Broidy v. Glob. Risk Advisors LLC
| Decision Date | 31 March 2021 |
| Docket Number | 1:19-cv-11861 (MKV) |
| Parties | ELLIOTT BROIDY and BROIDY CAPITAL MANAGEMENT, LLC, Plaintiffs, v. GLOBAL RISK ADVISORS LLC, GRA MAVEN LLC, GRA QUANTUM LLC, GLOBAL RISK ADVISORS EMEA LIMITED, GRA RESEARCH LLC, QRYPT, INC., KEVIN CHALKER, DENNIS MANDICH, ANTONIO GARCIA, and COURTNEY CHALKER, Defendants |
| Court | U.S. District Court — Southern District of New York |
This action is at least the fourth attempt by Plaintiff Elliott Broidy and his investment firm Broidy Capital Management ("BCM") to hold responsible certain actors whom he claims hacked into email servers and then distributed confidential data. Broidy claims that Defendants here were hired by the nation of Qatar to perform the hacking after Broidy's public condemnation of the country. In other actions, Broidy sued the nation of Qatar itself, a public relations firm and its employees and agents, and a diplomat, all of whom are alleged to have participated in the alleged scheme. This action takes aim at a cybersecurity firm that Broidy alleges did the actual "hacking" of his and his company's information.
Defendants have moved to dismiss Broidy's First Amended Complaint on both jurisdictional and substantive grounds. Specifically, Defendants allege that they are either immune from liability due to "derivative foreign immunity" or are not subject to personal jurisdiction here. In addition, Defendants argue that Broidy has failed adequately to plead his claims and has engaged in improper claim splitting and jurisdiction shopping. For the reasons that follow, Defendant's motion to dismiss is GRANTED.
The facts as stated herein are drawn from Plaintiff's First Amended Complaint, ECF No. 57 ("AC"), and are assumed to be true for the purpose of the Motion. See Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009).
Plaintiff Elliott Broidy is the Chief Executive Officer and Chairman of BCM. AC ¶ 14. Outside that role, he has long been an active member of numerous political and philanthropic organizations, including serving on the U.S. Department of Homeland Security's Advisory Council, in leadership roles in the Republican Party, and as a major donor to the Joint Regional Intelligence Center. AC ¶¶ 14, 31. Both in these positions and on his own time, Broidy advocates against the nation of Qatar as a state-sponsor of terrorism and, in turn, a threat to U.S. national security. AC ¶¶ 32-34. Broidy further alleges that he was influential in shaping the U.S. stance toward Qatar during the Trump Administration, including by influencing remarks by then-President Trump that Qatar was a "funder of terrorism at a very high level." AC ¶¶ 35-36.
As alleged in the First Amended Complaint, Qatar sought to silence Broidy in an effort to influence U.S. policy regarding relations with the country. AC ¶ 59. To do so, Qatar hired a public relations firm Stonington Strategies LLC and certain others to "develop[] and implement[] [] a government relations strategy for Qatar." AC ¶ 60. Broidy alleges that the Chief Executive Officer of Stonington Strategies, Nicholas Muzin, "identified and described Mr. Broidy to the Qatari government as impediments to Qatar's foreign policy interests in the United States." AC ¶ 65.
Broidy alleges that upon learning of his role Qatar retained Defendant Global Risk Advisors ("GRA") to execute a hack of Broidy's personal systems and those devoted to BCM. AC ¶ 73. Broidy further alleges that Qatar already had a relationship with GRA, after the firm had performed other hacking activities for Qatar, especially in relation to Qatar's efforts to host the 2022 FIFA World Cup. AC ¶ 68. At Qatar's direction, GRA designed a "spear phishing" campaign to hack and steal Broidy's confidential communications.1 AC ¶ 75.
GRA first targeted Broidy's wife with spear phishing emails. First, GRA targeted Broidy's wife, Robin Rosenzweig, through her personal Gmail email address, with emails designed to appear as though they were security alerts sent by Google. AC ¶¶ 77-78. When Ms. Rosenzweig clicked on the links contained in the emails, however, she was redirected to a counterfeit Google login cite, which recorded her credentials. AC ¶¶ 79-80. Defendants then used the captured credentials to modify Ms. Rosenzweig's Gmail account (to prevent her from discovering the hack) and to recover her login credentials to BCM's servers. AC ¶¶ 81-82.
Defendants executed a similar attack on Broidy's executive assistant. GRA allegedly sent Broidy's assistant similar falsified Google security alerts, including at least one with her picture and phone number. AC ¶¶ 84-85. Similar to Ms. Rosenzweig, when Broidy's assistant clicked on links contained in the email, she was redirected to a counterfeit Google login site where her credentials were captured by GRA. AC ¶¶ 86-87.
After obtaining access to the Gmail accounts of Ms. Rosenzweig and Broidy's assistant, and using the information it gained from those accounts, GRA gained access to BCM's servers. AC ¶¶ 88-89. Broidy alleges that GRA and its agents maintained access to the server forapproximately a month in early 2018 and, during that time, accessed attorney-client information, corporate documents, business plans, trade secrets, and other information. AC ¶ 90. Defendants accessed Plaintiffs' servers while masking their IP addresses using Virtual Private Network and Virtual Private Server ("VPN") technologies. AC ¶ 93. However, during a forensic investigation of the hack, Plaintiff determined that hacks were also occurring from IP addresses registered to locations in Vermont (on twelve occasions from two different addresses), Qatar (two occasions from the same address), and, on one occasion, an event space in Harlem, New York City. AC ¶¶ 96-98. Importantly, Broidy alleges that GRA and its agents likely visited the U.S.-based locations only once. However, they obtained remote access to the addresses such that they could physically be located anywhere, but the hacks would be located at the remote locations. AC ¶ 99.
After accessing Plaintiffs' documents, GRA and its agents disseminated them to media outlets and synchronized their efforts with the public relations team at Stonington Strategies. AC ¶¶ 100-107. The materials from the hacks of Plaintiffs' systems were used to lend legitimacy to forged documents and contracts purporting to show Broidy's business dealings with U.S. government-sanctioned companies. AC ¶¶ 109, 111. The forged documents were then reported by media organizations, including Al-Jazeera. AC ¶ 115. Other documents stolen from Plaintiffs' servers were used in media reports in the Wall Street Journal, Huffington Post, Bloomberg, and the New York Times. AC ¶¶ 123-25, 130-31. As a result of the hacks, Broidy and BCM have suffered reputational damage, as business partners have pulled out of existing relationships and have refused to do business with Broidy and his company. AC ¶¶ 136-38.
This case is the latest in a number of litigations Plaintiffs have brought against Qatar and its agents for the reputational and business damage Plaintiffs claim it has caused him through thealleged hacks and related activities. Broidy and BCM first contacted Qatar in March 2018, about a month after GRA access to BCM's servers was lost, to demand that Qatar stop the hacking attacks. AC ¶ 188. When the country failed to respond, Broidy filed his first case in the United States District Court for the Central District of California, naming as Defendants the nation of Qatar, several Defendants in this action, and others. AC ¶ 189. Upon the filing of that action, Broidy alleges that GRA destroyed evidence relating to its involvement in the hacking enterprise. AC ¶ 190. The California action ultimately was dismissed on the basis of foreign sovereign immunity (as to Qatar) and personal jurisdiction (as to the other Defendants), and the decision was affirmed by the Ninth Circuit.2 AC ¶ 191; see Broidy Capital Mgmt, LLC v. State of Qatar, 982 F.3d 582 (9th Cir. 2020).
Broidy then filed a case in this District against Jamal Benomar, a former United Nations diplomat whom he alleges aided Qatar in the hacking and public relations conspiracy. AC ¶ 127, 192. That case was dismissed on the grounds of diplomatic immunity, and the dismissal was affirmed by the Second Circuit. AC ¶ 192; see Broidy Capital Mgmt. v. Benomar, 944 F.3d 436 (2d Cir. 2019). Finally, in early 2019, Broidy filed an action in the United States District Court for the District of Columbia against Nicholas Muzin and other defendants related to Stonington Strategies. AC ¶ 193. After briefing, the court there denied a motion to dismiss raising many of the same arguments made here. AC ¶ 193; see Broidy Capital Mgmt., LLC v. Muzin, No. 19-cv-0159 (DLF), 2020 WL 1536350 (D.D.C. Mar. 31, 2020).
This action was filed in December 2019. See Complaint, ECF No. 1. After an initial motion to dismiss the complaint was filed, Plaintiffs filed an Amended Complaint. SeeAmended Complaint, ECF No. 57. The Amended Complaint asserts claims against ten Defendants whom Plaintiff asserts were involved in the hacking and dissemination of his private communications and documents. They are:
To continue reading
Request your trial