Security Market Segment LS
Thursday, 03 August 2017 07:17

Man used DDoS to try and get Fairfax Media, others to remove articles Featured


A 32-year-old man from Seattle who was arrested for mounting a series of distributed denial of service attacks on businesses in Australia, the US and Canada, wanted articles about himself removed from various news sites, including Fairfax Media.

According to an FBI chargesheet filed in the US District Court for the Northern District of Texas (Dallas Division), Kamyar Jahanrakhshan tried to get articles removed from the Sydney Morning Herald, a site for legal articles known as,, a Canadian news website, CBC in Canada and

Ars Technica was the first to file a detailed report on the case; the arrest was reported by iTWire on 29 July.

The chargesheet, filed by FBI special agent Matthew Dosher, said Jahanrakhshan migrated to the US in 1991 and took US citizenship; he then moved to Canada about four years later and became a permanent resident there. He had a conviction for second degree theft in Washington state in 2005 and this was vacated in August 2011; he also had a 2011 conviction for fraud and obstruction in Canada. 

In each case, Jahanrakhshan, who was deported back to the US as a result of the Canada crime, launched DDoS attacks on the news websites and then contacted them.

The attacks on the Sydney Morning Herald took place in 2015 and 2016. The chargesheet said the Fairfax Media website was hosted at Quadranet and the servers located in California. One DDoS attack was brought to the attention of the FBI in Dallas in April 2015.

The chargesheet said between January and April 2015, Jahanrakhshan communicated with someone who had the initials DG at Fairfax Media, initially asking that two articles from September 2011 be taken down. When he was told that this would not be done, he offered to send A$500 to pay for the removal of the articles.

Jahanrakhshan continued to email Fairfax Media and became more aggressive in his approach, asking for the money to be returned if the articles were not going to be taken down.

In February 2015, Fairfax Media received an email from "Anonymous Hackers" claiming responsibility for the DDoS attacks on the website. The email said:

"We are responsible for all of the DDoS attacks incurred by many of the Fairfax Media websites during the past 11 days. You must be aware of them.

"Our demand to halt these attacks is simple and trivial.

"There are two articles that were published in one of your newspaper in 2011. They are concerning one of our colleagues.

"We are demanding their immediate Take Down. If you refuse a systematic DDoS attacks against Fairfax Media websites will ensue. On the other hand, if you comply and delete the subject articles from your archives, all attacks will be immediately halted.

"If you decided to comply, simply reply to this email and we will send you the subject URLs for deletion."

The chargesheet said the Australian Federal Police informed the FBI in September 2015 that Jahanrakhshan had stepped up his threats and was now sending faxes threatening bomb attacks. He threatened to "call in bomb threats to different places, including Courthouses in Vancouver".

The Sydney Morning Herald was hit by another DDoS in February 2016 and an email arrived from the "Anonymous Hackers" claiming responsibility.

On 23 February that year, an email with the subject line "SMH Digital is down again" arrived. It read as under:

"Hi Guys

"We just took down the SMH Digital once again. Your paying customers cannot login to read the SMH or other fairfax digital papers.

"You know what to do to restore services. TAKE THESE DOWN: 




"We won't stop our exploits against fairfax until these articles are removed."

A similar email was sent to Fairfax Media on 25 February.

The chargesheet outlined the approach made to the other news websites in similar detail. The methodology was similar and sought similar outcomes.

The AFP's announcement of the arrest of Jahanrakhshan gave his age as 37 and said he was arrested on 26 July.

He has been charged with transmission of a code or command and intentionally causing damage to a computer and is expected to face court on 14 August.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments