United States District Court, E.D. New York
MEMORANDUM & ORDER
NICHOLAS G. GARAUFIS, United States District Judge.
Fabio Gasperini ("Defendant") is charged with two
counts of computer intrusion, one count of conspiracy to
commit wire fraud, one count of wire fraud, and one count of
conspiracy to commit money laundering. (See
Indictment ("Ind.") (Dkt. 3) ¶¶ 11-21.)
The charges stem from Defendant's alleged creation of a
"bother" to further a "click fraud"
perpetrated against advertising companies. (Id.
¶¶ 1-10.) The Government alleges that Defendant and
others obtained unauthorized access to computers in the U.S.
and around the world and remotely directed those computers to
fraudulently inflate the number of times that online
advertisements were "viewed."
pending before the court are Defendant's motion to
dismiss the indictment (Mot. to Dismiss ("MTD")
(Dkt. 9)), motion for a bill of particulars (Mot. for Bill of
Particulars ("BOP Mot.") (Dkt. 36)), and motion for
disclosure of grand jury materials (Mot. for Grand Jury Tr.
("GJ Mot.") (Dkt. 35)). For the following reasons,
Defendant's motions to dismiss and for disclosure of
grand jury materials are DENIED and his motion for a bill of
particulars is GRANTED IN PART and DENIED IN PART.
following statement of facts is drawn from the Indictment,
the Complaint, and an Affidavit submitted in connection with
Defendant's extradition to the United States.
is an Italian national who resided in Rome at all relevant
times. (Ind. ¶ 1.) The Government's primary
allegation is that Defendant engaged in "click fraud,
" a scheme in which an individual:
1) enters into a contract with an advertising company in
which the individual (a) places online advertisements onto a
websites and (b) receives compensation from the company based
on the number of times that users "click" on their
ads, and then
2) places malicious software ("malware") onto one
or more third-party computers and servers that directs those
computers to click on their advertisements and artificially
drives up the number of "clicks" for which the
individual is compensated.
(See id. ¶¶ 1-4.) In connection with these
schemes, individuals may develop a "botnet, "
defined by the Indictment as "a network of computers,
such as servers, infected with malicious software without the
users' knowledge or authorization." Id.
¶ 1.) The botnet's creator can then remotely direct
the network of compromised computers to engage in coordinated
action and, in a "click fraud" scheme, can
"remotely command a botnet to flood a particular website
advertisement with electronic communications that register
with the advertising company as clicks by a human user."
(Id. ¶ 4.)
Indictment alleges that between February 2011 and June 2016,
Defendant and others "surreptitiously gained entry into
multiple computer servers ... in the United States and
elsewhere" without authorization (id. ¶ 6)
and "installed... malicious software, " creating a
botnet (id. ¶ 7). The Indictment alleges that,
"[i]n establishing this botnet, [Defendant] also
obtained unauthorized access to sensitive data and files
stored on the compromised servers." (Id.)
Defendant allegedly used the botnet to commit "click
fraud" against various businesses and advertising
companies, including one named Italian advertising company.
(Ex. A. to Opp'n to MTD ("Extradition Aff.")
(Dkt. 27-1) ¶ 10.) The Indictment further alleges that
Defendant laundered proceeds from the alleged "click
fraud" through other individuals "in order to
conceal the nature of the payments and his identity."
was arrested in Amsterdam in June 18, 2016, and extradited to
the United States on April 20, 2017. (Opp'n to MTD
("MTD Opp'n") (Dkt. 27) at 2.) On August 4,
2016, a federal grand jury returned an Indictment charging
Defendant with two counts of computer intrusion (the
"Computer Intrusion Counts"), wire fraud and
conspiracy to commit wire fraud (the "Wire Fraud
Counts"); and conspiracy to launder money. (Ind.
April 24, 2017, Defendant moved to dismiss the Indictment.
(See MTD). Defendant subsequently moved for both a
bill of particulars and for disclosure of grand jury
material. (See BOP Mot.; GJ Mot.)
Motion to Dismiss the Indictment
motion to dismiss asserts three primary arguments: (1) the
Computer Intrusion Counts under 18 U.S.C. §§
1030(a)(2) and 1034(a)(4) are insufficiently pled; (2) the
statutes underlying the Wire Fraud Counts cannot be applied
extraterritorially; and (3) application of the Wire Fraud and
Computer Intrusion Counts to Defendant would violate his due
process rights. (MTD at 2.) The court disagrees with
Defendant on each of these points and accordingly denies
Defendant's motion to dismiss.
indictment... must be a plain, concise, and definite written
statement of the essential facts constituting the offense
charged" Fed. R. Crim. P. 7(c). "[A]n indictment is
sufficient if it, first, contains the elements of the offense
charged and fairly informs a defendant of the charge against
which he must defend, and, second, enables him to plead an
acquittal or convictions in bar of future prosecutions for
the same offense." United States v. Alfonso,
143 F.3d 772, 776 (2d Cir. 1998) f quoting Hamling v.
United States, 418 U.S. 87, 117 (1974)). This generally
requires an Indictment to "do little more than  track
the language of the statute charged and state the place and
time (in approximate terms) of the alleged crime."
United States v. Walsh, 194 F.3d 37, 44 (2d Cir.
1999) (internal quotation marks and citations omitted).
may raise pretrial challenges to the sufficiency and
specificity of an indictment "if the basis for the
motion is reasonably available and the motion can be
determined without a trial on the merits." See Fed. R.
Crim. P. 12(b)(3)(B)(iii), (v). "[I]n deciding a
pretrial motion to dismiss, the Court must accept the
Government's factual allegations as true, "
United States v. Carnesi, 461 F.Supp.2d 97, 98
(E.D.N.Y.2006), and the "indictment must be read to
include facts which are necessarily implied by the specific
allegations made, " United States v.
Stavroulakis, 952 F.2d 686, 693 (2d Cir. 1992) (internal
quotation marks and citation omitted).
Alleged Insufficiency of the Computer Intrusion Statutes
contends that the Indictment fails to allege several
essential elements necessary to the Computer Intrusion
Counts. Specifically, Defendant argues that the
Indictment fails to allege (1) that he accessed a
"protected computer"; (2) that he gained
"actual access" to information on those computers;
(3) that he "obtained information" through the
alleged unauthorized access; and (4) that Defendant derived
any value from the intrusions. (See
generally MTD at 3-6.) Before addressing these
alleged insufficiencies, the court briefly reviews the
statutes at issue in those counts and identifies the elements
that the Government must allege » in the Indictment.
The court concludes that the Indictment contains sufficient
allegations to survive a motion to dismiss.
The Computer Intrusion Statutes
18 U.S.C. § 1030(a)(4) (Count One)
1030(a)(4) states that:
[Whoever] knowingly and with intent to defraud, accesses a
protected computer without authorization... and by means of
such conduct furthers the intended fraud and obtains anything
of value [commits a crime], unless the object of the
fraud and the thing obtained consists only of the use of the
computer and the value of such use is not more than $5, 000
in any 1-year period.
18 U.S.C. § 1030(a)(4) (emphasis added). A
"protected computer" is, inter alia,
"a computer  which is used in or affecting interstate
or foreign commerce or communication, including a computer
located outside the United States that is used in a manner
that affects interstate or foreign commerce or
communication." Id. § 1030(e)(2)(B).
Courts have interpreted this definition to include
"effectively all computers with Internet access."
United States v. Valle, 807 F.3d 508, 528 (2d Cir.
2015) (quoting United States v. Nosal. 676 F.3d 854,
859 (9th Cir. 2012)).
18 U.S.C § 1030(a)(2) (Count Two)
1030(a)(2) makes it a crime to "intentionally access a
computer without authorization ... and thereby obtain ...
[information from any protected computer." 18 U.S.C.
§ 1030(a)(2). "Protected computer" here has
the same meaning as that noted above.
Failure to Allege Access to a Protected Computer
claims that the Indictment fails to sufficiently allege that
he accessed a "protected computer." (See
MTD at 4-5.) As noted, however, the term "protected
computer" encompasses "effectively all computers
with Internet access." Valle, 807 F.3d at 528
(internal quotation marks and citation omitted). The
allegations that Defendant transmitted malware electronically
in support of an online click fraud scheme necessarily
involve internet-connected computers. (See Ind.
¶ 5-10.) Moreover, the Indictment's recitation of
both Computer Intrusion Counts alleges that he accessed
"one or more protected computers." (Id.
¶¶ 12, 14) Both separately and taken together,
these allegations are sufficient to inform the Defendant of
the charge against him with respect to that element. See
Stavroulakis, 952 F.2d at 693 (stating that the
"indictment must be read to include facts which are
necessarily implied by the specific allegations made.")
the court denies Defendant's motion to dismiss based on
the claimed failure to allege that he accessed a
Failure to Allege "Actual" Access
maintains that the Indictment fails to allege that he had
"actual access" to any U.S. servers, and
at most alleges control of an automated botnet that provided
the "capability to intrude into
computers." (MTD at 3.) In connection with this
argument, Defendant points to a statement in the affidavit
submitted in support of his extradition that Defendant's
"malicious software was found" in
Queens-based law firm's server. (Id. at 4
(citing Extradition Aff. ¶ 9).) Defendant claims this
allegation cannot support actual access because, at the time
the malware was "found, " Defendant was in custody.
(See MTD at 4.)
Defendant's contentions, however, the Indictment avers at
several points that Defendant had actual access to computer
servers, including access gained as part of the process of
installing the malware. (See Ind. ¶¶ 6, 7,
12, 13.) These statements track the language of the statute
and, combined with the approximate statements of dates and
locations contained in the Indictment, are sufficient to
withstand a motion to dismiss at this stage.
extent that Defendant's challenge is based on the
Extradition Affidavit, that argument is not properly raised
in a motion to dismiss. In weighing the validity of the
Indictment, the court may not consider outside evidence.
See, e.g.. United States v. Foxworth, No.
3:06-CR-81 (AHN), 2006 WL 3462657, at *3 (D. Conn. Nov. 16,
2006): cf. also United States v. Brown. 321
F.Supp.2d 598, 600 (S.D.N.Y. 2004) ("[I]t is axiomatic
that... a defendant may not challenge a facially valid
indictment prior to trial for insufficient evidence.").
Further, it is not clear that the affidavit in fact supports
Defendant's position, as it alleges that Defendant
"gained entry into multiple servers." (Extradition
Aff. ¶ 5.)
these reasons, the court denies Defendant's motion to
dismiss based on the claimed failure to allege "actual