The FBI said the hacker would use a popular social networking site and the spear phishing technique – posing as a friend or a trusted source – to spread the computer virus used to access victims’ computers. The agency's Los Angeles cyber squad conducted the investigation into the "sextortion" case.
“What’s so frightening about this case was how easily the victims’ computers were compromised,” said Jeff Kirkpatrick, an agent with the cyber squad.
In several instances, the hacker posed online as a woman’s friend or sister and sent messages with attachments asking if the victim wanted to see a scary video. Because the messages appeared to be from a trusted source, the victims usually opened the attachment. When they did, the virus secretly installed itself, and the hacker had control over their computers – including all files and folders, webcams, and microphones.
Using similar spear phishing methods, the hacker spread the virus through the social network. In all, there were 230 victims and more than 100 computers impacted.
In one example, the hacker attached a pornographic picture of the victim in an e-mail and demanded sexually explicit video of her in return for not telling her parents about the pictures he had downloaded from her computer.
“If he hadn’t attempted to contact the victims”, said Tanith Rogers, another cyber squad member, “he could have done this forever and gone undetected – the victims would never have known he was listening and watching. That is one of the most disturbing things about this case.”
The hacker was arrested in June after a two-year FBI investigation.