in the capture of my fellow crew mates, a play which undoubtfully [sic] both satisfied and confused the FBI.  ‘Those however who know me best would vouch for me undoutfully [sic] that doing so would put this movement at risk.  ‘ALL information provided to the FBI merely made MY case weaker and caused internal confusion showing the inherent weakness in the system.’  In terms of obstruction of justice, Keys should be accorded leniency in comparison.

CabinCr3w was also responsible for leaking email address and confidential information from Goldman Sachs executives in September 2011, Gizmodo reported. In February 2012, the group infiltrated the Los Angeles County Police Canine Association database, and leaked names, addresses and phone numbers of more than 100 police officers.

As sensational as it may seem, Ochoa was captured because of his wife’s[14] breasts.  “Here is what happened: back in February, Ochoa allegedly posted a tweet using the handle @Anonw0rmer. In that tweet, he directed followers to a site in which he posted pilfered information from various law enforcement agency websites. At the bottom of that site there was the image of this woman, now identified as his girlfriend, with a sign that read “PwNd[15] by w0rmer & CabinCr3w <3 u BiTch’s !”

“The picture—taken with an iPhone—had GPS information which showed that the photo was taken at the woman’s home in Wantirna South [a Melbourne suburb in Australia]. The GPS information was embedded in the photo’s EXIF data (EXIF is a set of standard tags that includes information such as location, camera type, and other image information in every photo you take with your smartphone).

“Other tweets from @Anonw0rmer pointed to other sites that contained references to the w0rmer alias and more pictures of this woman. Some of the sites had Ochoa’s name connected to the w0rmer alias, which was enough cause for the FBI to gain access to Ochoa’s Facebook page. There, the discovered that he listed the Australian woman as his girlfriend, and showed off several of her photos.”[16]

The FBI was also able to discover that Ochoa covered his tracks by hacking into his neighbor’s wireless Internet connection.

We must admit that Monsegur is doing well.  All reports are that Ryan Cleary is doing well since his incarceration.  But for Jon Cowden[17], an anomaly, every single person caught up in these 2010-2012 cases has turned out well.

Such is the case for Ochoa.  He is a proud father.  He married his Australian girlfriend.  He is employed, and notwithstanding his computer restrictions, he works as a computer programmer from home.  His supervised release officer is satisfied with his progress.[18]  Ochoa is on the way to leading a happy and productive life.  He is already contributing to society ion a positive way.

As one reporter put it: “When I visited Ochoa’s apartment in Austin, it didn’t look different than, say, my house. His electronics weren’t locked away, there wasn’t a login for his TV or anything like that. In fact, Ochoa is a programmer with several computers in a spare, barely furnished room he calls his “lab.” But there is a standing rule around the house — if it connects to the Internet, he can’t touch it. If he uses it, it must be completely disconnected.”[19]

There is every reason to believe Ochoa will continue to lead a law-abiding life.

He was prosecuted in the Central District of Texas (Austin) and sentenced to 27 months imprisonment and three years’ supervised release.

John Anthony Borell aka “Kahuna”; Cabin Cr3w.

Court documents filed April 15, 2013 show 22-year-old John Anthony Borell III agreed to plead guilty to five charges related to the hacking of law enforcement websites in Utah, California, New York and Missouri.  As part of the deal, Borell admitted to hacking into the websites for Salt Lake City police; the Utah Chiefs of Police Association; police in Syracuse, N.Y.; the city of Springfield, Mo.; and the Los Angeles County Canine Police Association. He also would admit to hacking into a local community website in Illinois called “Pendleton Underground.” The attacks all occurred between September 2011 and February 2012. [20]

According to a separate criminal complaint, he exposed the names and private details of almost 500 police officers after using an automated script to carry out SQL injection attacks on websites belonging to the Utah Chiefs of Police and the Salt Lake City Police Department.[21]  Borell was indicted in several judicial districts.

Like Kretsinger, whose family was mainly in law enforcement, and Ackroyd, who had military training, Borell came from a situation that worked heavily against him when it came time for sentencing.  Indeed, Borell’s father and grandfather are both attorneys in Toledo.[22] Worse yet, Borell’s grandfather is actually a PROSECUTOR in Toledo.[23]  “”I talked to my lawyer,” Kahuna wrote in one IRC chat with someone using the handle Presstorm. “The benefit of having a father as an attorney is I have connections.”[24] Borell said that if the FBI showed up he would simply give them his father’s card and he would be protected by his father.[25]  He quickly came to understand how wrong he was.  Borell had drank so much of his own kool-aid that he thought that his grandfather’s office would be giving him a grant of immunity.[26]

Whatever may be said of Keys, he never had the arrogance to think that he was above the law in any way, let alone the way that Borell did.  Borell simply had disregard for the peasantry that wasn’t worthy of his stature because they didn’t come from a family of power brokers in Toledo.  Borell assumed he could do what he wanted because he had a family of lawyers.  Keys grew up poor with a step-father that beat him.  The offenders are not the same, and that should be reflected in the punishments.

The complaint filed in Borell’s case paints a series of gaffes that led investigators to the Toledo man. Among them was a leaked chat transcript in which someone identified only as “Kahuna discusses website hacking.”  Investigators also benefited from tips that allegedly were made to the FBI in the “younger” Borell’s name.  “The tips stated Borell has participated in numerous government agency intrusions as well as the leaking of classified documents,” the FBI wrote. “Borell was active in anonops (Anonymous operations) and has aided in the hacking of multiple individuals as well. The tips further claimed that Borell was the lead in the satiagraha leaks of Brazilian files and hosted them on his website,, and had been in contact with Sabu.”  Investigators also subpoenaed Twitter for information linked to a user named @ItsKahuna, who used the account to announce the website intrusions and communicate with journalists covering the resulting information dumps. All four of the IP addresses that had been used to access the Twitter account had ties to Borell, the FBI said. One belonged to a Toledo resident who lived about 300 feet from him. During the time it was assigned to the resident, @ItsKahuna issued a tweet that read: “Neighbors I thank you for installing a new router today and choosing WEP to protect it. I much appreciate the extra bandwidth for torrents.”[27] Two other IP addresses belonged to a business and a church Borell had worked for, the FBI said.

Despite the prolific nature of Borell’s hacking, the fact that it was directed at law enforcement when his own grandfather was a prosecutor, the way Borell not only bragged but taunted and reveled in his attempts to gain fame, he was sentenced to three years – less than half of Keys’ presumptive guideline term.  Moreover, that deal covered all judicial districts that he had open indictments in.  According to Borell’s plea deal, he will have to pay nearly $230,000 in restitution to the various institutions that he hacked.[28]

While he was out on supervised release, Borell got married.  He took pains to circulate pictures of him and his bride all over Twitter – wearing Guy Fawkes masks, showing not a commitment to each other, but to Anonymous.  Keys has given no indication that he has any connection with that world any longer.  Indeed, his behavior on supervised release has been exemplary.

[1] No part of this brief came from materials that were part of Keys/Kretsinger’s case.  All that is stated herein are Keys’s personal observations and conclusions.  IT may well be that Kretsinger did not cooperate with authorities.

[2] Because Leiderman was Keys’s lawyer, he has no contact with Kretsinger.

[3] Attorney Jay Leiderman has confirmed this with attendants of the hearing.

[4] Payback 13: Last of Anonymous anti-copyright hacktivists sentenced in Virginia

[5] Attorney Leiderman states this fact based upon his personal “reliable hearsay” knowledge, alsong with being privy to efforts to help Collins through his down periods.


[7]  The Daily Telegraph staff; Agence France-Presse (January 16, 2008). “Tom Cruise scientology video leaked on the internet: We’ve always known Tom Cruise is a bit looney, but his latest scientology propaganda video leaked on the internet crosses the line into the downright creepy.”,22049,23060524-5007132,00.html

[8] 7 Anonymous Hackers Who Have Been Unmasked


[10] Second man jailed over Scientology DDoS attacks


[12] The Cabin Crew was a small clique of Anons that did their own ops and shared information amongst the bunch of them.  In many ways they were like LulzSec, in most ways they were much more akin to “typical” Anonymous members.  They were named the Cabin Crew because like Log Cabin Republicans, many were assumed to be homosexual, and no one knew if this was a joke or a mistaken assumption.

[13] Id, fn. 47.

[14] She was then his girlfriend. As of a few days ago, Ms. Ochoa announced that she was pregnant with their second child.

[15] “Pwnd” is an internet slang term for owned.  If you are hacked, you are owned, or pwnd.  Darryn Matryn, discussed in this brief, goes by the alias “PwnSauce”


[17] Despite his snarky interview with FreeAnons, there is no reason to expect that one trip back to prison won’t get the message across to Cowden that he must strictly adhere to his supervised release terms.  According to conversations with Cowden’s girlfriend, Cowden’s primary problems are being severely bipolar and being unable to find work after his conviction.

[18] Verified by Mr. and Mrs. Ochoa.







[25] (19:11:20)<Kahuna> I talked to my lawyer, the benefit of having a father as an attorney is i have connections

(19:11:25)<Kahuna> he will be representing me

(19:11:52)<Kahuna> He said when the FBI shows up dont tell them anything and give them his card and tell them if they need to talk they should go through him

(19:12:13)<Kahuna> And i wont be speaking till they contact the district attorney’s office and get a full grant of immunity

(19:14:04)<Kahuna> I told him i wont be giving up anyone

[26] ID.

[27] Short for Wired Equivalent Privacy, WEP has long suffered from weaknesses that make it easy to break the cryptography protecting wireless traffic.



Matthew Keys
Jay Leiderman, Tor Ekeland and Mark Jaffee, Matthew Keys’ legal team leave court with Matthew


2 thoughts on “Matthew Keys Sentencing – 8. Comparable Anonymous Prosecutions

Leave a Reply

Your email address will not be published. Required fields are marked *