Sony Computer Entertainment America LLC v. Hotz et al

Filing 114

Declaration of Alexander Stamos in Reply of Defendant Hotz to 103 SCEA's Opposition Brief filed byGeorge Hotz. (Attachments: # 1 Exhibit A)(Kellar, Stewart) (Filed on 3/25/2011) Modified on 3/28/2011 (ys, COURT STAFF).

Download PDF
Sony Computer Entertainment America LLC v. Hotz et al Doc. 114 YASHA HEIDARI (GA Bar No. 110325) Heidari Power Law Group LLC 2 PO Box 79217 3 Atlanta, Georgia 30357 1 4 5 6 7 8 9 10 STEWART KELLAR (SBN 267747) E-ttorney at Law 148 Townsend Street, Suite 2 San Francisco, California 94107 Telephone: (415) 742-2303 JACK C. PRAETZELLIS (SBN 267765) MBVLAWLLP 855 Front Street San Francisco, California 94111 Telephone: 415-781-4400 Facsimile: 415-989-5143 Attorneys for Defendant George Hotz UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA SAN FRANCISCO DIVISION n 12 1 3 1 4 1 5 1 6 1 7 1 8 1 9 20 21 22 SONY COMPUTER ENTERTAINMENT AMERICA LLC, a Delaware limited liabil ity company, Plaintiff, v. GEORGE HOTZ, etal., Defendants. Case No. 11-CV-000167 SI DECLARATION OF ALEXANDER STAMOS IN REPLY TO SCEA'S OPPOSTIONTO DEFENDANT HOTZ'S MO TION TO DISMISS 23 24 25 26 27 28 Declaration of Alexander Stamos (No. 11-CV-00167-SI) 1 2 3 4 I, Alexander Stamos, declare: 5 l. I am of required age and competent in all respects to testify regarding the 6 matter set forth herein. I am a Vice President and Chief Technical Officer at iSEC Part7 ners, an agent for counsel of record for defendant George Hotz in the above-captioned 8 matter. The relationship between iSEC Partners and Stewart Kellar is governed by a mu9 tual nondisclosure agreement to provide eDiscovery, data analysis, and project support 10 upon request. I have personal knowledge of the facts stated herein and know them to be n true. And if called as a witness could and would testify competently thereto. 12 2. iSEC Partners (iSEC) is an information security consulting firm headquar13 tered in San Francisco, with offices in Seattle and New York. Our work includes software 14 assurance, infrastructure penetration testing, code review, incident response and foren15 sics. Our clients include Microsoft, Oracle, eBay, McKesson,, Google, Au16 todesk, Charles Schwab, JPMorgan Chase, Bank of America, Wells Fargo, ING Direct 17 and Motorola. 18 3.I am a co-founder of iSEC Partners, which we formed in October 2004. 19 Before founding iSEC Partners I worked as a Managing Security Consultant with the se20 curity consultancy @stake, and I was the security lead at Loudcloud, a managed hosting 21 provider. I have also worked for the EO Lawrence Berkeley National Laboratory. I hold 22 a BS in Electrical Engineering and Computer Science from the University of California, 23 Berkeley, where my studies included graduate classes in networking and computer secu24 rity. I was awarded a Certified Information Systems Security Professional (CISSP) certi25 flcation in April 2003. I am a frequent speaker at leading security and technology 26 conferences, such as Black Hat USA, CanSecWest, Microsoft BlueHat, the Web 2.0 Expo, 27 CTIA, OWASP App Sec, and the Financial Services Information Sharing and Analysis 28 Center (FS-ISAC). I have also spoken on the topic of computer forensics to private audi-2- Declaration of Alexander Stamos (No. n-cv-000167 SI) 4841-7608-3208, V. 1 1 ences at the FBI's Regional Computer Forensics Laboratory, and the Federal Reserve 2 Banks in New York and Boston. 3 4. On Thursday, March 24,2011 iSEC Partners was contracted to perform a 4 technical analysis of raw data weblogs provided by BlueHost, Inc. Specifically, we were 5 asked to isolate log entries that listed <> or a subdomain and included a re6 quest for "jailbreakzip" 7 5. On March 24, 2011 iSEC Partners received this data on a USB Flash Drive 8 from Stewart Kellar at our San Francisco office. The log data was copied to several se9 cure workstations for analysis by myself and two colleagues under my direction and su10 pervision. All of our work was done with standard UNIX text manipulation and search 11 commands, such as grep, awk, find and sort. 12 6. We decompressed the provided files and separated out the logs for applica13 tions other than the <> web server. We then created a temporary file con14 taining only requests involving the "jailbreakzip" file. 15 7. We examined this temporary file for all possible HTTP methods and identi16 fled four in use: HEAD, GET, POST, and OPTIONS. As GET and POST are the only two 17 requesting methods for which the data will be returned, we extracted only 18 requests using these two methods into a new intermediate file. From here we were able 19 to split the file according to response code and calculate the total number of requests. 20 8. We found that a grand total of 1,136,409 requests were made globally for 21, not accounting for unique IPs. Over the entire period covered by these logs 22 323,518 global unique IP addresses successfully downloaded 23 9. We also separated the requests based upon the time periods in Mr. Brick24 er's declaration. We condensed down the requests to unique IPs seen in each time peri25 od for each response, meaning that uniqueness of IPs was not enforced globally. We 26 believe this to be the criteria used by Mr. Pierce as best we can determine from his decla27 ration. Using this criteria, we found the number of IPs that attempted to download jail28 from <> to be: -3- Declaration of Alexander Stamos (No. 11-CV-000167SI) 4841-7608-3208, V. 1 1 a. 1/8/2011 - 1/12/2011:162,510 unique IPs 2 (I5659 were unsuccessful, 160,851 were 200,206 or 304 downloads) 3 b. 1/13/2011 - 1/27/2011: 217,411 unique IPs requested jailbreakzip 4 (4,003 were unsuccessful, 213,408 were 200, 206 or 304 downloads) 5 c. 1/28/2011-3/7/2011: 96,408 unique IPs requested jailbreakzip 6 (96,407 returned HTTP Code 404, unsuccessful downloads and 1 request re7 turned Code 200. We believe this to be an anomaly caused by a malformed re8 quest and not a successful download 9 10. The numbers in 9a, 9b, and 9c above do not sum up to the number of glob10 al unique IPs specified in paragraph 8 due to the ordering of operations to match the 11 Pierce declaration. 12 11. In the Declaration of Ryan Bricker, I understand that Mr. Bricker consid13 ered HTTP codes 200, 206, and 304 to be "successful downloads" of jailbreakzip from 14 <>. According to the specification of the Hypertext Transfer Protocol version 15 1.1 (HTTP 1.1), codified in RFC 2616 <>, only 16 response codes of the 2XX family are consider "successful", where "This class of status 17 code indicates that the client's request was successfully received, understood, and ac18 cepted." The 304 response indicates that the requested resource was "Not Modified" and 19 the specification states "The 304 response MUST NOT contain a message-body". This 20 means that this response could not have contained any portion of the jailbreakzip file 21 and should not be counted as a successful download of the file. Nevertheless, we have 22 included 304 responses in our count above for comparability with Mr. Bricker's declara23 tion. 24 12. We delivered our results from analyzing these logs in an Excel spreadsheet 25 delivered to Mr. Kellar, attached here as Exhibit A. 26 27 28 -4- Declaration of Alexander Stamos (No. 11-CV-000167SI) 4841-7608-3208, V. 1 1 2 3 4 5 6 7 8 I declare under penalty of perjury on this date under the laws of the United States of America in San Carlos, California that the foregoing is true and correct. Dated: March 25, 2011. 9 10 Alexander Stamos, VP^antfCTO n 1 2 484I-7608-3208, V. 2 1 3 1 4 1 5 1 6 1 7 18 1 9 20 21 22 23 24 25 26 27 28 -54841-7608-3208,V. 1 Declaration of Alexander Stamos (No. 11-CV-000167SI)

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?