Cybercrime
,
Fraud Management & Cybercrime
Prosecutors Say Charles Littlejohn Developed ‘Detailed Plan’ to Evade Detection
A man sentenced to five years in prison for leaking Donald Trump’s tax returns developed a “sophisticated, detailed plan” to evade detection by law enforcement while secretly downloading the former president’s data from an Internal Revenue Service database, according to court filings.
See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government
Charles Littlejohn said at his Monday sentencing that he had “acted out of a sincere misguided belief” and was “aware of the potential consequences” he would face after stealing Trump’s tax returns and leaking the information to multiple news outlets. Littlejohn, who previously worked at a consulting firm with IRS contracts, stole sensitive tax data belonging to “thousands of the nation’s wealthiest people,” according to his plea agreement.
Prosecutors alleged that Littlejohn had sought to avoid detection by IRS protocols triggered by large downloads or uploads from tax agency systems. Prosecutors said he “exploited a loophole” by uploading stolen tax return information to a private website he controlled, later downloading the information on his personal computer. He configured an Apple iPod as a personal hard drive to house the stolen tax data.
Littlejohn also took steps to avoid detection of his search for the former president’s returns, avoiding obvious queries such as Trump’s name. He instead used “more generalized parameters,” the prosecutors alleged.
They said Littlejohn joined the IRS contractor firm in 2017 “with the goal of getting access to taxpayer information” on Trump, all the while “plotting and calculating carefully at each step to minimize the risk of detection.” He then waited until November 2018 to upload the returns to his private website and began disclosing the information to news outlets a year later.
Eventually, the prosecutors said, Littlejohn’s “criminal objectives expanded,” and in 2020 he began accessing and disclosing IRS data associated with thousands of wealthy individuals.
Littlejohn used two virtual machines that prosecutors described as “essentially simulated versions of physical computers” in order to conceal his activities, uploading the IRS data to his personal site through the digital devices rather than his own personal systems. He then sent the troves of data to a news organization “by mailing it on a password-protected personal data storage device,” according to his plea agreement, and later provided a journalist at the outlet with the device’s password.
U.S. District Judge Ana Reyes decried Littlejohn’s actions while sentencing him to the maximum 60-month sentence Monday. She described his crime as “the biggest heist in IRS history” and compared it to the deadly Jan. 6 insurrection.
“What you did in attacking the sitting president of the United States was an attack on our constitutional democracy,” Reyes said. She reportedly added, “It engenders the same fear that Jan. 6 does.”