Hacker Pleads Guilty To Cyber 'Sextortion'
California man faces up to six years in jail for charges related to stealing 230 women's online identities to access information from their email and Facebook accounts.
A California man on Thursday pleaded guilty to hacking into more than 230 women's email accounts, and using the information he stole to commit online "sextortion" attacks and identity theft.
George Samuel Bronk, 23, of Citrus Heights now faces up to six years in jail after entering guilty pleas to seven felonies in charges such as computer intrusion, false impersonation, and possession of child pornography, according to the state attorney general's office which prosecuted the case in the Sacramento Superior Court. Bronk, who will have to register as a sex offender, will return to court on March 10 for further proceedings relating to his sentence, according to the attorney general's office.
More Security Insights
- Get Actionable Insight with Security Intelligence for Mainframe Environments
- Getting a Grip on Mobile Malware
White PapersMore >>
"This case highlights the fact that anyone with an e-mail account is vulnerable to identity theft," said attorney general Kamala Harris, in a statement."One of the major goals of my office is to track down and prosecute every criminal who would stoop to stealing people's identities."
Bronk was arrested in October and had been held on $500,000 bail.
Between December 2009 and September 2010, Bronk hacked into email accounts and Facebook pages of users in 17 states and England by finding answers to the women's email questions in information they had posted on their Facebook sites. He targeted victims by scanning the popular social networking site for women who publicly posted their email addresses online, then contacted the women's email service providers and, while pretending to be the authorized user, claimed to have forgotten the password.
Bronk could correctly answer security questions by locating answers on the women's Facebook pages. Once he gained access, Bronk changed the password and locked out the victim, then searched the sent email for nude or semi-nude photographs and videos, which he often sent to the woman's entire address book list. Often, Bronk gained access to victims' Facebook accounts using the same password-change ploy, then posted the photographs to victims' Facebook pages and other sites, and commented on their friends' sites.
"For example, the hacker attached a pornographic picture of one victim in an e-mail and demanded sexually explicit video of her in return for not telling her parents about the pictures he had downloaded from her computer," said FBI special agent Tanith Rogers, one of the investigators, in November, when the FBI actively sought other victims.
The investigation began when a victim contacted the Connecticut State Police, which reached out to the California Highway Patrol (CHP) because of Bronk's apparent residence in the state. In September, California investigators found more than 170 files containing explicit photographs of women, and went on to email 3,200 questionnaires to potential victims after using location-tagging information embedded on the photographs within the hard drive to help identify the women. The FBI also urged potential victims to come forward.
Forty-six women responded, including one who described Bronk's actions as "virtual rape," said Harris.
The Sacramento Valley Hi-Tech Crimes task force, the CHP, and the Connecticut State Police joined the attorney general's office to investigate this case. Law enforcement agencies encouraged users to regularly change passwords, switch their security questions, and add numbers or special characters to increase security.
Dark Reading has published an in-depth report on eliminating vulnerabilities in enterprise software. Download it now (free registration required).