Sextortion Scheme: Former U.S. Official Pleads Guilty

Cyberstalking Shows Shift to More Aggressive Cybercrimes, Experts Warn
Sextortion Scheme: Former U.S. Official Pleads Guilty

A former U.S. State Department employee has admitted in court that he masterminded an online sexual extortion - or sextortion - scheme that targeted victims around the world, beginning with phishing attacks designed to trick would-be victims into sharing the passwords to their online accounts.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

Michael C. Ford, 36, pleaded guilty to nine counts of cyberstalking, seven counts of computer hacking to extort and one count of wire fraud related to the scheme, which ran from January 2013 to May 2015, according to the U.S. Department of Justice. During that time, Ford was mostly working from the U.S. Embassy in London, and authorities say his scheme was primarily run from there.

The Justice Department says Ford victimized at least 200 people - primarily targeting "young women and aspiring models" - and that it is not releasing the names of victims to protect their privacy. "Ford engaged in an international sextortion campaign," says U.S. Attorney John A. Horn. "He tormented numerous women by threatening to humiliate them unless they provided him with sexually explicit photos and videos, and, in some cases, he followed through on his threats. This case demonstrates the need to be careful in safeguarding personal information and passwords, especially in response to suspicious emails."

Authorities have long urged sextortion victims to contact police. "Anyone who believes that they are the victim of hacking, cyberstalking, or 'sextortion' should contact law enforcement," the FBI says.

But security experts say that online crimes remain dramatically underreported, and suspect that is especially true with sextortion attacks, given that it's a sex crime and many victims want to try and avoid related embarrassment, especially when attackers' demands relate to money.

"Victims think they can make the problem go away," according to University of Surrey computer science professor and cybercrime expert Alan Woodward. "But the problem with extortionists is that they don't go away. It's like a game of whack-a-mole."

Investigating related crimes can also be complicated by attackers using cryptocurrencies such as bitcoin, which make it more difficult - but not necessarily impossible - to follow criminals' money trail (see Tougher to Use Bitcoin for Crime?).

Phishing Attacks Targeted Photographs

Ford, using such aliases as "David Anderson" and "John Parsons," ran a scheme in which he posed as an employee of Google's "Account Deletion Team" - which does not exist - and informed targets that their online accounts were due to be disabled or deleted unless they shared passwords for various online accounts, including Google iCloud, Facebook, Picasa and Twitter credentials, according to an Aug. 18 Atlanta federal grand jury indictment against Ford.

After gaining access to accounts, Ford then searched for sensitive personally identifiable information as well as sexually explicit photographs, according to the indictment. Ford would then send the stolen photographs to victims and threaten to distribute them to friends, family members and acquaintances that he had identified unless the "victims take, and then send to him, sexually explicit pictures and videos of others," it adds, noting that he would often repeat his threats if victims did not comply.

"On multiple occasions, Ford carried through with his threats to send sexually explicit photographs to the victims' family members, friends and acquaintances," it says.

Ford has admitted to sending at least 4,500 phishing emails, hacking into at least 200 victims' online accounts and forwarding at least 1,300 stolen email messages to himself that contained sexually explicit photographs, and then threatening and harassing at least 75 victims.

To find victims, Ford hacked into several email accounts belonging to U.S.-based modeling agencies, and "he also appeared to target women who were members of sororities at universities and colleges in the United States," according to the indictment. But "on at least one occasion, Ford targeted a young man."

Cybercrime Grows More Brutal

Security experts and law enforcement agencies have been warning that cybercrime attacks have been growing more dangerous, as demonstrated by an increasing number of cases of sextortion. "Cybercrime is becoming more aggressive and confrontational. ... There is a shift from hidden, stealthy interventions by highly competent hackers toward direct, confrontational contact between the criminal and the victim, where the victim is put under considerable pressure to comply with the perpetrator's demands," according to the Internet Organized Crime Threat Assessment released in September by the association of European police agencies known as Europol.

The law enforcement agency warns that sextortion, together with ransomware and distributed denial-of-service attacks, are designed to psychologically compel victims to comply. "The psychological impact on victims is much stronger due to the brutal confrontational manner in which the victim is coerced," Europol's report says. "It can be likened to the difference between a burglary where the victim detects afterwards that things have been stolen, versus an armed robbery where the victim is forced to hand over personal belongings to the criminal."

For example, Ford tricked one of his victims - identified in the affidavit against him as "Jane Doe One" - into sharing her password, and then demanded that she share with him "sexually explicit videos of 'girls' and 'sexy girls' taking their clothes off in changing rooms at gyms, pools or clothing stores."

When she refused and begged Ford to leave her alone, he responded: "OK time's up. Everything I have will be posted online and sent to your friends. Pictures, names, phone number, home address ... I gave you a chance and you blew it."

Ford is due to be sentenced on Feb. 16, 2016. Justice Department officials couldn't be immediately reached for comment about the maximum prison sentence he might face.

Silk Road Investigator Sentenced

Ford is not the only former federal employee to have recently pleaded guilty to hacking-related offenses.

On Dec. 7, former U.S. Secret Service agent Shaun W. Bridges, 33, a former member of the U.S. government task force that was investigating the notorious online marketplace Silk Road, was sentenced to serve nearly 12 years in U.S. prison - and ordered to forfeit $651,000 - after he pleaded guilty on Aug. 31 to one count of money laundering and one count of obstructing justice. The former special agent with the Secret Service's Electronic Crimes Task Force admitted stealing $820,000 worth of bitcoins (see Former Secret Service Agent Pleads Guilty to $800K Bitcoin Theft).

The man who was charged with being his partner in crime - Carl M. Force IV, formerly a special agent with the Drug Enforcement Administration - also pleaded guilty in July to related charges (see Feds Arrest 'Silk Road' Investigators). The 15-year DEA veteran was sentenced in October to 78 months in prison, or seven months more than Bridges.

Force admitted that while he was working as an undercover investigator using the government-sanctioned handle "Nob," he participated in a secret scheme designed to obtain bitcoins from Silk Road administrator Ross Ulbricht, a.k.a. "Dread Pirate Roberts." Using the online persona "French Maid," Force admitted to detailing aspects of the government's Silk Road investigation to Ulbricht in exchange for about $100,000 worth of bitcoins. Force also admitted to serving as the chief compliance officer for CoinMKT, a digital currency exchange company, without the DEA's permission.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.