Megaupload shutdown and arrests: The indictment



Text of the indictment issues by the US Department of Justice against the website Megaupload.com and people associated with it.

The website has been shut down and the department reports that 20 search warrants have been exectuted in 9 countires, with $50 Million worth of assets seized.

Four people have been arrested by New Zealand police, including site founder Kim Dotcom.

Scoop report here.

PDF copy: 78786408MegaIndictment.pdf

The text below contains formatting imperfections. Documents were originally uploaded to Scribd at www.scribd.com/doc/78786408/Mega-Indictment

--



GENERAL ALLEGATIONS At all times relevant to this Indictment:

1.

KIM DOTCOM, MEGAUPLOAD LIMITED, VESTOR LIMITED, FINN BATATO, JULIUS BENCKO, SVEN ECHTERNACH, MATHIAS ORTMANN, ANDRUS NOMM, and BRAM VAN DER KOLK, the defendants, and others known and unknown to the Grand Jury, were members of the “Mega Conspiracy,” a worldwide criminal organization whose members engaged in criminal copyright infringement and money laundering on a massive scale with estimated harm to copyright holders well in excess of $500,000,000 and reported income in excess of $175,000,000.

2.

Megaupload.com is a commercial website and service operated by the Mega Conspiracy that reproduces and distributes copies of popular copyrighted content over the Internet without authorization.

Since at least September 2005, Megaupload.com has been used by the defendants and other members and associates of the Mega Conspiracy to willfully reproduce and distribute many millions of infringing copies of copyrighted works, including motion pictures, television programs, musical recordings, electronic books, images, video games, and other computer software.

Over the more than five years of its existence, the Mega Conspiracy has aggressively expanded its operations into a large number of related Internet businesses, which are connected directly to, or at least financially dependent upon, the criminal conduct associated with Megaupload.com.

3.

Megaupload.com was at one point in its history estimated to be the 13th most frequently visited website on the entire Internet.

The site claims to have had more than one billion visitors in its history, more than 180,000,000 registered users to date, an average of

2

50 million daily visits, and to account for approximately four percent of the total traffic on the Internet.

4.

Megaupload.com’s income comes primarily from two sources: premium subscriptions and online advertising.

Premium subscriptions for Megaupload.com have been available for online purchase for as little as a few dollars per day or as much as approximately $260 for a lifetime.

In exchange for payment, the Mega Conspiracy provides the fast reproduction and distribution of infringing copies of copyrighted works from its computer servers located around the world.

Premium users of the site, a small percentage of the overall user base, are able to download and upload files with few, if any, limitations.

Subscription fees collected during the existence of the Mega Conspiracy from premium users are estimated to be more than $150 million.

Online advertising on Megaupload.com and its associated websites, which is heavily dependent on the popularity of copyright infringing content to attract website visits, has further obtained more than $25 million for the Mega Conspiracy.

5.

The financial proceeds of Megaupload.com have been primarily directed to four sources.

First, the Conspiracy has directed the bulk of its revenues to the defendants, corporate entities they control, other co-conspirators, and employees for their private financial gain.

Second, the Mega Conspiracy has spent millions of dollars developing and promoting Megaupload.com and complementary Internet sites and services, such as Megavideo.com, Megaclick.com, Megaporn.com, and a host of others (collectively the “Mega Sites”).

Third, for much of its operation, the Mega Conspiracy has offered an “Uploader Rewards” Program, which promised premium subscribers transfers of cash and other financial incentives to upload popular works, including copyrighted works, to computer servers under the Mega Conspiracy’s direct control and for the Conspiracy’s ultimate financial benefit.

The more popular content that was

3

present on Mega Conspiracy servers would increase the number of visitors and premium users that the Conspiracy could monetize.

In total, the Mega Conspiracy directly paid uploaders millions of dollars through online payments.

Fourth, the Mega Conspiracy spends millions of dollars per month on the infrastructure supporting their businesses, including the leasing of computers, hosting charges, and Internet bandwidth.

In contrast to legitimate Internet distributors of copyrighted content, Megaupload.com does not make any significant payments to the copyright owners of the many thousands of works that are willfully reproduced and distributed on the Mega Sites each and every day.

6.

Any Internet user who goes to the Megaupload.com website can upload a computer file.

Once that user has selected a file on their computer and clicks the “upload” button, Megaupload.com reproduces the file on at least one computer server it controls and provides the uploading user with a unique Uniform Resource Locator (“URL”) link that allows anyone with the link to download the file.

For example, a link distributed on December 3, 2006 by defendant DOTCOM (www.megaupload.com/?d=BY15XE3V) links to a musical recording by U.S.

recording artist “50 Cent.” A single click on the link accesses a Megaupload.com download page that allows any Internet user to download a copy of the file from a computer server that is controlled by the Mega Conspiracy.

7.

Megaupload.com advertises itself as a “cyberlocker,” which is a private data storage provider.

However, as part of the design of the service, the vast majority of Megaupload.com users do not have significant capabilities to store private content long-term.

Unregistered anonymous users (referred to as “Non-Members” by the Conspiracy) are allowed to upload and download content files, but any Non-Member-uploaded content that is not downloaded within 21 days is permanently deleted.

Similarly, registered free users (or

4

“Members”) are allowed to upload and download content files, but each uploaded file must be downloaded every 90 days in order to remain on the system.

Only premium users have a realistic chance of having any private long-term storage, 1 since their files are not regularly deleted due to non-use.

In contrast, when any type of user on Megaupload.com uploads a copy of a popular file that is repeatedly downloaded, including infringing copies of copyrighted works available for download, that file remains on Mega Conspiracy-controlled computers and is available for distribution by anyone who can locate an active link to the file.

8.

Once a user clicks on a link, the user is generally brought to a download page for the file.

The download page contains online advertisements provided by the Conspiracy, which means that every download on Megaupload.com provides a financial gain to the Conspiracy that is directly tied to the download.

The more popular the content, such as copies of well-known copyrighted works, the more users that find their way to a Megaupload.com download page; the access of these additional users, in turn, makes the Mega Conspiracy more money.

Because only a small percentage of Megaupload.com users pay for their use of the systems, Mega Conspiracy’s business strategy for advertising requires maximizing the number of online downloads (i.e., distributions of content), which is also inconsistent with the concept of private storage.

9.

In addition to displaying online advertisements, the download pages on Megaupload.com are designed to increase premium subscriptions.

All non-premium users are encouraged to buy a premium subscription to decrease wait and download times, which can be at Even then, all users are warned in Megaupload.com’s “Frequently Asked Questions” and Terms of Service that they should not keep the sole copy of any file on Megaupload.com and that users bear all risk of data loss.

The Mega Conspiracy’s duty to retain any data for even a premium user explicitly ends when either the premium subscription runs out or Megaupload.com decides, at its sole discretion and without any required notice, to stop operating.

5

1

least an hour for popular content (and, for some periods of time, these users have been ineligible to download files over a certain size).

As a result, non-premium users are repeatedly asked by the Conspiracy to pay for more and faster access to content on Megaupload.com.

Users are also prompted to view videos uploaded to Megaupload.com directly on a proprietary player designed by the Conspiracy and offered through the Megavideo.com website and service.

Users have also been asked if they want to generate a new link to the downloading file and import it to their own Megaupload.com accounts, which facilitates distribution that is again inconsistent with private storage.

10.

The content available from Megaupload.com is not searchable on the website, which allows the Mega Conspiracy to conceal the scope of its infringement.

Instead of hosting a search function on its own site, the Mega Conspiracy business model purposefully relies on thousands of third party “linking” sites, which contain user-generated postings of links created by Megaupload.com (as well as those created by other Mega Sites, including Megavideo.com and Megaporn.com).

While the Conspiracy may not operate these third party sites, the Mega Conspiracy did provide financial incentives for premium users to post links on linking sites through the “Uploader Rewards” program, which ensured widespread distribution of Megaupload.com links throughout the Internet and an inventory of popular content on the Mega Conspiracy’s computer servers.

These linking sites, which are usually well organized and easy to use, promote and direct users to Mega Conspiracy download pages that allow the reproduction and distribution of infringing copies of copyrighted works.

11.

Popular linking sites that contained Mega Conspiracy-generated links include: ninjavideo.net, megaupload.net, megarelease.net, kino.to, alluc.org, peliculasyonkis.com, seriesyonkis.com, surfthechannel.com, taringa.net, thepiratecity.org, and mulinks.com.

While

6

several of these websites exclusively offer Megaupload.com links, all maintained an index of URL links to identified copies of copyrighted content that were stored on servers directly controlled by the Mega Conspiracy.

12.

The Mega Conspiracy closely monitors the traffic from linking sites to the Mega Sites and services.

The Conspiracy is aware that linking sites generate a very high percentage of the millions of visits to its websites and services each week and provide the Conspiracy direct financial benefits through advertising revenue and opportunities for new premium subscriptions.

13.

Members of the Mega Conspiracy have knowingly interacted with users of linking sites and visited the sites (and associated online forums) themselves.

Specifically, some of the defendants have instructed individual users how to locate links to infringing content on the Mega Sites (including recommending specific linking websites).

Several of the defendants have also shared with each other comments from Mega Site users demonstrating that they have used or are attempting to use the Mega Sites to get infringing copies of copyrighted content.

14.

In contrast to the public who is required to significantly rely on third party indexes, members of the Conspiracy have full access to the listings of actual files that are stored on their servers (as well as the Megaupload.com- and Megavideo.com- and Megaporn.comgenerated links to those files).

Conspirators have searched the internal database for their associates and themselves so that they may directly access copyright-infringing content on servers leased by the Mega Conspiracy.

15.

Though the public-facing Megaupload.com website itself does not allow searches, it does list its “Top 100 files”, which includes motion picture trailers and software trials that are freely available on the Internet.

The Top 100 list, however, does not actually portray the most

7

popular downloads on Megaupload.com, which makes the website appear more legitimate and hides the popular copyright-infringing content that drives its revenue.

16.

If a user uploads a video file to Megaupload.com, the user can utilize the provided URL link to redirect others to another Mega Conspiracy-controlled website, Megavideo.com, where they can view the file using a “Flash” video player.

Alternatively, a user who hosts a personal or commercial website can embed the Megavideo.com player into their own website to display the video file (and provide advertising content from the Mega Conspiracy).

Megavideo.com has been estimated to be as popular as the 52nd most frequently visited website on the entire Internet.

17.

A non-premium user is limited to watching 72 minutes of any given video on Megavideo.com at a time, which, since nearly all commercial motion pictures exceed that length, provides a significant incentive for users who are seeking infringing copies of motion pictures to pay the Mega Conspiracy a fee for premium access.

Some premium users are, therefore, paying the Mega Conspiracy directly for access to infringing copies of copyrighted works.

18.

Before any video can be viewed on Megavideo.com, the user must view an advertisement.

Originally, the Mega Conspiracy had contracted with companies such as adBrite, Inc., Google AdSense, and PartyGaming plc for advertising.

Currently, the Conspiracy’s own advertising website, Megaclick.com, is used to set up advertising campaigns on all the Mega Sites.

The high traffic volume on the Conspiracy websites allows the Conspiracy to charge advertisers up-front and at a higher rate than would be achieved by the percentage-per-click methodology used by other popular Internet advertising companies.

The popularity of the infringing content on the Mega Sites has generated more than $25 million in online advertising revenues for the Conspiracy.

8

19.

Like Megaupload.com, Megavideo.com conceals many of the infringing copies of popular copyrighted videos that are available on and distributed by the site and the associated service.

Megavideo.com does purport to provide both browse and search functions, but any user’s search on Megavideo.com for a full length copyrighted video (which can be downloaded from a Mega Conspiracy-controlled server somewhere in the world) will not produce any results.

Similarly, browsing the front page of Megavideo.com does not show any obviously infringing copies of any copyrighted works; instead, the page contains videos of news stories, usergenerated videos, and general Internet videos in a manner substantially similar to Youtube.com.

2 Browsing the most-viewed videos in the Entertainment category on Megavideo.com, however, has at times revealed a number of infringing copies of copyrighted works that are available from Mega Conspiracy-controlled servers and are amongst the most viewed materials being offered.

20.

Members of the Conspiracy have publicly stated that they operate the Mega Sites in compliance with the notice and takedown provisions of the Digital Millennium Copyright Act (“DMCA”), codified at Title 17, United States Code, Section 512, despite the fact that they are violating its provisions.

Internet providers gain a safe harbor under the DMCA from civil copyright infringement suits in the United States if they meet certain criteria.

The members of Mega Conspiracy do not meet these criteria 3 because they are willfully infringing copyrights themselves on these systems; have actual knowledge that the materials on their systems are Members of the Mega Conspiracy purposefully copied content directly from Youtube.com in order to populate Megavideo.com’s content servers.

Furthermore, the safe harbor requires that an eligible provider have an agent designated with the U.S.

Copyright Office to receive infringement notices; despite having millions of users in the United States since at least the beginning of the Conspiracy, the Conspiracy did not designate such an agent until October 15, 2009, years after Megaupload.com and many of its associated sites had been operating and the DMCA had gone into effect.

9

3 2

infringing (or alternatively know facts or circumstances that would make infringing material apparent); receive a financial benefit directly attributable to copyright-infringing activity where the provider can control that activity; and have not removed, or disabled access to, known copyright infringing material from servers they control.

21.

Members of the Mega Conspiracy negotiated the use of an “Abuse Tool” with some major U.S.

copyright holders to purportedly remove copyright-infringing material from Mega Conspiracy-controlled servers.

The Abuse Tool allowed copyright holders to enter specific URL links to copyright infringing content of which they were aware, and they were told by the Conspiracy that the Mega Conspiracy’s systems would then remove, or disable access to, the material from computer servers the Conspiracy controls.

The Mega Conspiracy’s Abuse Tool did not actually function as a DMCA compliance tool as the copyright owners were led to believe.

22.

When a file is being uploaded to Megaupload.com, the Conspiracy’s automated system calculates a unique identifier for the file (called a “MD5 hash”) that is generated using a mathematical algorithm.

If, after the MD5 hash calculation, the system determines that the uploading file already exists on a server controlled by the Mega Conspiracy, Megaupload.com does not reproduce a second copy of the file on that server.

Instead, the system provides a new and unique URL link to the new user that is pointed to the original file already present on the server.

If there is more than one URL link to a file, then any attempt by the copyright holder to terminate access to the file using the Abuse Tool or other DMCA takedown request will fail because the additional access links will continue to be available.

23.

The infringing copy of the copyrighted work, therefore, remains on the Conspiracy’s systems (and accessible to at least one member of the public) as long as a single

10

link remains unknown to the copyright holder.

The Conspiracy’s internal reference database tracks the links that have been generated by the system, but duplicative links to infringing materials are neither disclosed to copyright holders, nor are they automatically deleted when a copyright holder either uses the Abuse Tool or makes a standard DMCA copyright infringement takedown request.

During the course of the Conspiracy, the Mega Conspiracy has received many millions of requests (through the Abuse Tool and otherwise) to remove infringing copies of copyrighted works and yet the Conspiracy has, at best, only deleted the particular URL of which the copyright holder complained, and purposefully left the actual infringing copy of the copyrighted work on the Mega Conspiracy-controlled server and any other access links completely intact.

24.

In addition to copyrighted files, other types of illicit content have been uploaded onto the Megaupload.com servers, including child pornography and terrorism propaganda videos.

Members of the Conspiracy have indicated to each other that they can automatically identify and delete such materials on all of their servers by calculating MD5 hash values of known child pornography or other illicit content, searching the system for these values, and eliminating them; in fact, such files with matching hash values have been deleted from the Mega Conspiracy’s servers.

Members of the Mega Conspiracy have failed to implement a similar program to actually delete or terminate access to copyright infringing content.

25.

On or about June 24, 2010, members of the Mega Conspiracy were informed, pursuant to a criminal search warrant from the U.S.

District Court for the Eastern District of Virginia, that thirty-nine infringing copies of copyrighted motion pictures were present on their leased servers at Carpathia Hosting, a hosting company headquartered in the Eastern District of Virginia.

A member of the Mega Conspiracy informed several of his co-conspirators at that time

11

that he located the named files using internal searches of their systems.

As of November 18, 2011, more than a year later, thirty-six of the thirty-nine infringing motion pictures were still being stored on the servers controlled by the Mega Conspiracy.

26.

At all times relevant to this Indictment, the defendants and other members of the Mega Conspiracy knew that they did not have license, permission, authorization, or other authority from owners of hundreds of thousands of copyrighted works to reproduce and distribute those works, including making them available over the Internet.

Members of the Mega Conspiracy are aware of the way that their sites are actually used by others; have themselves used the systems to upload, as well as reproduce and distribute, infringing copies of copyrighted content; and are aware that they have financially benefitted directly from the infringement of copyrighted works that they are in a position to control.

27.

In addition to Megaupload.com, Megavideo.com, and Megaclick.com, the other websites created and domains owned by the Mega Conspiracy include: Megaworld.com; Megalive.com; Megapix.com; Megacar.com; Megafund.com; Megakey.com; Megaking.com; Megahelp.com; Megagogo.com; Megamovie.com; Megaporn.com; Megabackup.com; Megapay.com; Megabox.com; and Megabest.com.

Several of these additional sites have also hosted infringing copies of copyrighted works.

The websites and services, as well as the domains themselves, have been facilitated and promoted by illicit proceeds from the operations of Megaupload.com, Megavideo.com, and Megaclick.com.

28.

In addition to MEGAUPLOAD LIMITED, VESTOR LIMITED, Megamedia Limited, Megavideo Limited, Megarotic Limited, Megapix Limited, Kingdom International Ventures Limited, Netplus International Limited LLC, Basemax International Limited, and Mindpoint International Limited LLC, the following companies and entities have facilitated and

12

promoted the Mega Conspiracy’s operations: Kimvestor Limited; Trendax Limited; Monkey Limited; Kimpire Limited; A Limited; N1 Limited; RNK Media Company; Megapay Limited; Megamusic Limited; Finn Batato Kommunikation; Mega Services Europe Ltd.; Megateam Limited; Megastuff Limited; Megacard Inc.; Megasite Inc.; Seventures Limited; SECtravel; and Bramos B.V.

In addition, the creation and operation of these companies and entities has been facilitated and promoted by illicit proceeds from the operations of the Mega Conspiracy.

THE DEFENDANTS 29.

KIM DOTCOM, who has also been known as KIM SCHMITZ and KIM TIM JIM VESTOR, is a resident of both Hong Kong and New Zealand, and a dual citizen of Finland and Germany.

DOTCOM is the founder of MEGAUPLOAD LIMITED (“MUL”) and Megamedia Limited (“MMG”).

Until on or about August 14, 2011, DOTCOM was the Chief Executive Officer for MUL, and he is currently MUL’s Chief Innovation Officer.

As the head of the Mega Conspiracy, DOTCOM employs more than 30 people residing in approximately nine countries.

From the onset of the Mega Conspiracy through to the present, DOTCOM has supervised the development of the websites and companies utilized in the Mega Conspiracy.

DOTCOM directed the creation of the network infrastructure behind the Mega Conspiracy websites, negotiated contracts with Internet Service Providers and advertisers, administered the domain names used by the Mega Conspiracy, and exercises ultimate control over all decisions in the Mega Conspiracy.

DOTCOM has arranged millions of dollars in payments for the computer servers utilized by the MUL and MMG properties around the world, and has also distributed proceeds of the Conspiracy to his co-conspirators.

DOTCOM is the director and sole shareholder of both VESTOR LIMITED and Kingdom International Ventures Limited, which have been used to hold his ownership interests in MUL- and MMG- related properties; for

13

example, DOTCOM owns approximately 68% of Megaupload.com, Megaclick.com, and Megapix.com, and 100% of the registered companies behind Megavideo.com, Megaporn.com, and Megapay.com, through VESTOR LIMITED.

DOTCOM has personally distributed a link to a copy of a copyrighted work on, and has received at least one infringing copy of a copyrighted work from, the Mega Sites.

Additionally, on numerous instances, DOTCOM received DMCA copyright infringement takedown notices from third-party companies.

In calendar year 2010 alone, DOTCOM received more than $42 million from the Mega Conspiracy.

30.

MEGAUPLOAD LIMITED is the registered owner of Megaupload.com, the primary website operated by the Mega Conspiracy, and Megaclick.com, a site that offers advertising associated with Mega Conspiracy properties.

MUL is a registered company in Hong Kong with a registry number of 0835149.

MUL has a number of bank accounts in Hong Kong that have been used to facilitate the operations of the Mega Conspiracy.

DOTCOM, in addition to holding the title of Chief Executive Officer of MUL until as recently as August 2011, owns, through VESTOR LIMITED, approximately 68% of the shares of MUL; MATHIAS ORTMANN, through Netplus International Limited LLC, owns an additional 25%; JULIUS BENCKO, through Basemax International Limited, owns 2.5%; BRAM VAN DER KOLK utilizes Mindpoint International Limited LLC to hold 2.5% of the shares of MUL; SVEN ECHTERNACH owns approximately 1%; and the remaining 1% is owned by an investor in Hong Kong.

31.

VESTOR LIMITED is a registered company in Hong Kong with a registry number of 0994358.

VESTOR LIMITED has a DBS Bank account in Hong Kong that has been used to facilitate the operations of the Mega Conspiracy.

DOTCOM (under the alias KIM TIM JIM VESTOR) is the sole director and shareholder of VESTOR LIMITED, and thus is

14

effectively the sole director and 68% owner of MUL, Megaupload.com, Megaclick.com, and Megapix.com.

DOTCOM is the sole director of, and VESTOR LIMITED is the sole shareholder of, MMG, which is the parent company and sole shareholder of the following companies: Megavideo Limited (which is the registered owner of Megavideo.com), Megarotic Limited (which is the registered owner of Megaporn.com), and Megapay Limited.

VESTOR LIMITED is also the sole owner of Megaworld.com.

32.

FINN BATATO is both a citizen and resident of Germany.

BATATO is the Chief Marketing and Sales Officer for Megaupload.com and other Mega Conspiracy properties.

Specifically, BATATO is in charge of selling advertising space, primarily through Megaclick.com.

BATATO supervises a team of approximately ten sales people around the world.

The purpose of the sales team is to increase the advertising revenue in localized markets by targeting certain advertisements in certain countries.

BATATO handles advertising customers on the Megaclick.com website and approves advertising campaigns for Megaupload.com, Megavideo.com, and Megaporn.com.

BATATO has personally distributed a link to at least one infringing copy of a copyrighted work to a Mega Site.

Additionally, on numerous instances, BATATO received DMCA copyright infringement takedown notices from third-party companies.

In calendar year 2010, BATATO received more than $400,000 from the Mega Conspiracy.

33.

JULIUS BENCKO is both a citizen and resident of Slovakia.

BENCKO is the Graphic Director for MUL and MMG.

BENCKO, as the director and sole shareholder of Basemax International Limited, is effectively a 2.5% shareholder of MUL.

From the onset of the Conspiracy through to the present, BENCKO has been the lead graphic designer of the Megaupload.com and other Mega Conspiracy websites.

He has designed the Megaupload.com

15

logos, the layouts of advertisement space, and the integration of the Flash video player.

BENCKO has requested and received at least one infringing copy of a copyrighted work as part of the Mega Conspiracy.

In calendar year 2010, BENCKO received more than $1 million from the Mega Conspiracy.

34.

SVEN ECHTERNACH is both a citizen and resident of Germany.

ECHTERNACH is the Head of Business Development for MMG and MUL.

ECHTERNACH is a 1% shareholder in MUL.

ECHTERNACH leads the Mega Team company, registered in the Philippines, which is tasked with removing illegal or abusive content from the Mega Conspiracy websites, reviewing advertising campaigns for inappropriate content, and responding to customer support e-mails.

Additionally, ECHTERNACH handles the Mega Conspiracy’s relationships with electronic payment processors, accounting firms, and law firms.

His activities include traveling and approaching companies for new business ventures and services.

Additionally, on numerous instances, ECHTERNACH received DMCA copyright infringement takedown notices from third-party companies.

In calendar year 2010, ECHTERNACH received more than $500,000 from the Mega Conspiracy.

35.

MATHIAS ORTMANN is a citizen of Germany and a resident of both Germany and Hong Kong.

ORTMANN is the Chief Technical Officer, co-founder, and a director of MUL.

ORTMANN, as the director and sole shareholder of Netplus International Limited LLC, effectively owns 25% of the shares of MUL.

From the onset of the Conspiracy through to the present, ORTMANN has overseen software programmers that developed the Mega Conspiracy’s websites, and has handled technical issues with the ISPs.

His particular areas of responsibility include setting up new servers, sending and responding to equipment service requests, and problem solving connectivity problems with the Mega Conspiracy websites.

Additionally, on

16

numerous occasions, ORTMANN received DMCA copyright infringement takedown notices from other conspirators and third-party companies.

ORTMANN also had authority to distribute funds from one of the Conspiracy’s main financial accounts.

ORTMANN has received a link to a copy of a copyrighted work associated with the Mega Conspiracy.

In calendar year 2010 alone, ORTMANN received more than $9 million from the Mega Conspiracy.

36.

ANDRUS NOMM is a citizen of Estonia and a resident of both Turkey and Estonia.

NOMM is a software programmer and Head of the Development Software Division for MUL.

NOMM is responsible for the technical aspects of Megaclick.com.

NOMM develops new projects, tests code, and provides routine maintenance for the site.

Additionally, NOMM provides web coding assistance to various projects on other Mega Conspiracy websites.

Such projects have included testing high definition video on Megavideo.com, installing the thumbnail screen captures for uploaded videos, and transferring still images across the various Mega Conspiracy website platforms.

NOMM has accessed at least one infringing copy of a copyrighted work from a computer associated with the Mega Conspiracy.

In calendar year 2010, NOMM received more than $100,000 from the Mega Conspiracy.

37.

BRAM VAN DER KOLK, who has also been known as BRAMOS, is a resident of both the Netherlands and New Zealand.

VAN DER KOLK is a Dutch citizen.

VAN DER KOLK is the “Programmer-in-Charge” for MUL and MMG.

VAN DER KOLK, as the director and sole shareholder of Mindpoint International Limited LLC, effectively owns 2.5% of the shares of MUL.

From the onset of the Conspiracy through to the present, VAN DER KOLK has overseen programming on the Mega Conspiracy websites, as well as the underlying network infrastructure.

VAN DER KOLK is also responsible for responding to DMCA copyright infringement takedown notices sent to Mega Conspiracy sites.

Lastly, VAN DER KOLK

17

oversaw the selection of featured videos that were posted onto Megavideo.com, and he was previously in charge of the rewards program.

VAN DER KOLK has personally uploaded multiple infringing copies of copyrighted works to Internet sites associated with the Mega Conspiracy and has searched servers controlled by the Mega Conspiracy for infringing copies of copyrighted works at the request of other co-conspirators, including several of the defendants.

In calendar year 2010, VAN DER KOLK received more than $2 million from the Mega Conspiracy.

THIRD-PARTIES 38.

Carpathia Hosting (Carpathia.com) is an Internet hosting provider that is headquartered in Dulles, Virginia, which is in the Eastern District of Virginia.

Carpathia Hosting has access to datacenters in Ashburn, Virginia; Harrisonburg, Virginia; Phoenix, Arizona; Los Angeles, California; and Toronto, Canada.

The Mega Conspiracy leases approximately 25 petabytes 4 of data storage from Carpathia to store content associated with the Mega Sites.

More than 1,000 computer servers in North America are owned and operated by Carpathia Hosting for the benefit of the Mega Conspiracy; more than 525 of these computer servers are currently located in Ashburn, Virginia, which is in the Eastern District of Virginia.

Carpathia Hosting continues to provide the Mega Conspiracy with leased computers, Internet hosting, and support services as of the date of this Indictment.

39.

Cogent Communications (Cogentco.com) is a multinational Internet hosting and bandwidth provider that is headquartered in Washington, D.C., but also has offices and facilities in the Eastern District of Virginia.

As one of the top five global Internet service providers, Cogent Communications owns and operates 43 datacenters around the world.

The Mega 4 A petabyte is more than 1,000 terabytes, or one million gigabytes.

18

Conspiracy leases approximately thirty-six computer servers in Washington, D.C.

and France from Cogent Communications that are used for the Mega Sites.

Cogent Communications continues to provide the Mega Conspiracy with leased computers, Internet bandwidth, hosting, and support services as of the date of this Indictment.

40.

Leaseweb (Leaseweb.com) is a multinational Internet hosting provider that is headquartered in the Netherlands.

Leaseweb has eight datacenters in the Netherlands, Belgium, Germany, and the United States, including in the Eastern District of Virginia.

More than 630 computer servers in the Netherlands are owned and hosted by Leaseweb for the benefit of the Mega Conspiracy, and an additional sixty servers hosted at Leaseweb were purchased by the Mega Conspiracy in October 2011.

Leaseweb continues to provide the Mega Conspiracy with leased computers, Internet hosting, and support services as of the date of this Indictment.

41.

PayPal, Inc.

(PayPal.com) is a U.S.-based global e-commerce business allowing payments and money transfers over the Internet; in fact, PayPal Inc.

indicates that it is involved in approximately 15% of global e-commerce.

The Mega Conspiracy’s PayPal, Inc.

account has been utilized to receive payments from the Eastern District of Virginia and elsewhere for premium Megaupload.com subscriptions, which have included fees of $9.99 for monthly subscriptions, $59.99 for yearly subscriptions, and $199.99 for lifetime subscriptions.

The same PayPal, Inc.

account has been used by the Conspiracy to pay Carpathia Hosting in the United States and Leaseweb in the Netherlands as well as other operating expenses (including, but not limited to, direct financial rewards to uploaders of popular content in the Eastern District of Virginia and elsewhere).

From on or about November 25, 2006, through on or about July 2011, the PayPal, Inc.

account for the Mega Conspiracy has received in excess of $110,000,000 from subscribers and other persons associated with Mega Conspiracy.

19

42.

Moneybookers Limited (Moneybookers.com) is an United Kingdom-based global e-commerce business allowing payments and money transfers over the Internet.

The Mega Conspiracy has charged various rates through Moneybookers Limited for premium subscriptions on its websites, including €9.99 for monthly subscriptions, €59.99 for yearly subscriptions, or €199.99 for lifetime subscriptions.

Between August 1, 2010 and July 31, 2011, the Moneybookers Limited accounts for the Mega Conspiracy have collected in excess of $5 million from subscribers of Mega Sites and transferred that money to an account in Hong Kong associated with the Mega Conspiracy.

43.

AdBrite, Inc.

(AdBrite.com) is an online advertising network based in San Francisco, California.

AdBrite, Inc.

provides advertisements for over 100,000 Internet sites and is believed to be amongst the top ten advertising networks on the Internet.

From on or about September 2, 2005 until on or about May 24, 2008, AdBrite paid at least $840,000 to the Mega Conspiracy for advertising.

44.

PartyGaming plc is a company based in the United Kingdom that has operated PartyPoker.com since 2001.

PartyPoker.com has more than 3 million visitors annually and is one of the largest online poker rooms.

PartyGaming’s advertising contract with the members of the Mega Conspiracy was initiated on or about November 12, 2009 and has resulted in payments of more than $3,000,000 to the Conspiracy.

This contract was still active as recently as on or about March 18, 2011.

20

COUNT ONE (18 U.S.C.

§ 1962(d) – Conspiracy to Commit Racketeering) THE GRAND JURY CHARGES THAT: 45.

their entirety.

A.

46.

THE ENTERPRISE Beginning in at least September 2005 and continuing until at least the date of this Paragraphs 1 through 44 are re-alleged and incorporated as if set forth here in Indictment, in the Eastern District of Virginia and elsewhere, the defendants, KIM DOTCOM, MEGAUPLOAD LIMITED, VESTOR LIMITED, FINN BATATO, JULIUS BENCKO, SVEN ECHTERNACH, MATHIAS ORTMANN, ANDRUS NOMM, and BRAM VAN DER KOLK and others known and unknown to the Grand Jury, constituted an “enterprise,” as defined by Title 18, United States Code, Section 1961(4) (hereinafter the “Enterprise”), that is, a group of individuals and entities associated in fact.

The Enterprise further included all associated corporations, affiliates, subsidiaries, and entities, including, but not limited to, those indicated in paragraph 28.

The Enterprise constituted an ongoing organization whose members functioned as

21

a continuing unit for the common purpose of achieving the objectives of the Enterprise.

This Enterprise was engaged in, and its activities affected, interstate and foreign commerce.

B.

47.

THE RACKETEERING VIOLATION Beginning in at least September 2005 and continuing until at least the date of this Indictment, in the Eastern District of Virginia and elsewhere, the defendants, KIM DOTCOM, MEGAUPLOAD LIMITED, VESTOR LIMITED, FINN BATATO, JULIUS BENCKO, SVEN ECHTERNACH, MATHIAS ORTMANN, ANDRUS NOMM, and BRAM VAN DER KOLK being persons employed by and associated with the Enterprise, which Enterprise engaged in, and the activities of which affected interstate and foreign commerce, did knowingly, willfully, and intentionally combine, conspire, confederate, and agree together and with each other, and with other persons known and unknown to the Grand Jury, to violate 18 U.S.C.

§ 1962(c) (hereinafter the “Racketeering Violation”), that is, to conduct and participate, directly and indirectly, in the conduct of the affairs of that Enterprise through a pattern of racketeering activity, as that term is defined in Title 18, United States Code, Section 1961(1) and (5), involving multiple acts indictable under: a.

18 U.S.C.

§§ 2319(b)(1) & 2319(d)(2); 17 U.S.C.

§§ 506(a)(1)(A) & 506(a)(1)(C) (criminal copyright infringement); 22

b.

18 U.S.C.

§§ 1956(a)(1)(A)(i), 1956(a)(2)(A), 1956(h), 1956(f), and 1957 (money laundering).

C.

48.

PURPOSES OF THE ENTERPRISE The purposes of the Enterprise included the following: a.

Enriching the members and associates of the Enterprise through, among other things, copyright infringement and money laundering.

b.

Promoting, enlarging, and enhancing the Enterprise and its members’ and associates’ activities.

D.

49.

MEANS AND METHODS OF THE ENTERPRISE Among the means and methods by which the defendants and their associates conducted and participated in the conduct of the affairs of the Enterprise were the following: a.

Members of the Enterprise and their associates criminally infringed copyrights, aided and abetted copyright infringement, and conspired to infringe copyrights, which affected interstate and foreign commerce.

b.

Members of the Enterprise and their associates committed money laundering, attempted to commit money laundering, and conspired to commit money laundering to facilitate and expand the Enterprise’s criminal operations.

(All in violation of Title 18, United States Code, Section 1962(d))

23

COUNT TWO (18 U.S.C.

§ 371 – Conspiracy to Commit Copyright Infringement) THE GRAND JURY CHARGES THAT: 50.

their entirety.

51.

Beginning in at least September 2005 and continuing until at least the date of this Paragraphs 1 through 49 are re-alleged and incorporated as if set forth here in Indictment, in the Eastern District of Virginia and elsewhere, the defendants, KIM DOTCOM, MEGAUPLOAD LIMITED, VESTOR LIMITED, FINN BATATO, JULIUS BENCKO, SVEN ECHTERNACH, MATHIAS ORTMANN, ANDRUS NOMM, and BRAM VAN DER KOLK each knowingly and intentionally combined, conspired, and agreed together and with each other, and with other persons known and unknown to the Grand Jury, to: (1) willfully infringe, for purposes of private financial gain, ten or more copies of one or more copyrighted works with a total retail value of more than $2,500 within a 180-day period, in violation of Title 17, United States Code, Section 506(a)(1)(A) and Title 18, United States Code, Section 2319(b)(1); and (2) willfully infringe, for purposes of private financial gain, a copyright by the distribution of a work being prepared for commercial distribution, by making it available on a computer network

24

accessible to members of the public, when the defendants knew and should have known that the work was intended for commercial distribution, in violation of Title 17, United States Code, Section 506(a)(1)(C) and Title 18, United States Code, Section 2319(d)(2).

Ways, Manner, and Means of the Conspiracy In furtherance of the Conspiracy, defendants and others known and unknown to the Grand Jury employed, among others, the following manner and means: 52.

It was part of the Conspiracy that the defendants and their co-conspirators operated a number of Internet sites and associated services, including Megaupload.com, Megavideo.com, and Megaclick.com.

53.

It was further part of the Conspiracy that members of the Mega Conspiracy, including many of the named defendants, willfully reproduced and distributed infringing copies of copyrighted works using computer servers controlled by the Conspiracy.

54.

It was further part of the Conspiracy, from at least September 2005 until July 2011, that the Conspiracy provided financial incentives for users to upload infringing copies of popular copyrighted works.

The Conspiracy made payments to uploaders who were known to have uploaded infringing copies of copyrighted works.

55.

It was further part of the Conspiracy that members of the Conspiracy generally did not terminate the user accounts of known copyright infringing users, when it had the right and ability under its Terms of Service to do so.

56.

It was further part of the Conspiracy that the Conspiracy made no significant effort to identify users who were using the Mega Sites or services to infringe copyrights, to prevent the uploading of infringing copies of copyrighted materials, or to identify infringing copies of copyrighted works located on computer servers controlled by the Conspiracy.

25

57.

It was further part of the Conspiracy that the Conspiracy made it more difficult for copyright holders to identify repeat infringers by removing the identity of the infringing file’s uploader from public parts of the Mega Sites in or about November 2010.

58.

It was further part of the Conspiracy that members of the Conspiracy generally did not delete infringing copies of copyrighted works from computer servers that they controlled, even when they were aware of the infringing material or the removal was specifically requested by the copyright holder.

59.

It was further part of the Conspiracy that members of the Conspiracy selectively complied with their obligations to remove any copyrighted materials (or links thereto) from the computer servers they controlled, and sometimes deliberately did not remove copyrighted works (or links thereto) when it would result in a loss of revenue.

60.

It was further part of the Conspiracy that members of the Conspiracy deliberately misrepresented to copyright holders that they had removed copyright infringing content from their servers, while, in fact, they only removed certain links to the content file, which could still be illegally downloaded through numerous redundant links.

Redundant links were sometimes created by members of the Conspiracy.

61.

It was further part of the Conspiracy that members of the Conspiracy had the ability to search files that were on the computer systems they controlled, and purposefully did not provide full and accurate search results to the public, or, in the case of Megaupload.com, chose not to provide any search functionality at all in order to conceal the fact that the primary purpose of the website and service was to reproduce and distribute infringing copies of copyrighted works for private financial gain.

26

62.

It was further part of the Conspiracy that the members of the Conspiracy misrepresented to the Conspiracy’s users and the public the nature of the files that were contained on the computer servers it controlled and of the amount of their network bandwidth associated with infringement.

63.

It was further part of the Conspiracy that members of the Conspiracy reproduced copyrighted works directly from third-party websites, including from YouTube.com, to make them available for reproduction and distribution on Megavideo.com.

64.

It was further part of the Conspiracy that members of the Conspiracy monitored the public actions of law enforcement regarding large-scale copyright infringement and took active steps to conceal the copyright-infringing activities taking place on the Mega Sites.

65.

It was further part of the Conspiracy that the content available on Megaupload.com and Megavideo.com was provided by known and unknown members of the Mega Conspiracy, including several of the defendants, who uploaded infringing copies of copyrighted works onto computer servers leased by the Mega Conspiracy in North America to further the reproduction and distribution of copyrighted works; in particular, copyright infringing content was hosted by the Conspiracy on various servers in Toronto, Canada; Los Angeles, California; and Ashburn, Virginia (the last of which is in the Eastern District of Virginia).

66.

It was further part of the Conspiracy that content was also reproduced on and distributed from computer servers leased or owned by the Mega Conspiracy in France and the Netherlands.

67.

It was further part of the Conspiracy that the Conspiracy derived a direct financial benefit from infringement through the advertising that was placed on the Mega Sites and from “premium” subscription charges.

Between September 2005 and the date of this

27

Indictment, the defendants collectively have received more than $175 million from advertising and subscriptions.

68.

It was further part of the Conspiracy that infringing copies of many thousands of copyrighted works on Megaupload.com and Megavideo.com were made available to tens of millions of visitors each day.

Overt Acts 69.

It was further part of the Conspiracy that the following acts in furtherance of and to effect the objects of the above-described Conspiracy were committed in the Eastern District of Virginia and elsewhere: a.

From at least November 24, 2006 until at least the date of this Indictment, infringing copies of copyrighted materials were stored on computer servers located at Carpathia Hosting in Ashburn, Virginia, which is in the Eastern District of Virginia.

b.

For the 180 days up to and including the date of this Indictment, members of the Conspiracy infringed by electronic means, including by means of the Internet, more than ten copies of one or more copyrighted works which had a total retail value of more than $2,500 for purposes of private financial gain.

In part, copies of copyright-infringing works were downloaded by agents of the Federal Bureau of Investigation (“FBI”) and other participating federal agencies from the National Intellectual Property Rights Coordination Center in Arlington, Virginia, from computer servers controlled by the Mega Conspiracy, since approximately March 2010, when federal law enforcement began their investigation.

c.

During the course of the Conspiracy, the Mega Conspiracy has paid more than $65 million to hosting providers around the world for computer leasing, hosting, bandwidth, and support services.

The amounts of some of these payments are detailed in Count Three, and

28

incorporated herein by reference.

These payments involved the use of proceeds of criminal copyright infringement to promote the objects of the conspiracy.

d.

From at least September 2005 until July 2011, the Mega Conspiracy offered and provided financial incentives to its premium subscribers to upload copies of popular works to Megaupload.com and then distribute links that provided a download of that file, with a single click, to anyone on the Internet.

Though the “Uploader Rewards” program warned that the uploading of copyrighted files would result in disqualification, the Mega Conspiracy rarely, if ever, terminated the accounts of individuals who posted copyrighted content.

In fact, the Mega Conspiracy affirmatively chose to financially reward specific uploaders of infringing copies of copyrighted content, including repeat offenders.

e.

An early version of the “Uploader Rewards” program for Megaupload.com from approximately September 2005 announced: “Today we are also introducing our ground breaking Uploader Rewards.

Our new reward program pays money and cash prizes to our uploaders.

This makes Megaupload the first and only site on the Internet paying you for hosting your files.

The more popular your files the more you make.” Directly addressing “file traders,” the announcement continued: “You deliver popular content and successful files[.] We provide a power hosting and downloading service.

Let’s team up!” In addition, the announcement stated: “You must have at least 50000 downloads within 3 months to qualify” and “You must allow us to list your files & descriptions on our Top 100 pages.” The rewards included “$1 USD Cash per 1000 downloads of your uploaded files”, plus an additional bonus between $50 to $5,000 for Top 100 “Megauploaders with the most downloads” during a three-month period, to be paid through PayPal according to the following ranking: Rank 1: $5,000 USD Bonus Ranks 2-5: $1,000 USD Bonus 29

Ranks 6-10: $500 USD Bonus Ranks 11-50: $100 USD Bonus Ranks 51-100: $50 USD Bonus f.

A later version of the “Uploader Rewards” program, available at least as early as November 2006, offered the following: “For every download of your files, you earn 1 reward point.

* You can redeem your reward points for premium services and cash[.]” The program required “a premium membership to qualify for a payment.” Rewards were paid through PayPal according to the following reward point totals: 5,000 reward points: One day premium 50,000 reward points: One month premium 100,000 reward points: One year premium 500,000 reward points: Lifetime platinum + $300 USD 1,000,000 reward points: $1,000 USD 5,000,000 reward points: $10,000 USD g.

At the time of its termination, as recently as July 2011, the “Uploader Rewards” program offered rewards according to the following reward point totals: 10,000 reward points: One month premium membership 50,000 reward points: 6 months premium membership 100,000 reward points: One year premium + $100 USD 500,000 reward points: Lifetime platinum + $500 USD 1,000,000 reward points: $1,500 USD 5,000,000 reward points: $10,000 USD h.

In approximately April 2006, members of the Mega Conspiracy copied videos directly from Youtube.com to make them available on Megavideo.com.

i.

On or about April 10, 2006, VAN DER KOLK sent an e-mail to ORTMANN asking “Do we have a server available to continue downloading of the Youtube’s vids? … Kim just mentioned again that this has really priority.” j.

On or about April 10, 2006, VAN DER KOLK sent an e-mail to ORTMANN indicating “Hope [Youtube.com is] not implementing a fraud detection system now… * praying *”.

30

k.

On or about April 10, 2006, ORTMANN sent an e-mail to VAN DER KOLK in reply to the “fraud detection” message indicating “Even if they did, the usefulness of their non-popular videos as a jumpstart for Megavideo is limited, in my opinion.” l.

On or about April 10, 2006, VAN DER KOLK sent an e-mail to ORTMANN in reply to the “jumpstart for Megavideo” message indicating that “Well we only have 30% of their videos yet..

In my opinion it's nice to have everything so we can descide and brainstorm later how we're going to benefit from it.” m.

On or about May 10, 2006, a member of the Mega Conspiracy registered the Internet domain Megaclick.com.

n.

On or about August 31, 2006, VAN DER KOLK sent an e-mail to an associate entitled “lol”.

Attached to the message was a screenshot of a Megaupload.com file download page for the file “Alcohol 120 1.9.5 3105complete.rar” with a description of “Alcohol 120, con crack!!!! By ChaOtiX!”.

The copyrighted software “Alcohol 120” is a CD/DVD burning software program sold by www.alcohol-soft.com.

o.

On or about November 13, 2006, VAN DER KOLK sent an e-mail to another individual that contained 100 Megaupload.com links to infringing copies of copyrighted musical recordings by the artist Armin van Buuren.

p.

On or about November 13, 2006, a member of the Mega Conspiracy registered the Internet domain Megavideo.com.

q.

On or about December 3, 2006, DOTCOM distributed a Megaupload.com link to a music file entitled “05-50_cent_feat._mobb_deep-nah-c4.mp3” to ORTMANN.

A copy of this file was still present on servers controlled by the Mega Conspiracy as of December 20, 2011.

31

r.

On or about February 5, 2007, VAN DER KOLK sent an e-mail to ORTMANN entitled “reward payments”.

Attached to the e-mail was a text file listing the following proposed reward amounts, the Megaupload.com username, and the content they uploaded: 100 USD 100 USD 100 USD 100 USD 1500 USD [USERNAME DELETED] 10+ Full popular DVD rips (split files), a few small porn movies, some software with keygenerators (warez) [USERNAME DELETED] 5845 files in his account, mainly Vietnamese content [USERNAME DELETED] Popular DVD rips [USERNAME DELETED] Some older DVD rips + unknown (Italian serries?) rar files [USERNAME DELETED] known paid user (vietnamese content) The last individual received at least $55,000 from the Mega Conspiracy through transfers from PayPal Inc., as part of the “Uploader Rewards” program.

s.

On or about February 11, 2007, VAN DER KOLK sent an e-mail to ORTMANN indicating that “Kim really wants to copy Youtube one to one.” t.

On or about February 13, 2007, ORTMANN sent an e-mail to VAN DER KOLK entitled “my concerns about the thumbnails table.” In the e-mail, ORTMANN asked VAN DER KOLK to create “a dummy lifetime premium user,” stating that “[t]his is very important to prevent the loss of source files due to expiration or abuse reports.” u.

On or about February 21, 2007, VAN DER KOLK sent an e-mail to ORTMANN entitled “2 reward payment files.” Attached to the e-mail was a file containing Megaupload.com users’ e-mail addresses and reward payments for that time period, which ranged from $100 to $500.

For one user that was paid $300, VAN DER KOLK wrote, “30849 files, mainly Mp3z, some copyrighted but most of them have a very small number of downloads per file.” For other users, all of which were selected for reward payments of $100 by the Mega Conspiracy, he wrote the following: “Our old famous number one on MU, still some illegal files 32

but I think he deserves a payment”; “Loads of PDF files (looks like scanned magazines)”; “looks like vietnamese DVD rips”; “This user was paid last time has mainly split RAR files, however more than 50% deleted through abuse reports.” v.

From on or about March 1, 2007, through July 3, 2010, payments totaling approximately $13 million were transferred in and affecting interstate and foreign commerce through PayPal, Inc.

by a member of the Mega Conspiracy to WR, the Chief Financial Officer of Carpathia Hosting in Ashburn, Virginia, which is in the Eastern District of Virginia, for computer leasing, hosting, and support services.

The details of these payments are described more specifically in Count Three and incorporated herein by reference.

w.

From on or about March 2, 2007, through July 3, 2010, payments totaling at least $9 million were transferred in and affecting interstate and foreign commerce through PayPal, Inc.

by a member of the Mega Conspiracy to Leaseweb in the Netherlands for computer leasing, hosting, and support services.

The details of these payments are described more specifically in Count Three and incorporated herein by reference.

x.

On or about April 15, 2007, VAN DER KOLK sent an e-mail to ORTMANN entitled “reward batch payment.” In the e-mail, VAN DER KOLK stated: “We saved more than half of the money.

Most of the disqualifications were based on fraud (automated mass downloads).

The other disqualifications had very obvious copyrighted files in their account portfolio, but I was rather flexible (considering we saved quite a lot on fraud already).

Total cost: 5200 USD.” Attached to the e-mail was a file containing the Megaupload.com users’ e-mail addresses and selected reward payments for that time period, which ranged from $100 to $1,500.

33

y.

On or about May 17, 2007, a representative from Google AdSense, an Internet advertising company, sent an e-mail to DOTCOM entitled “Google AdSense Account Status.” In the e-mail, the representative stated that “[d]uring our most recent review of your site [Megaupload.com,]” Google AdSense specialists found “numerous pages” with links to, among other things, “copyrighted content,” and therefore Google AdSense “will no longer be able to work with you.” The e-mail contains links to specific examples of offending content located on Megaupload.com.

DOTCOM and his conspirators have continued to operate and financially profit from the Megaupload.com website after receiving this notice.

z.

On or about July 1, 2007, the Mega Conspiracy publicly launched the Megavideo.com website.

aa.

On or about August 12, 2007, VAN DER KOLK sent an e-mail to ORTMANN regarding a particular file located on Megaupload.com.

The file was a music video, entitled “soulja_boy-crank_dat_soulja_boy_(superman)-[zGalaxy_Xvid].avi.” In the e-mail, VAN DER KOLK copied information about the file from the Megaupload.com internal database, which contains, among other things, the following: file name; file extension type (e.g., .avi, .jpg, etc.); file size; date; rank; the file’s 32-digit identification number, also referred to as a MD5 hash; and the file’s 8-digit download number for use with the Megaupload.com link (for example, the last eight digits of the following: www.megaupload.com/?d=BY15XE3V).

bb.

On or about August 15, 2007, BENCKO sent VAN DER KOLK an e-mail message indicating “the sopranos is in French :((( fuck..

can u pls find me some again ?” cc.

On September 29, 2007 and again on March 11, 2009, a member of the Mega Conspiracy made transfers in and affecting interstate and foreign commerce through PayPal, Inc.

to PA, a resident of Newport News, Virginia, which is in the Eastern District of

34

Virginia, as part of the Mega Conspiracy’s “Uploader Rewards” program.

Specifically, this individual received a transfer of $1,500 on each of these dates from the Mega Conspiracy (for a total of $3,000).

dd.

On or about October 4, 2007, BENCKO sent VAN DER KOLK an e-mail message entitled “pls” requesting “can u pls get me some links to the series called ‘Seinfeld’ from MU?” ee.

On or about October 18, 2007, BENCKO sent an e-mail to VAN DER KOLK indicating that “sorry to bother but if you would have a second to find me some links for the “Grand Archives” band id be very happy.” On or about the same day, VAN DER KOLK responded to BENCKO with an e-mail that contained a Megaupload.com link to a Grand Archives music album with the statement “That’s all we have.

Cheers mate!” ff.

On or about December 11, 2007, a credit card payment processor e-mailed ECHTERNACH and VAN DER KOLK regarding “complaints” that the processor had received from third-parties, including one in which a third-party stated, “we have pulled over 65 full videos from Megarotic.

That’s $200k in content we paid for.” In the e-mail, the processor stated, among other things: “you are not allowed to sell or financially benefit from the content that is infringing in copyrights on your site”; and “you are not allowed to continue with allowing the user to upload content if you can have knowledge of the infringing of copyright.” DOTCOM responded to the e-mail, stating “The DMCA quotes you sent me are not relevant.

We are a hosting company and all we do is sell bandwidth and storage.

Not content.

All of the content on our site is available for “free download”.” gg.

On or about December 12, 2007, BATATO distributed a Megaupload.com link to an infringing copy of the copyrighted music file “Louis Armstrong – We have all the time

35

in the world.mp3” to DOTCOM.

An infringing copy of this copyrighted work was still present on servers leased by the Mega Conspiracy as of September 2, 2011.

hh.

Starting as early as January 27, 2008, a member of the Mega Conspiracy made multiple transfers in and affecting interstate and foreign commerce through PayPal, Inc.

to CB, a resident of Alexandria, Virginia, which is in the Eastern District of Virginia, as part of the Mega Conspiracy’s “Uploader Rewards” program.

CB received total payments from the Conspiracy of $500, including transfers of $100 on January 27, 2008; $300 on October 8, 2009; and $100 on February 1, 2010.

ii.

Starting as early as February 11, 2008, a member of the Mega Conspiracy made multiple transfers in and affecting interstate and foreign commerce through PayPal, Inc.

to ND, a resident of Falls Church, Virginia, which is in the Eastern District of Virginia, as part of the Mega Conspiracy’s “Uploader Rewards” program.

ND received total payments from the Conspiracy of $900, including transfers of $100 on February 11, 2008; $100 on March 3, 2008; $300 on March 15, 2008; $100 on March 29, 2008; and $300 on April 15, 2008.

jj.

On or about July 1, 2008, DOTCOM sent an e-mail to ORTMANN entitled “[Fwd: Illegal links]”.

DOTCOM instructed him: “Never delete files from private requests like this.

I hope your current automated process catches such cases.” kk.

On or about July 9, 2008, VAN DER KOLK sent an e-mail to a third- party, entitled “funny chat-log.” In the e-mail, VAN DER KOLK copied the text of a previous online conversation between himself and ORTMANN, in which VAN DER KOLK had stated, “we have a funny business .

.

.

modern days pirates :)” ORTMANN responded, “we’re not pirates, we’re just providing shipping services to pirates :)”.

36

ll.

On or about July 18, 2008, DOTCOM sent an e-mail message to ORTMANN instructing him to list “Mega Manager” as the “Number 1 dowload” out of the Top 100 Megaupload.com files.

mm.

On or about August 4, 2008, the Mega Conspiracy launched their own advertising company for the Mega Sites called Megaclick.com.

nn.

On or about August 11, 2008, DOTCOM requested that the Mega Conspiracy’s contract with Leaseweb drop a standard clause requiring contract termination for violations of Leaseweb’s “Acceptable Use Policy.” oo.

On or about September 1, 2008, VAN DER KOLK uploaded an infringing copy of the copyrighted television program entitled “BBC.Earth.-.The.Power.Of.The.Planet.5of5.Rare.Earth.XviD.AC3.MVGroup.org.avi” to Megaupload.com and e-mailed the URL file to another individual.

An infringing copy of this copyrighted work was still present on servers leased by the Mega Conspiracy as of September 8, 2011.

pp.

On or about October 13, 2008, BATATO sent an e-mail to an advertiser, which included a screen capture of the Megaupload.com download page for the file “MyBlueBerryNights.part1.rar”.

The screen capture also contained an open browser window to the linking site www.mulinks.com.

qq.

On or about October 14, 2008, BATATO sent an e-mail to an advertiser that contained two Megaupload.com links.

One of the links directed to a file “DanInRealLife.part2.rar”, which was a portion of an infringing copy of the copyrighted motion picture “Dan in Real Life.”

37

rr.

On or about October 25, 2008, VAN DER KOLK uploaded an infringing copy of a copyrighted motion picture entitled “Taken 2008 DVDRip Repack [A Release Lounge H264 By Micky22].mp4” to Megaupload.com and e-mailed the URL link for the file to another individual.

An infringing copy of this copyrighted work was still present as of October 27, 2011,on a server in the Eastern District of Virginia controlled by the Mega Conspiracy.

ss.

On or about October 31, 2008, DOTCOM forwarded an e-mail to ORTMANN from a customer entitled “Sharebee.com” and stating that “Sharebee.com have uploaded over 1million files to megaupload in 2008.” ORTMANN responded to DOTCOM that Sharebee.com was a “multifile hoster upload service.” Sharebee.com allows the mass distribution of files to a number of file hosting and distribution services, including Megaupload.com, and creates clickable links to access that content from multiple sites.

tt.

On or about November 17, 2008, DOTCOM forwarded an e-mail to ORTMANN from a customer that indicated “I just want to start of by saying that i love the site, but today i discovered something i would consider a flawd.

I was watching a video of Myth Busters when i recived a message that said “You have watched 3079 minutes of video today””.

ORTMANN responded to DOTCOM that this was the correct behavior of the service.

uu.

On or about November 23, 2008, DOTCOM forwarded an e-mail to ORTMANN and ECHTERNACH from a non-premium customer that indicated “i guess we need to find a new hobby because watching pirated material via megavideo is now over-rated and ruined because of this video bandwidth limit.” vv.

On or about November 23, 2008, DOTCOM received an e-mail from a Mega Site user entitled “video problems.” The e-mail described, “I’ve been trying to watch Dexter episodes, but… the sound doesn’t match up with the visual… I didn’t choose to use your

38

site, you seem to dominate episodes 6 and 7 of Dexter on alluc[.org, a linking site].” DOTCOM forwarded the e-mail to ORTMANN and wrote, “… on many forums people complain that our video / sound are not in sync… We need to solve this asap!” “Dexter” is a copyrighted television series on the premium cable channel Showtime.

ww.

On or about December 5, 2008, NOMM sent VAN DER KOLK an e-mail, which included a screenshot of NOMM’s account using Megavideo.com to watch an infringing episode of the copyrighted television show “Chuck.” The episode in the image, Season 2 Episode 9, initially aired on December 1, 2008, four days before the e-mail.

xx.

On or about January 14, 2009, BATATO sent an e-mail message to a Megaupload.com advertiser saying “You can find your banner on the downloadpages of Megaupload.com.

Just choose a link for example from this site: www.mulinks.com…” yy.

On or about March 3, 2009, DOTCOM sent an e-mail to a reporter indicating “Whenever a user uploads a new file it is checked against our database and if we already have the exact same file the upload completes instantly.

This way a complete system backup into the cloud only takes a fraction of the time it used to take.

And the longer we exist, the more files we receive, the faster we get.” zz.

On or about April 23, 2009, DOTCOM sent an e-mail message to VAN DER KOLK, ORTMANN, and BENCKO in which he complained about the deletion of URL links in response to infringement notices from the copyright holders.

In the message, DOTCOM stated that “I told you many times not to delete links that are reported in batches of thousands from insignificant sources.

I would say that those infringement reports from MEXICO of “14,000” links would fall into that category.

And the fact that we lost significant revenue because of it justifies my reaction.”

39

aaa.

On or about April 24, 2009, DOTCOM sent an e-mail to BENCKO, ORTMANN, and VAN DER KOLK indicating, “I remembered the steep drop of revenue at the same time in 2008 and thought that this might have also been caused by careless mass link deletions.

This made me very mad, especially because I told you that such mass deletions should be prevented and sources checked much more carefully.

I am sure such mass link deletions are also contributing to a drop of revenue … In the future please do not delete thousands of links at ones from a single source unless it comes from a major organization in the US.” bbb.

Starting as early as April 29, 2009, a member of the Mega Conspiracy made multiple transfers in and affecting interstate and foreign commerce through PayPal, Inc.

to NA, a resident of Alexandria, Virginia, which is in the Eastern District of Virginia, as part of the Mega Conspiracy’s “Uploader Rewards” program.

NA received total payments from the Conspiracy of $600, including transfers of $100 on April 29, 2009; $100 on May 25, 2009; and $400 on July 31, 2009.

ccc.

Starting as early as April 29, 2009, a member of the Mega Conspiracy made multiple transfers in and affecting interstate and foreign commerce through PayPal, Inc.

to NS, a resident of Fairfax, Virginia, which is in the Eastern District of Virginia, as part of the Mega Conspiracy’s “Uploader Rewards” program.

NS received total payments from the Conspiracy of $300, including transfers of $100 on April 29, 2009; $100 on April 26, 2010; and $100 on May 8, 2010.

ddd.

On or about May 7, 2009, ORTMANN sent an e-mail in German to DOTCOM indicating the top referring or linking sites to Megaupload.com by Megaupload premium users.

The linking sites included: seriesyonkis.com, surfthechannel.com, sharebee.com, taringa.net, watch-movies-links.net, cinetube.es, and megauploadforum.net.

40

eee.

On or about May 17, 2009, NOMM sent an e-mail to ORTMANN entitled “Competitor Links Report.” The e-mail indicated that the top third-party sites used to reach Megavideo.com content were seriesyonkis.com, peliculasyonkis.com, dospuntocerovision.com, cinetube.es, and surfthechannel.com, which are all linking sites.

fff.

On or about May 25, 2009, NOMM sent an e-mail to DOTCOM and ORTMANN entitled “status report.” NOMM wrote “I have been processing HD videos for some time now to find best of the best for showcase (Mathias gave specification).

Even though we have lots of HD content uploaded most seems to be problematic quality or legality wise.” ggg.

On or about May 25, 2009, BATATO sent an e-mail to ORTMANN that contained customers’ e-mails.

One of the customer e-mails indicated: “We watched Taken successfuly and then tried to watch the “Alphabet Killer” a day later and got the message to upgrade if we wanted to continue watching.” hhh.

On or about June 6, 2009, BATATO sent an e-mail to an advertiser indicating, “Banners will be shown on the download pages of Megaupload.

You will find some links here for example: http://mulinks.com/news.php”.

iii.

Starting as early as July 31, 2009, a member of the Mega Conspiracy made multiple transfers in and affecting interstate and foreign commerce through PayPal, Inc.

to TT, a resident of Woodbridge, Virginia, which is in the Eastern District of Virginia, as part of the Mega Conspiracy’s “Uploader Rewards” program.

TT received total payments from the Conspiracy of $2,700, including transfers totaling $100 on July 31, 2009; $100 on August 29, 2009; $200 on September 18, 2009; $100 on September 29, 2009; $200 on October 8, 2009; $200 on November 8, 2009; $600 on November 24, 2009; $1,000 on December 23, 2009; and $200 on February 1, 2010.

41

jjj.

Starting as early as August 9, 2009, a member of the Mega Conspiracy made multiple transfers in and affecting interstate and foreign commerce through PayPal, Inc.

to CW, a resident of Moseley, Virginia, which is in the Eastern District of Virginia, as part of the Mega Conspiracy’s “Uploader Rewards” program.

CW received total payments from the Conspiracy of $2,900, including payments of $100 and $600 on August 9, 2009; a payment of $500 on October 8, 2009; a transfer of $1,500 on December 23, 2009; and a payment of $200 on June 21, 2010.

kkk.

On or about August 10, 2009, TT of Woodbridge, Virginia, which is in the Eastern District of Virginia, sent a payment of $9.99 that traveled in interstate and foreign commerce through PayPal, Inc., and was received by the Megaupload.com PayPal, Inc.

account.

lll.

On or about September 4, 2009, a representative of Warner Brothers Entertainment, Inc.

(“Warner”) sent an e-mail to Megaupload.com, stating that Warner was “unable to remove links” to copyright-infringing content on Megaupload.com using the Abuse Tool.

In the e-mail, the Warner representative requested an increase in Warner’s removal limit, which is controlled by the Mega Conspiracy.

On or about September 8, the representative sent a follow-up request, and on or about September 9, the representative sent another follow-up request.

On or about September 10, ORTMANN sent an e-mail to DOTCOM, stating, “They are currently removing 2500 files per day - a cursory check indicates that it’s legit takedowns of content that they own appearing in public forums.” ORTMANN also stated, “We should comply with their request - we can afford to be cooperative at current growth levels.” DOTCOM responded that the limit should be increased to 5,000 per day, but “not unlimited.”

42

mmm.

On or about September 29, 2009, CB of Alexandria, Virginia, which is in the Eastern District of Virginia, sent a payment of $9.99 that traveled in interstate and foreign commerce through PayPal, Inc., and was received by the Megaupload.com PayPal, Inc.

account.

nnn.

On or about October 25, 2009, VAN DER KOLK instructed a Mega Conspiracy employee in German through e-mail how to alter the “featured” videos list on Megavideo.com and the Top 100 Megaupload.com list.

ooo.

On or about November 30, 2009, BATATO sent an e-mail to an advertiser stating: “Please go to mulinks.com and copy paste One of those URLs to your browser.

You will then See where the banner appears.” ppp.

On or about January 28, 2010, in an e-mail entitled “activating old countries,” a user of a Mega Conspiracy site asked BATATO: “where can we see full movies?” BATATO replied “You need to go to our referrer sites.

Such as www.thepiratecity.org or www.ovguide.com[.] There are the movie and series links.

You cannot find them by searching on MV directly.

That would cause us a lot of trouble ;-)” qqq.

On or about February 1, 2010, BATATO sent an e-mail to an unindicted co-conspirator with the subject “[tradeit] – Campaign stats” stating “We can’t deliver [Hong Kong] traffic because the company is based in [Hong Kong] and we don’t want to experience any trouble with license holders etc.

Remember, I told you about that topic ;-)”.

rrr.

On or about March 15, 2010, a member of the Mega Conspiracy created Megastuff Limited, a New Zealand company, that has facilitated the transfer to New Zealand of millions of dollars in illicit proceeds and assets for the personal financial gain of DOTCOM and other conspirators, as well as to facilitate additional operations of the Mega Conspiracy.

43

sss.

On or about May 8, 2010, NS of Fairfax, Virginia, which is in the Eastern District of Virginia, sent a payment of $199.99 that traveled in interstate and foreign commerce through PayPal, Inc., and was received by the Megaupload.com PayPal, Inc.

account.

ttt.

On or about June 24, 2010, members of the Mega Conspiracy were informed, pursuant to a criminal search warrant from the U.S.

District Court for the Eastern District of Virginia, that thirty-nine infringing copies of copyrighted motion pictures were believed to be present on their leased servers at Carpathia Hosting in Ashburn, Virginia.

On or about June 29, 2010, after receiving a copy of the criminal search warrant, ORTMANN sent an e-mail entitled “Re: Search Warrant – Urgent” to DOTCOM and three representatives of Carpathia Hosting in the Eastern District of Virginia.

In the e-mail, ORTMANN stated, “The user/payment credentials supplied in the warrant identify seven Mega user accounts”, and further that “The 39 supplied MD5 hashes identify mostly very popular files that have been uploaded by over 2000 different users so far[.]” The Mega Conspiracy has continued to store copies of at least thirty-six of the thirty-nine motion pictures on its servers after the Mega Conspiracy was informed of the infringing content.

uuu.

On or about July 8, 2010, DOTCOM sent an e-mail to ORTMANN and ECHTERNACH entitled “attention.” The e-mail contained a link to a news article entitled “Pirate Bay and Megaupload Escape Domain Seizure by US.” The article discussed how, “[a]s part of an initiative to crack down on Internet piracy and counterfeiting, the US Government recently took action against sites making available movies and TV shows.” In the e-mail, DOTCOM stated, “this is a serious threat to our business.

Please look into this and see how we can protect ourselfs.” DOTCOM also asked, “Should we move our domain to another country

44

(canada or even HK?)” ECHTERNACH responded, “In case domains are being seized from the registrar, it would be safer to choose a non-US registrar[.]” vvv.

On or about September 5, 2010, BENCKO sent an e-mail to DOTCOM, ORTMANN, and VAN DER KOLK.

Attached to the e-mail message was a screenshot of BENCKO logged into a Megaupload.com file download page with a filename of “Meet.Dave.2008.avi”.

www.

On or about November 1, 2010, ECHTERNACH forwarded an e-mail from a Universal Music Group (“UMG”) executive to DOTCOM and ORTMANN, which discussed requirements that UMG would require of Megaupload before they could discuss licensing for MegaBox.

Included in the list of requirements was “proactive fingerprint filtering to ensure that there is no infringing music content hosted on its service; proactive text filtering for pre-release titles that may not appear in fingerprint databases at an early stage; terminate the accounts of users that repeatedly infringe copyright; limit the number of possible downloads from each file; process right holder take down notices faster and more efficiently.” xxx.

On or about November 15, 2010, BATATO forwarded an e-mail to ORTMANN entitled “member-issue” that was received by a Mega Conspiracy employee from a user.

In the forward, BATATO wrote “Fanpost ;-)”.

The email from the user stated “I paid yesturday however can’t work it out!!!\ I have been trying to see Robin Hod, 3th season, chapter 10, and do not succeed.

Please help me solve it – or cancel my payment!” yyy.

On or about December 10, 2010, DOTCOM forwarded a complaint from a user that “Megakey is not working” to ORTMANN and VAN DER KOLK.

In the forward, DOTCOM writes “this doesn’t work yet? we are advertising it.

why is it not working?”.

In the user’s e-mail, he complained that he installed Megakey, which provides Mega Conspiracy

45

advertising to users in exchange for premium access to Megaupload.com and Megavideo.com, and the user was still receiving a message about the “megavideo time limit.” The e-mail included apparent screenshots of the user’s computer which shows the linking site animefreak.tv being used to attempt to watch an episode of the copyrighted television series “Fruits Basket” on Megavideo.com.

zzz.

On or about December 22, 2010, ORTMANN provided DOTCOM with a possible response to a press inquiry that discusses the Recording Industry Association of America (“RIAA”)’s campaign to have payment services such as Mastercard to stop allowing payments to Megaupload.com because the site is, in the words of the reporter citing RIAA, “dedicated to facilitating copyright infringement.” ORTMANN’s proposed response includes: “We are watching the unfolding events with interest, but as the vast majority of our revenue is coming from advertising, the effect on our business will be limited.” aaaa.

On or about January 13, 2011, DOTCOM sent a proposed Megaupload.com public statement regarding piracy allegations against the website to hosting company executives DS and JK.

On or about January 13, 2011, DS replied to DOTCOM: “It looks accurate to me.

good luck.” The same day, JK replied, “Using the words, ‘….vast majority is legitimate.’ Opens you up.

It’s an admission that there are ‘bad’ things on your site.

I would get rid of that so it simply reads that it is legitimate.” bbbb.

On or about January 27, 2011, ECHTERNACH received an e-mail from an unindicted co-conspirator stating that “video resource sites such as youtube which is our source for videos which we upload to megavideo.” cccc.

On or about February 2, 2011, DOTCOM forwarded an article from The Telegraph by e-mail to ORTMANN, which discusses the potential for courts in the

46

United Kingdom to block access to “websites used exclusively for facilitating illegal downloading of content.” dddd.

On or about February 5, 2011, ORTMANN responded in an e-mail to DOTCOM, copying ECHTERNACH and VAN DER KOLK, about an article that DOTCOM sent him entitled “how-to-stop-domain-names-being-seized-by-the-us-government.” ORTMANN indicates the status of the Mega Conspiracy’s completion of the recommendations made in the article.

eeee.

On or about February 10, 2011, DOTCOM forwarded a complaint to ORTMANN from a Taiwanese broadband service provider about problems its users have had downloading from Megaupload.com.

In the screenshots that are in the original e-mail complaint is what appears to be an ongoing download of a copyrighted The Simpsons episode from Fox Television entitled “Treehouse of Horror XIII.” The e-mail traces the download from the provider’s connection to Cogent Communications to the Mega Conspiracy’s servers.

ffff.

On or about February 18, 2011, DOTCOM forwarded an e-mail inquiry entitled “‘Repeat Offender’ Infringement Policy” to ORTMANN.

In the original e-mail, a representative of a copyright holder indicates that Megaupload.com does not specify any “repeat offender or repeat infringer policy” in its Terms of Service.

The representative points out that the “Safe Harbor” provision of the DMCA “requires that providers deal appropriately with repeat offenders” and asks for the termination of repeat offenders on Megaupload.com.

gggg.

On or about February 25, 2011, BATATO forwarded an e-mail to NOMM, copying ORTMANN, entitled “embedded ads not functioning correctly,” from an individual complaining that the advertising click through rate (“CTR”) from playing Megavideo.com videos directly on the linking site alluc.org has suffered because the embedded

47

advertising from the Mega Conspiracy is not automatically playing on the external website.

The individual’s e-mail contains screenshots from the linking site that shows episodes of the BBC copyrighted television show Red Dwarf that were available on Megavideo.com.

BATATO, in the forward, stated: “Could you please check that issue? We need to help them a bit now as their CTR and conversions went down by 50% and 95% respectively.

That was expected but at least we should help them now get their campaigns running w/o problems.” hhhh.

On or about February 25, 2011, BATATO sent an e-mail to NOMM and VAN DER KOLK regarding problems with getting “pre-roll” advertising for Megavideo.com because of a “copy right issue.” His e-mail contains messages between employees of Megaclick.com and a third-party advertising service.

In an early message, the Megaclick.com employee informs BATATO that the third-party advertising service considers it illegal to monetize infringing content through advertising immediately prior to viewing the content.

iiii.

On or about March 9, 2011, a developer for the Mega Conspiracy sent an e-mail to ORTMANN and two other individuals.

In the e-mail, the developer indicated that an associate had downloaded an infringing copy of a copyrighted musical recording entitled “The_Matrix_-_Original_Motion_Picture_Score.rar” from Rapidshare.com, and then, using the “Megakey music search,” added the files to a Megabox account.

The e-mail further indicates that the Megabox website listed the wrong artist for the album.

jjjj.

On or about April 29, 2011, members of the Conspiracy infringed the copyright of the motion picture “The Green Hornet” by making it available on publicly accessible Internet-connected servers at Carpathia Hosting in Ashburn, Virginia, within the Eastern District of Virginia, and reproduced and distributed the work over the Internet without

48

authorization.

The film, which had been released in U.S.

theaters on or about January 14, 2011, was not commercially distributed in the United States until on or about May 3, 2011.

kkkk.

On or about May 13, 2011, members of the Conspiracy infringed the copyright of the motion picture “Thor” by making it available on publicly accessible Internetconnected servers at Carpathia Hosting in Ashburn, Virginia, within the Eastern District of Virginia, and reproduced and distributed the work over the Internet without authorization.

The film, which had been released in U.S.

theaters on or about May 6, 2011, was not commercially distributed in the United States until on or about September 13, 2011.

llll.

On or about June 7, 2011, VAN DER KOLK sent an e-mail to ORTMANN forwarding a French complaint about infringement of their copyrighted motion pictures.

In the forward, VAN DER KOLK stated: “They basically want us to audit / filter every upload, and are threatening with action against us if their material continues to appear on MV.” mmmm.

On or about July 6, 2011, DOTCOM forwarded an online story from Spiegel.tv to ORTMANN about the takedown of the linking site Kino.to by law enforcement in Germany, and wrote, in German: “Possibly not fly to Germany?” nnnn.

On or about July 6, 2011, BATATO sent an e-mail to ORTMANN forwarding a string of e-mails in German from an advertising entity saying that a customer wants their campaigns on a Mega Site discontinued because of concerns related to the Kino.to takedown.

oooo.

On or about August 11, 2011, DOTCOM forwarded an e-mail to ORTMANN from a user who stated: “I used to buy monthly fees to help with the cost of you guys doing business .

… I miss being about to view tv shows on you service .

My most favorite was True blood and battle star Gallactica .

I would be happy to continue to pay for the service ,

49

but some thing would needs to change.

I don't mind your services be bogged down from time to time.

I don't mind paying, but i need to get something for the service i pay for.” pppp.

On or about August 12, 2011, members of the Conspiracy infringed the copyright of the motion picture “Bad Teacher” by making it available on publicly accessible Internet-connected servers at Carpathia Hosting in Ashburn, Virginia, within the Eastern District of Virginia, and reproduced and distributed the work over the Internet without authorization.

The film, which had been released in U.S.

theaters on or about June 24, 2011, was not commercially distributed in the United States until on or about October 18, 2011.

qqqq.

On or about August 14, 2011, members of the Conspiracy infringed the copyright of the motion picture “Harry Potter and the Deathly Hallows, Part 1” by distribution without authorization.

rrrr.

On or about September 16, 2011, NOMM sent an analysis of Megavideo.com to ORTMANN by e-mail.

The analysis indicates: “The search function for the site should also list full length videos.

Currently, movies that do not have copyright infringements are also not being listed in the search.” The analysis further indicates: “Movies should also be available in Megavideo and not from third party websites only[.]” ssss.

On or about September 17, 2011, VAN DER KOLK sent an e-mail to ORTMANN, attaching a Google Analytics report on referrals to Megaupload.com from the linking site Taringa.net.

The single page report indicates that, between August 17, 2010 and September 16, 2011, Taringa.net provided more than 72 million referrals to Megaupload.com, with the top 10 links including some copyrighted software and music titles.

The page indicates, for example, that the linking site produced 164,214 visits to Megaupload.com for a download of

50

the copyrighted CD/DVD burning software package Nero Suite 10.

This software program had a suggested retail price of $99.

tttt.

On or about October 10, 2011, JK, an executive from a hosting provider, sent an e-mail to ORTMANN entitled “Article.” The e-mail contained a link to a news article, which discussed how a Dutch court ordered a “major” website “to delete all infringing content from its servers.” The article asked: “Could file-hosting services like MegaUpload and RapidShare be next?” In the e-mail, JK asked ORTMANN: “Do you have any concerns that this kind of thing could find its way to you”? ORTMANN responded to JK, with a copy to DOTCOM, stating that the sites in the article “provide a search index covering their entire content base, including the infringing material.” uuuu.

On or about October 14, 2011, DOTCOM sent an e-mail to a PayPal, Inc.

representative indicating: Our legal team in the US is currently preparing to sue some of our competitors and expose their criminal activity.

We like to give you a heads up and advice you not to work with sites that are known to pay uploaders for pirated content.

They are damaging the image and the existence of the file hosting industry (see whats happening with the Protect IP act).

Look at Fileserve.com, Videobb.com, Filesonic.com, Wupload.com, Uploadstation.com.

These sites pay everyone (no matter if the files are pirated or not) and have NO repeat infringer policy.

And they are using PAYPAL to pay infringers.

vvvv.

On or about October 18, 2011, VAN DER KOLK sent an e-mail to ORTMANN, forwarding a complaint from the Vietnamese Entertainment Content Protection Association.

The complaint indicated that the DMCA Abuse Tool for Megaupload.com does not remove particular types of links.

It also noted that a particular linking site is a repeat infringer “where users and admin team are all involved in upload and reupload as soon as the files are removed.” It also stated “To date, we have removed 24 pages of infringed download links and almost 100% are Megaupload.”

51

wwww.

On or about November 10, 2011, a member of the Mega Conspiracy made a transfer of $185,000 to further an advertising campaign for Megaupload.com, involving a musical recording and video.

xxxx.

On or about November 20, 2011, members of the Conspiracy infringed the copyright of a high definition version of the motion picture “Lord of the Rings: Fellowship of the Ring” by distribution without authorization.

yyyy.

On or about November 20, 2011, members of the Conspiracy infringed the copyright of the motion picture “The Twilight Saga: Breaking Dawn – Part 1” by making it available on publicly accessible Internet-connected servers at Carpathia Hosting in Ashburn, Virginia, within the Eastern District of Virginia, and reproduced and distributed the work over the Internet without authorization.

The film, which was released in U.S.

theaters on or about November 18, 2011, has not been commercially distributed as of the date of this Indictment.

(All in violation of Title 18, United States Code, Section 371)

52

COUNT THREE (18 U.S.C.

§ 1956(h) – Conspiracy to Commit Money Laundering) THE GRAND JURY CHARGES THAT: 70.

All of the allegations in Counts One, Two, Four, and Five are incorporated as if set forth here in their entirety.

71.

Beginning in at least September 2005 and continuing until at least the date of this Indictment, in the Eastern District of Virginia and elsewhere, the defendants, KIM DOTCOM, MEGAUPLOAD LIMITED, VESTOR LIMITED, FINN BATATO, JULIUS BENCKO, SVEN ECHTERNACH, MATHIAS ORTMANN, ANDRUS NOMM, and BRAM VAN DER KOLK each knowingly and intentionally combined, conspired, and agreed together and with each other, and with other persons known and unknown to the Grand Jury, to commit offenses against the United States in violation of Title 18, United States Code, Sections 1956 and 1957, namely: (a) to knowingly conduct and attempt to conduct a financial transaction affecting interstate and foreign commerce, which in fact involved the proceeds of the specified unlawful activity of criminal copyright infringement with the intent to promote the carrying on of the specified unlawful activity of criminal copyright infringement, and that while conducting and

53

attempting to conduct such financial transaction knew that the property involved in the financial transaction represented the proceeds of some form of unlawful activity in violation of Title 18, United States Code, Section 1956(a)(1)(A)(i); (b) to transport, transmit, and transfer and attempt to transport, transmit, and transfer a monetary instrument and funds from a place in the United States to and through a place outside the United States, and to a place in the United States from or through a place outside the United States, with the intent to promote the carrying on of the specified unlawful activity of criminal copyright infringement, in violation of Title 18, United States Code, Section 1956(a)(2)(A); and (c) to knowingly engage and attempt to engage in monetary transactions in criminally derived property of a value greater than $10,000 that is derived from the specified unlawful activity of criminal copyright infringement, in violation of Title 18, United States Code, Section 1957.

Ways, Manner, and Means of the Conspiracy In furtherance of the Conspiracy, defendants and others known and unknown to the Grand Jury employed, among others, the following manner and means: 72.

It was part of the Conspiracy that members of the Conspiracy willfully reproduced and distributed, in the Eastern District of Virginia and elsewhere, infringing copies and phonorecords of copyrighted works with the purpose of private financial gain; such conduct is a “specified unlawful activity” under Title 18 of the United States Code, Section 1956(c)(7)(D).

73.

It was further part of the Conspiracy that infringing copies and phonorecords of copyrighted works were stored on computer servers controlled by the Conspiracy located at

54

Carpathia Hosting in Ashburn, Virginia, which is in the Eastern District of Virginia; such conduct occurred at least in part in the United States, under Title 18 of the United States Code, Section 1956(f)(1).

74.

It was further part of the Conspiracy that a transaction or series of transactions conducted by members of the Conspiracy involved funds or monetary instruments of a value exceeding $10,000, under Title 18 of the United States Code, Section 1956(f)(2).

75.

It was further part of the Conspiracy that members of the Conspiracy intended to promote the carrying on of criminal copyright infringement using multiple financial transactions affecting interstate and foreign commerce, which involved the proceeds of criminal copyright infringement, and that, while conducting and attempting to conduct such financial transactions, members of the Conspiracy knew that the property involved in the transactions represented the proceeds of criminal copyright infringement.

76.

It was further part of the Conspiracy that members of the Conspiracy intended to promote the carrying on of criminal copyright infringement using multiple transfers involving monetary instruments and funds from places in the United States to and through places outside the United States, and to places in the United States from or through places outside the United States.

77.

It was further part of the Conspiracy that members of the Conspiracy knowingly engaged in multiple monetary transactions in criminally derived property of a value greater than $10,000 that was derived from criminal copyright infringement.

78.

It was further part of the Conspiracy that multiple transfers totaling more than $5 million, which involved proceeds of criminal copyright infringement in the Eastern District of Virginia and elsewhere, from a Moneybookers Limited account in the United Kingdom were

55

made, and the transfers were directed to a DBS (Hong Kong) Limited account for the Conspiracy in Hong Kong between August 1, 2010 and July 31, 2011; such activity provides jurisdiction under Title 18 of the United States Code, Section 1956(f).

79.

It was further part of the Conspiracy that multiple transfers totaling more than $66 million, which involved proceeds of criminal copyright infringement in the Eastern District of Virginia and elsewhere, from a PayPal, Inc.

account were made in and affecting interstate and foreign commerce and by a member of the Conspiracy, and the transfers were directed to a DBS (Hong Kong) Limited account for the Conspiracy between on or about August 3, 2007, and July 31, 2011; such activity provides jurisdiction under Title 18 of the United States Code, Section 1956(f).

80.

It was further part of the Conspiracy that multiple transfers totaling more than $6 million, which involved proceeds of criminal copyright infringement in the Eastern District of Virginia and elsewhere, from a PayPal, Inc.

account for the Conspiracy were made in and affecting interstate and foreign commerce by a member of the Conspiracy, and the transfers were directed to a bank account in Hong Kong for the Conspiracy between on or about August 15, 2005, and July 5, 2010; such activity provides jurisdiction under Title 18 of the United States Code, Section 1956(f) and included the following: a.

On or about August 15, 2005, a transfer of approximately $14,750 to a HSBC Bank account for the Conspiracy; On or about September 23, 2008, transfers of approximately $320,150 to a DBS (Hong Kong) Limited account for the Conspiracy; On or about November 9, 2009, transfers of approximately $1,077,648 to a DBS (Hong Kong) Limited account for the Conspiracy; On or about December 2, 2009, transfers of approximately $667,443 to a DBS (Hong Kong) Limited account for the Conspiracy; and b.

c.

d.

56

e.

On or about July 5, 2010, transfers of approximately $656,507 to a DBS (Hong Kong) Limited account for the Conspiracy.

81.

It was further part of the Conspiracy that multiple transfers, which involved proceeds of criminal copyright infringement in the Eastern District of Virginia and elsewhere, from a DBS (Hong Kong) Limited bank account for the Conspiracy were made by a member of the Conspiracy, and the tra