Post by kas on Jun 18, 2011 21:37:34 GMT -5
Facebook Lets Man Access Members’ Nude Photos
Jan 21, 2011 | 1:00 PM ET | By Matt Liebowitz, SecurityNewsDaily Staff Writer
A California man faces six years in prison for hijacking hundreds of women’s e-mail accounts and stealing nude pictures he found in their “sent” folders.
George Samuel Bronk pleaded guilty in Sacramento Superior Court on Jan. 13 to seven felony charges, including computer intrusion, fake impersonation and possession of child pornography.
The charges stem from a nine-month period ending in Sept. 2010, in which Bronk took over the e-mail and Facebook accounts of women in 17 states and in England, the Sacramento Bee reported.
A press release from the office of Kamala Harris, California’s attorney general, says Bronk searched Facebook for women who had posted their e-mail addresses on their profiles, along with personal information such as their favorite foods, fathers’ middle names, high school mascots and favorite colors.
When he found an account that had both, he would try to log into the e-mail account. He would fail, but most online e-mail accounts give users the opportunity to reset forgotten passwords if a set of identity-challenge questions are answered correctly.
Because most of these questions are along the lines of “What was your mother’s maiden name?” and “What was the name of the street you grew up on?”, Bronk was able to systematically search individual Facebook pages for the right answers.
That’s when the problems would begin.
Once he’d reset the e-mail account’s password and locked out the legitimate user, Bronk would then search the “sent mail” folders for any nude photographs or videos. If he found any, he would often send the scandalous, pornographic pictures to the women’s contacts list, or contact the victims and threaten to make the pictures public unless they sent him even more revealing ones.
In some instances, Bronk even went back to where he started and used Facebook’s forgotten-password feature to have a new Facebook password sent to the hijacked e-mail accounts, which meant he would then “own” the victim’s Facebook account as well.
One victim finally contacted the Connecticut State Police, who reached out to their California counterparts and the investigation began.
When police confiscated Bronk’s computer and arrested him in October, they found more than 170 files of explicit photographs stolen from e-mail accounts he had hijacked.
The state attorney general’s Office and the California Highway Patrol used location-tagging information to help identify victims, and e-mailed 3,200 questionnaires to women who may have been targeted.
Forty-six women replied that they had been victimized, one of whom described the violation as “virtual rape.”
Bronk has been held on $500,000 bail since October, and will return in March for his sentencing.
How can others prevent this sort of thing from happening? Because identity-challenge questions are designed to use easily found information, try making up answers instead – say your mother’s maiden name was “Michael Jackson,” for example.
Also use the “neighbors and bosses” rule about what you post online – if you wouldn’t want those people to see it, don’t put it up.
Stronger passwords would not have helped in this situation, since Bronk never had to crack any. Instead, the e-mail services simply gave him new ones.
Jan 21, 2011 | 1:00 PM ET | By Matt Liebowitz, SecurityNewsDaily Staff Writer
A California man faces six years in prison for hijacking hundreds of women’s e-mail accounts and stealing nude pictures he found in their “sent” folders.
George Samuel Bronk pleaded guilty in Sacramento Superior Court on Jan. 13 to seven felony charges, including computer intrusion, fake impersonation and possession of child pornography.
The charges stem from a nine-month period ending in Sept. 2010, in which Bronk took over the e-mail and Facebook accounts of women in 17 states and in England, the Sacramento Bee reported.
A press release from the office of Kamala Harris, California’s attorney general, says Bronk searched Facebook for women who had posted their e-mail addresses on their profiles, along with personal information such as their favorite foods, fathers’ middle names, high school mascots and favorite colors.
When he found an account that had both, he would try to log into the e-mail account. He would fail, but most online e-mail accounts give users the opportunity to reset forgotten passwords if a set of identity-challenge questions are answered correctly.
Because most of these questions are along the lines of “What was your mother’s maiden name?” and “What was the name of the street you grew up on?”, Bronk was able to systematically search individual Facebook pages for the right answers.
That’s when the problems would begin.
Once he’d reset the e-mail account’s password and locked out the legitimate user, Bronk would then search the “sent mail” folders for any nude photographs or videos. If he found any, he would often send the scandalous, pornographic pictures to the women’s contacts list, or contact the victims and threaten to make the pictures public unless they sent him even more revealing ones.
In some instances, Bronk even went back to where he started and used Facebook’s forgotten-password feature to have a new Facebook password sent to the hijacked e-mail accounts, which meant he would then “own” the victim’s Facebook account as well.
One victim finally contacted the Connecticut State Police, who reached out to their California counterparts and the investigation began.
When police confiscated Bronk’s computer and arrested him in October, they found more than 170 files of explicit photographs stolen from e-mail accounts he had hijacked.
The state attorney general’s Office and the California Highway Patrol used location-tagging information to help identify victims, and e-mailed 3,200 questionnaires to women who may have been targeted.
Forty-six women replied that they had been victimized, one of whom described the violation as “virtual rape.”
Bronk has been held on $500,000 bail since October, and will return in March for his sentencing.
How can others prevent this sort of thing from happening? Because identity-challenge questions are designed to use easily found information, try making up answers instead – say your mother’s maiden name was “Michael Jackson,” for example.
Also use the “neighbors and bosses” rule about what you post online – if you wouldn’t want those people to see it, don’t put it up.
Stronger passwords would not have helped in this situation, since Bronk never had to crack any. Instead, the e-mail services simply gave him new ones.
www.securitynewsdaily.com/facebook-lets-man-access-members-nude-photos-0431/