The FBI has arrested a man accused of stealing personal information from the online accounts of 350 women in order to ‘sextort’ them into stripping off so he could take nude pictures via webcam.
The police charges offer a depressing picture of warped morality but also the way large numbers of people fail to secure online accounts holding extremely private data.
According to the 30-count indictment, 27-year old Karen “Gary” Kazaryan hacked into large numbers of email, Facebook and Skype accounts, locking out their owners while he searched for compromising data including embarrassing images.
Armed with private information, he then attempted to blackmail the women into letting him take topless pictures of them via webcam using Skype, posting pictures on their Facebook pages if they refused to cooperate.
Police discovered 3,000 images of women on Kazaryan’s PC, some taken during his hacking, others apparently received from the women he was extorting.
The number of victims is estimated at 350, but could be higher, most nearby to his home in Glendale, California.
Kazaryan also posed as his victims in order to contact their friends; if his cover was blown he allegedly attempted the same blackmail trick in order to gain cooperation.
One of the earliest publicised webcam hacks was probably that of a Spanish man accused in 2005 of using a Trojan to turn on victims’ cameras and record keyboard strokes in order to grab online bank logins.
Perhaps the most infamous and costly case was that of the Philadelphia school found in 2010 to have ‘spied’ on pupils using school-issued Apple Mac laptops.
Last year another Californian man was accused of installing malware capable of spying on victims using webcams before later threatening victims with embarrassment and exposure.
Sextortion incidents have trickled out from time to time but the scale of the latest case will mark it out. Webcams themselves have had a mixed security press with a clutch of home surveillance models made by Trendnet found last year by a researcher to be vulnerable to remote hijacking.