In its complaint, filed in U.S. District Court in San Jose, Facebook named Istra Holdings Inc., doing business as SlickCash and 1564476 Ontario Ltd., as well as Brian Fabian and Josh Raskin of Toronto, Ming Wu of Markham, Ontario, and 14 John Doe defendants.
According to the complaint, beginning sometime in June, the defendants used a single IP address to send “more than 200,000 separate page requests to Facebook,” in order to get Facebook computers to send back information on Facebook users.
Facebook alleged in its complaint that the defendants used an automated script in an attempt to “harvest information from other Facebook users,” and “proprietary information belonging to Facebook.”
“As a direct and proximate result of the unauthorized access to Facebook’s proprietary computer network by the defendants. Facebook has incurred substantial damages in excess of $5,000,” Facebook said in the complaint.
Facebook said the unauthorized access to the ISP responsible for administering the IP address from which the requests were sent, after which the ISP “blocked the offending IP address from accessing IP addresses associated with Facebook’s proprietary computer system,” but that blockage merely interrupted the unauthorized access attempts, which continued to occur from a different IP address.
“Facebook continued to detect similar unauthorized attempts to access its computer network and obtain its proprietary information originating from other IP addresses that upon information and belief originated from defendants,” Facebook alleged.
According to the complaint, multiple pieces of information tie SlickCash and several of its employees to the unauthorized access attempts, including the fact that one of the suspect IP addresses was “assigned to a dedicated single server named ‘slick17.’” Contact information associated with various IP addresses and servers also indicated a connection to SlickCash, according to Facebook.
“Defendant Brian Fabian signed the web hosting agreement on behalf of defendant 1564476 Ontario Ltd. as its ‘director,’” Facebook said in its complaint. “The web hosting agreement and related billing correspondence produced by the ISP also listed defendant Josh Raskin as the contact person for the web hosting agreement.”
The complaint alleged that the defendants have violated the Computer Fraud and Abuse Act, the California Comprehensive Computer Data Access and Fraud Act and breach of contract for alleged violations of Facebook’s terms of service.
Facebook’s complaint was originally filed in June and an amended complaint was filed Dec. 12, after Facebook obtained court orders enabling them to collect information concerning who operated the servers that were used in the attempts to gain unauthorized access to Facebook.com.
Attorneys at Perkins Coie, the law firm representing Facebook in the case, declined to comment on the lawsuit, but confirmed that SlickCash has not yet responded to the complaint.
Facebook representatives declined to answer questions pertaining to the lawsuit, saying only that they “do not comment on pending litigation.” Representatives of SlickCash were unavailable for comment at press time.