Joon H. Kim, the Acting United States Attorney for the Southern District of New York, announced that TIMOTHY SEDLAK was sentenced in Manhattan federal court to 18 months in prison for attempting to access without authorization the computer network of a global charitable organization based in New York, New York (the “Organization”), and as a result of such conduct, recklessly causing damage to computers of the Organization. He was convicted on February 23, 2017, and was sentenced today by U.S. District Judge Ronnie Abrams.

Acting Manhattan U.S. Attorney Joon H. Kim said: “Timothy Sedlak used dozens of computers and electronic devices to unlawfully access others’ computer networks, making hundreds of thousands of attempts to steal information from one charitable organization. Although he was ultimately unsuccessful, Sedlak’s efforts impaired the organization’s ability to operate. I want to thank our partners at the Secret Service for their work to combat cyber attacks like this one.”

According to the Superseding Information, other documents filed in Manhattan federal court, and statements made at various proceedings in this case, including the guilty plea:

SEDLAK made hundreds of thousands of attempts to gain access without authorization to the computer network systems of the Organization, and in so doing, impaired the availability of the email accounts and web-based applications of more than 10 employees of the Organization.

From June 2015 to July 2015, computers associated with two internet protocol addresses subscribed to SEDLAK at SEDLAK’s residence in Florida (the “IP Addresses”) made nearly 400,000 attempts to gain unauthorized access to the Organization’s computer network. As a result, numerous Organization employees experienced difficulty accessing their Organization email accounts, and were disrupted in their ability to conduct regular business functions. In particular, between June 22 and July 8, 2015, from one of the IP Addresses, there were approximately 195,000 attempts to log into approximately 20 email accounts of the Organization. Between July 8 and July 10, 2015, from the other IP Address, there were an additional approximately 195,000 attempts to log into approximately six email accounts of the Organization. SEDLAK has never been employed by the Organization, and was not authorized to access any email accounts of the Organization.

On September 11, 2015, U.S. Secret Service (“USSS”) agents executed a search warrant at the Sedlak Residence, from which they seized 42 computers and electronic devices (the “Sedlak Computers”). The forensic examination of the Sedlak Computers revealed that 31 devices contained known hacking software and/or artifacts, indicating they were used in attempts to gain unauthorized access to a network. The forensic examination of the Sedlak Computers also revealed that at least 11 personal email accounts were successfully accessed without authorization. The email accounts belong to individuals in the United States and abroad, none of whom are known to be associated with the Organization. In addition, unsuccessful attempts to gain unauthorized access to over 1,000 entities and IP addresses were uncovered. SEDLAK targeted international and domestic victim entities, including charitable organizations, political organizations, law firms, financial firms, and businesses. When he was interviewed by USSS agents, Sedlak claimed that he hoped to sell the information he found.

* * *

SEDLAK, 44, of Ocoee, Florida, was sentenced to 18 months in prison, to be followed by three years of supervised release. The defendant’s right, title, and interest in specific property seized by the USSS – including 31 electronic devices – was ordered to be forfeited to the United States.

Mr. Kim praised the investigative work of the United States Secret Service.

The prosecution of this case is being handled by the Office’s Complex Frauds and Cybercrime Unit. Assistant United States Attorneys Kristy J. Greenberg and Jennifer L. Beidel are in charge of the prosecution.