Google LLC v. Saeed et al.
Filing
34
FINAL DEFAULT JUDGMENT AND ORDER FOR PERMANENT INJUNCTION: On application for Default Judgment by Plaintiff Google LLC, brought on by Order to Show Cause dated May 25, 2023, and returnable before the Honorable Valerie E. Caproni, United States Dist rict Judge, and Defendants Zubair Saeed, Raheel Arshad, Mohammad Rasheed Siddiqui, and Does 1 through 15, having been duly noticed of the proceeding and the Defendant having not appeared in opposition to the Order, and the Court having found defaul t judgment to be appropriate. IT IS HEREBY ORDERED that Defendants are in default, and that judgment is awarded in favor of Google and against Defendants Zubair Saeed, Raheel Arshad, Mohammad Rasheed Siddiqui, and Does 1 through 15. IT IS FURTHER O RDERED that Defendants, any of their officers, agents, servants, employees, attorneys, and all others in active concert or participation with them, who receive actual notice of this Order by personal service or otherwise including email and text (& quot;Restrained Parties"), are permanently restrained and enjoined from, anywhere in the world: As further set forth by this Order. Security for Temporary Restraining Order. IT IS FURTHER ORDERED that Googles $75,000 bond submitted to th e Clerk be returned to Google. So ordered. The Clerk of Court is respectfully directed to terminate all open motions and to CLOSE this case. (Signed by Judge Valerie E. Caproni on 6/23/2023) (tg) Transmission to Finance Unit (Cashiers) for processing.
USDC SDNY
DOCUMENT
ELECTRONICALLY FILED
DOC #:
DATE FILED: 6/23/2023
UNITED STATES DISTRICT COURT
SOUTHERN DISTRICT OF NEW YORK
Google LLC,
Plaintiff,
-against-
Civil Action No. 1:23-cv-03369-VEC
Zubair Saeed; Raheel Arshad; Mohammad
Rasheed Siddiqui; and Does 1–15,
Defendants.
[PROPOSED] FINAL DEFAULT JUDGMENT
AND ORDER FOR PERMANENT INJUNCTION
Plaintiff Google LLC has filed a motion for Default Judgment and a Permanent
Injunction to enjoin Defendants Zubair Saeed, Raheel Arshad, Mohammad Rasheed Siddiqui,
and Does 1 through 15—through their participation in, and operation of, the Malware
Distribution Enterprise—from continuing to distribute malware to infect new devices, control
and operate a botnet, and carry out criminal schemes.
Google filed a Complaint alleging claims under: (1) the Racketeer Influenced and
Corrupt Organizations Act, 18 U.S.C. §§ 1962(c)-(2) (Count I); (2) the Computer Fraud and
Abuse Act, 18 U.S.C. § 1030 (Count II); (3) the Lanham Act, 15 U.S.C. § 1114 (Count III); the
Lanham Act, 15 U.S.C. § 1125(a) (Count IV); and tortious interference with business
relationships (Count V).
THE COURT HEREBY FINDS THAT:
Jurisdiction and Venue
1.
This Court has federal question jurisdiction over Google’s claims under RICO,
the Computer Fraud and Abuse Act, and the Lanham Act under 28 U.S.C. § 1331. This Court
also has jurisdiction over the Lanham Act under 28 U.S.C. § 1338 and 15 U.S.C. § 1121. This
Court has supplemental jurisdiction over the state law claims under 28 U.S.C. § 1367.
2.
This Court has personal jurisdiction over the Defendants because:
a.
The Defendants distribute malware to Google users in this district and
within New York State;
b.
The Defendants send commands to infected user computers in this district
and within New York State to carry out their illicit schemes;
c.
Google’s Complaint and moving papers demonstrate that the Defendants
undertook these activities intentionally and with knowledge that their
actions would cause harm to users in New York and cause Google harm in
New York. Google does business in New York and has done business in
New York for many years.
3.
Venue is proper in this judicial district under 28 U.S.C. § 1391(c) because
Defendants are not residents of the United States and may be sued in any judicial district. Venue
is also proper in this judicial district under 28 U.S.C. § 1391(b) and 18 U.S.C. § 1965 because a
substantial part of the events or omissions giving rise to Google’s claims occurred in this judicial
district, because a substantial part of the property that is the subject of Google’s claims is
situated in this judicial district, because a substantial part of the harm caused by Defendants has
occurred in this judicial district, and because Defendants transact their affairs in this judicial
district. Moreover, Defendants are subject to personal jurisdiction in this district and no other
venue appears to be more appropriate.
4.
The Complaint pleads fact with the specificity required by the Federal Rules and
states claims against Defendants for violations of (1) the Racketeer Influenced and Corrupt
-2-
Organizations Act, 18 U.S.C. §§ 1962(c)–(2) (Count I); (2) the Computer Fraud and Abuse Act,
18 U.S.C. § 1030 (Count II); (3) the Lanham Act, 15 U.S.C. § 1114 (Count III); the Lanham Act,
15 U.S.C. § 1125(a) (Count IV); and tortious interference with business relationships (Count V).
Default Judgment
5.
Defendants were served by means approved by the Court and failed to timely
appear, plead, or otherwise defend against this Action. The requisite time of 21 days between
Service of the Summons and Complaint has elapsed. The Clerk properly entered default pursuant
to Rule 55(a) on May 18, 2023. ECF No. 27. The evidence indicates that no Defendant is an
infant or incompetent.
A Permanent Injunction is Warranted
6.
The Court finds that Google has established each of the factors required for a
permanent injunction: (1) it has suffered an irreparable injury; (2) remedies available at law are
inadequate to compensate for that injury; (3) in light of the hardships between the plaintiff and
defendant, a remedy in equity is warranted; and (4) the public interest would not be disserved by
a permanent injunction. World Wide Polymers, Inc. v. Shinkong Synthetic Fibers Corp., 694 F.3d
155, 160–161 (2d Cir. 2012) (citing eBay Inc. v. MercExchange LLC, 547 U.S. 388, 391 (2006)).
The Court also finds that Google has established actual success on the merits of each of its
claims. Amoco Prod. Co. v. Vill. Of Gambell, AK, 480 U.S. 531, 546 n.12 (1987) (“The standard
for a preliminary injunction is essentially the same as for a permanent injunction with the
exception that the plaintiff must show a likelihood of success on the merits rather than actual
success.”); Ognibene v. Parkes, 671 F.3d 174, 182 (2d Cir. 2011) (quoting Amoco).
Irreparable Harm
7.
Google has established that it was irreparably injured and that legal remedies are
inadequate to compensate for that harm. In particular, it has shown that the Defendants—through
-3-
their participation in, and operation of, the Malware Distribution Enterprise—have threatened the
security of the Internet, including Google platforms, by transmitting malware through the
Internet to configure, deploy, and operate a botnet, as well as to distribute cracked software. The
Enterprise has distributed malware on devices of Google users, compromising the security of
those devices and continues to issue commands to those devices to carry out criminal activities,
such as selling access to Google user accounts.
8.
The Defendants are responsible for distributing a botnet that has infected
approximately 672,220 CryptBot victim devices in the U.S. in the last year. At any moment, the
botnet’s extraordinary computing power could be harnessed for other criminal schemes.
Defendants could, for example, enable large ransomware or distributed denial-of-service attacks
on legitimate businesses and other targets. Defendants could themselves perpetrate such a
harmful attack, or they could sell access to the botnet to a third party for that purpose.
9.
In addition, Defendants’ conduct is infringing Google’s trademarks, injuring
Google’s goodwill, and damaging its reputation by creating confusion as to the source of the
CryptBot malware because Defendants infringe, among others, Google’s Google Earth Pro and
Google Chrome marks that are used to distribute cracked versions of those applications leading
to the installation of malware. This constitutes irreparable harm.
Adequacy of Remedies at Law
10.
The harm done to Google and its customers would not and cannot be remedied by
purely monetary damages, and Google has established that a remedy at law is inadequate for the
injuries identified in its moving papers, Complaint, and the accompanying evidence.
Balance of the Hardships
11.
The equities also favor a permanent injunction. There is no countervailing factor
weighing against a permanent injunction as there is no legitimate reason why Defendants should
-4-
be permitted to continue to disseminate malware and cracked software and manipulate infected
computers to carry out criminal schemes.
Public Interest
12.
Google has shown that the public interest favors granting a permanent injunction.
Protection from malicious cyberattacks and other cybercrimes is strongly in the public interest.
And the public interest is clearly served by enforcing statutes designed to protect the public, such
as RICO, the CFAA, and the Lanham Act.
Google Has Established Actual Success On The Merits Of Each Of Its Claims
13.
CFAA. Defendants violated the Computer Fraud and Abuse Act. The CFAA
prohibits, among other things, knowingly and with intent to defraud trafficking in any password
or similar information through which a computer may be accessed without authorization if such
trafficking affects interstate or foreign commerce. 18 U.S.C. § 1030(a)(6)(A). Defendants
knowingly and with intent to defraud accessed users’ computers operating in interstate
commerce through the Internet, without authorization, to infect them with malware. They did so
to obtain information such as account credentials, for the purposes of selling those credentials to
others. This has affected well over ten computers within a one-year span and resulted in damages
significantly in excess of $5,000.
14.
Lanham Act. Defendants violated Sections 32 and 43(a) of the Lanham Act
because they have infringed and wrongfully used the Google Marks (as defined in ¶¶ 7–9 of the
Complaint). See 15 U.S.C. §§ 1114, 1125(a). Google owns a number of federal registrations for
the Google Marks used by the Defendants sufficient to show these are valid marks entitled to
protection. Additionally, Defendants’ conduct in using copies, reproductions, and/or counterfeits
of the Google Marks to distribute cracked versions of software further containing malware,
-5-
including CryptBot, is likely to confuse or deceive users as to the origin or affiliation of the
cracked software and malware within.
15.
RICO. Defendants have violated the RICO statute.
a.
Google has shown that each Defendant is an active participant in the
distribution and operation of the CryptBot botnet as well as illegally
cracked software, and leverage the Cracked Software Sites to distribute
the botnet.
b.
Defendants Zahid Saeed, Raheel Arshad, and Mohammad Rasheed
Siddiqui each manage and market one or more of the Cracked Software
Sites.
c.
Defendants Zahid Saeed, Raheel Arshad, and Mohammad Rasheed
Siddiqui are also all associated with the Cracked Software Sites’ primary
web hosting company, known as Offshoric.
d.
Google has established that Defendants have formed an enterprise.
Defendants share a common purpose to spread malware via cracked
software to build a botnet that is deployed for numerous criminal schemes
for profit. Defendants work together to accomplish this purpose, each
playing a role as described above.
e.
Google has established that Defendants have engaged in a pattern of
racketeering activity. The predicate acts include a violation of the
Computer Fraud and Abuse Act, 18 U.S.C. § 1030(a)(5)(A). Defendants
have violated and will continue to violate the CFAA, resulting in damage
as defined in § 1030(c)(4)(A)(i)(VI), by infecting computers with
-6-
malware, transmitting to such protected computers programs designed to
carry out their schemes, and transmitting to such protected computers
commands to infected computers. For instance, Defendants have
transmitted commands to protected computers through the Internet,
thereby causing damage to those computers and enabling the Malware
Distribution Enterprise to utilize these computers in its criminal schemes.
Google is also likely to succeed on the merits of showing that the
Defendants have committed predicate acts including violations of the
federal wire fraud statute, 18 U.S.C. § 1343, federal identity fraud statute,
18 U.S.C. § 1028(a)(7), and federal access device fraud statute, 18 U.S.C.
§§ 1029(a)(2), (3).
f.
Google has suffered injury to its business or property as a result of these
predicate offenses.
16.
Google has also established that Defendants are liable for a New York common
law claim for tortious interference with business relationships.
FINAL JUDGMENT AND PERMANENT INJUNCTION
On application for Default Judgment by Plaintiff Google LLC, brought on by Order to
Show Cause dated May __,
25 2023, and returnable before the Honorable Valerie E. Caproni,
United States District Judge, and Defendants Zubair Saeed, Raheel Arshad, Mohammad Rasheed
Siddiqui, and Does 1 through 15, having been duly noticed of the proceeding and the Defendant
having not appeared in opposition to the Order, and the Court having found default judgment to
be appropriate.
-7-
IT IS HEREBY ORDERED that Defendants are in default, and that judgment is
awarded in favor of Google and against Defendants Zubair Saeed, Raheel Arshad, Mohammad
Rasheed Siddiqui, and Does 1 through 15.
IT IS FURTHER ORDERED that Defendants, any of their officers, agents, servants,
employees, attorneys, and all others in active concert or participation with them, who receive
actual notice of this Order by personal service or otherwise including email and text (“Restrained
Parties”), are permanently restrained and enjoined from, anywhere in the world:
1.
Intentionally accessing and sending malicious code to the protected computers of
Google’s customers, without authorization;
2.
Intentionally designing malicious software to target any Google product or users
of the same;
3.
Sending malicious code to configure, deploy, and operate a botnet;
4.
Attacking and compromising the security of the computers and networks of
Google’s users;
5.
Stealing and exfiltrating information from computers and computer networks;
6.
Creating websites that falsely indicate that they are associated with Google or any
other Google affiliate, through use of the Google Marks and/or other false and/or misleading
representations;
7.
Creating or maintaining websites that advertise or distribute “pirated,” “cracked,”
or otherwise altered versions of proprietary software, including but not limited to the websites
associated with the domains listed in Appendix A to Google’s Complaint;
8.
Configuring, deploying, operating, or otherwise participating in or facilitating the
botnet described in the TRO application, including but not limited to the command-and-control
-8-
(“C2”) servers hosted at and operating through the domains listed in Appendix B to Google’s
Complaint and through any other component or element of the botnet in any location;
9.
Delivering malicious code designed to steal credentials and cookies;
10.
Monitoring the activities of Google or Google’s users and stealing information
from them;
11.
Selling access to the accounts of Google’s users;
12.
Corrupting applications on victims’ computers and networks, thereby using them
to carry out the foregoing activities;
13.
Misappropriating that which rightfully belongs to Google, Google’s users, or in
which Google has a proprietary interest; and
14.
Using, linking to, transferring, selling, exercising control over, or otherwise
owning or accessing the domains attached in Appendix A or Appendix B to the Complaint;
15.
Using, transferring, exercising control over, or accessing any accounts used in the
transfer of money or electronic currency, including cryptocurrency, or in the processing of cardbased transactions, as a means to further Defendants’ unlawful schemes;
16.
Undertaking any similar activity that inflicts harm on Google, Google’s
customers, or the public.
Upon service via mail, email or text, the Defendants and other Restrained Parties shall be
deemed to have actual notice of the issuance and terms of the permanent injunction, and by any
of the Restrained Parties in violation of any of the terms of the permanent injunction may be
considered and prosecuted as contempt of Court.
IT IS FURTHER ORDERED that Defendants, their representatives and persons who
are in active concert or participation with them are permanently enjoined from:
-9-
1.
Using and infringing the Google Marks, including specifically Google’s Google
Earth Pro and Google Chrome marks;
2.
Using in connection with Defendants’ activities, products or services with any
false or deceptive designation, representations or descriptions of Defendants or any of their
activities, whether by symbols, words, designs or statements, which would damage or injure
Google or its users or give Defendants an unfair competitive advantage or result in deception of
consumers; and
3.
Acting in any other manner which suggests in any way that Defendants’ activities,
products or services come from or are somehow sponsored by or affiliated with Google, or
passing off Defendants’ activities, products or services as Google’s.
IT IS FURTHER ORDERED that Google may serve this Order on the persons and
entities providing services to the domains identified in Appendix A or Appendix B to the
Complaint, requesting that those persons and entities take reasonable best efforts to implement
the following actions:
1.
Take reasonable steps to identify incoming and/or outgoing Internet traffic on
their respective networks that originates and/or is being sent from the domains identified in
Appendix A or Appendix B to the complaint;
2.
Take reasonable steps to block incoming or outgoing Internet traffic on their
respective networks that originate or are being sent from the domains identified in Appendix A
or Appendix B to the Complaint by Defendants or Defendants’ representatives or resellers,
except as explicitly provided for in this Order;
-10-
3.
Take other reasonable steps to block such traffic to and/or from any other IP
addresses or domains to which Defendants may move the botnet infrastructure, to ensure that
Defendants cannot use such infrastructure to control the botnet;
4.
Take other reasonable steps to block such traffic to and/or from any other IP
addresses or domains to which Defendants use for websites distributing cracked or pirated
software, to ensure Defendants cannot use such infrastructure to distribute malware;
5.
Disable completely the computers, servers, electronic data storage devices,
software, data or media assigned to or otherwise associated with the domains set forth in
Appendix A or Appendix B to the Complaint and make them inaccessible from any other
computer on the Internet, any internal network, or in any other manner, to Defendants,
Defendants’ representatives or resellers, and all other persons, except as otherwise ordered
herein;
6.
Completely, and until further order of this Court, suspend all services to
Defendants or Defendants’ representatives or resellers associated with the domains set forth in
Appendix A to the Complaint;
7.
Refrain from providing any notice or warning to, or communicating in any way
with Defendants or Defendants’ representatives and refrain from publicizing this Order until the
steps required by this Order are executed in full, except as necessary to communicate with
hosting companies, data centers, Google, or other ISPs to execute this Order;
8.
Not enable, and take all reasonable steps to prevent, any circumvention of this
order by Defendants or Defendants’ representatives associated with the domains, including
without limitation to enabling, facilitating, and/or allowing Defendants or Defendants’
-11-
representatives or resellers to rent, lease, purchase, or otherwise obtain other domains and IP
addresses associated with your services;
9.
Preserve, retain, and produce to Google all documents and information sufficient
to identify and contact Defendants and Defendants’ representatives operating or controlling the
domains set forth in Appendix A or Appendix B to the Complaint including any and all
individual or entity names, mailing addresses, email addresses, facsimile numbers, telephone
numbers or similar contact information, including but not limited to such contact information
reflected in billing, usage, access and contact records and all records, documents and logs
associated with the use of or access to such domains;
10.
Provide reasonable assistance in implementing the terms of this Order and take no
action to frustrate the implementation of this Order; and
11.
Completely preserve the computers, servers, electronic data storage devices,
software, data or media assigned to or otherwise associated with the domains set forth in
Appendix A to the Complaint and preserve all evidence of any kind related to the content, data,
software or accounts associated with such domains and computer hardware.
12.
IT IS FURTHER ORDERED that Google may serve this Order upon such
persons as Google determines are necessary to address and enjoin activity associated with
domains and IP addresses identified by Google as being used in connection with the Enterprise,
its activities and its botnet, without seeking further leave of the court.
-12-
Security for Temporary Restraining Order
IT IS FURTHER ORDERED that Google’s $75,000 bond submitted to the Clerk be
returned to Google.
So ordered.
Date: 6/23/2023
VALERIE E. CAPRONI
United States District Judge
The Clerk of Court is respectfully directed to terminate all open motions and to CLOSE this case.
-13-
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?