Preet Bharara, the United States Attorney for the Southern District of New York, announced today that TIMOTHY SEDLAK pled guilty in Manhattan federal court to attempting to access without authorization the computer network of a global charitable organization based in New York, New York (the “Organization”), and as a result of such conduct, recklessly causing damage to computers of the Organization. He pled guilty before U.S. District Judge Ronnie Abrams.

Manhattan U.S. Attorney Preet Bharara said: “Although ultimately unsuccessful, Timothy Sedlak attempted hundreds of thousands of times to hack into a charitable organization, impairing the organization’s work. Today, Sedlak admitted to his crime and now awaits his sentence.”

According to the Superseding Information, other documents filed in Manhattan federal court, and statements made at various proceedings in this case, including today’s guilty plea:

SEDLAK made hundreds of thousands of attempts to gain access without authorization to the computer network systems of the Organization, and in so doing, impaired the availability of the email accounts and web-based applications of more than 10 employees of the Organization.

From in or about June 2015, up to and including in or about July 2015, computers associated with two particular internet protocol addresses (the “IP Addresses”) made nearly 400,000 attempts to gain unauthorized access to the Organization’s computer network. As a result, numerous Organization employees experienced difficulty accessing their Organization email accounts, and were disrupted in their ability to conduct regular business functions. Both of the IP Addresses were subscribed to SEDLAK at SEDLAK’s residence in Florida (the “Sedlak Residence”).

In particular, between June 22, 2015, and July 8, 2015, from one of the IP Addresses, there were approximately 195,000 attempts to log into approximately 20 email accounts of the Organization. Between July 8, 2015, and July 10, 2015, from the other IP Address, there were an additional approximately 195,000 attempts to log into approximately six email accounts of the Organization. SEDLAK has never been employed by the Organization, and was not authorized to access any email accounts of the Organization.

On or about September 11, 2015, United States Secret Service (“USSS”) agents executed a search warrant at the Sedlak Residence, from which they seized, among other things, (i) approximately 30 computers connected to the same internal network, which enabled each computer to communicate with the others (the “Sedlak Computers”); (ii) notes pertaining to the Organization, an executive of the Organization (“Individual-1”), and an individual who has been publicly affiliated with the Organization (“Individual-2”), including email addresses, registrant information for certain website domain names, and certain IP address information associated with the Organization, Individual-1, and/or Individual-2; and (iii) lists of email addresses and email servers, many of which included the word “jihad.” The Sedlak Computers contained, among other things, a list of certain Organization employees’ email account usernames, and a “brute force” password-cracking tool. Such a tool is designed to launch a relentless barrage of potential passwords at an email account in an attempt to guess the account’s password.

On or about September 11, 2015, USSS agents interviewed SEDLAK, who claimed to be using the Sedlak Computers to conduct “research” into charitable organizations in the course of his work as a private investigator. In particular, SEDLAK claimed to be trying to determine if such organizations are unintentionally financing jihadist groups by sending, to charitable organizations in the Middle East, funds that are then seized by jihadist groups. When asked about notes pertaining to Individual-1 and Individual-2 found at the Sedlak Residence, SEDLAK claimed that he came across such information in his “research” into the financing of jihadist groups. SEDLAK claimed that he hoped to sell the information he found.

* * *

SEDLAK, 43, of Ocoee, Florida, faces a maximum of five years in prison and three years of supervised release. The statutory maximum sentence is prescribed by Congress and is provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge. SEDLAK is scheduled to be sentenced by Judge Abrams on June 6, 2017, at 1:00 p.m.

Mr. Bharara praised the investigative work of the United States Secret Service.

The prosecution of this case is being handled by the Office’s Complex Frauds and Cybercrime Unit. Assistant United States Attorneys Kristy J. Greenberg and Jennifer L. Beidel are in charge of the prosecution.