According to an FBI chargesheet filed in the US District Court for the Northern District of Texas (Dallas Division), Kamyar Jahanrakhshan tried to get articles removed from the Sydney Morning Herald, a site for legal articles known as Leagle.com, Metronews.ca, a Canadian news website, CBC in Canada and Canada.ca.
The chargesheet, filed by FBI special agent Matthew Dosher, said Jahanrakhshan migrated to the US in 1991 and took US citizenship; he then moved to Canada about four years later and became a permanent resident there. He had a conviction for second degree theft in Washington state in 2005 and this was vacated in August 2011; he also had a 2011 conviction for fraud and obstruction in Canada.
The attacks on the Sydney Morning Herald took place in 2015 and 2016. The chargesheet said the Fairfax Media website was hosted at Quadranet and the servers located in California. One DDoS attack was brought to the attention of the FBI in Dallas in April 2015.
The chargesheet said between January and April 2015, Jahanrakhshan communicated with someone who had the initials DG at Fairfax Media, initially asking that two articles from September 2011 be taken down. When he was told that this would not be done, he offered to send A$500 to pay for the removal of the articles.
Jahanrakhshan continued to email Fairfax Media and became more aggressive in his approach, asking for the money to be returned if the articles were not going to be taken down.
In February 2015, Fairfax Media received an email from "Anonymous Hackers" claiming responsibility for the DDoS attacks on the website. The email said:
"We are responsible for all of the DDoS attacks incurred by many of the Fairfax Media websites during the past 11 days. You must be aware of them.
"Our demand to halt these attacks is simple and trivial.
"There are two articles that were published in one of your newspaper in 2011. They are concerning one of our colleagues.
"We are demanding their immediate Take Down. If you refuse a systematic DDoS attacks against Fairfax Media websites will ensue. On the other hand, if you comply and delete the subject articles from your archives, all attacks will be immediately halted.
"If you decided to comply, simply reply to this email and we will send you the subject URLs for deletion."
The chargesheet said the Australian Federal Police informed the FBI in September 2015 that Jahanrakhshan had stepped up his threats and was now sending faxes threatening bomb attacks. He threatened to "call in bomb threats to different places, including Courthouses in Vancouver".
The Sydney Morning Herald was hit by another DDoS in February 2016 and an email arrived from the "Anonymous Hackers" claiming responsibility.
On 23 February that year, an email with the subject line "SMH Digital is down again" arrived. It read as under:
"We just took down the SMH Digital once again. Your paying customers cannot login to read the SMH or other fairfax digital papers.
"You know what to do to restore services. TAKE THESE DOWN:
"We won't stop our exploits against fairfax until these articles are removed."
A similar email was sent to Fairfax Media on 25 February.
The chargesheet outlined the approach made to the other news websites in similar detail. The methodology was similar and sought similar outcomes.
The AFP's announcement of the arrest of Jahanrakhshan gave his age as 37 and said he was arrested on 26 July.
He has been charged with transmission of a code or command and intentionally causing damage to a computer and is expected to face court on 14 August.