There’s an update to a previously noted case.
Former U.S. State Department employee Michael C. Ford has been sentenced to four years, and nine months in prison for perpetrating a widespread, international e-mail phishing, computer hacking and cyberstalking scheme against hundreds of victims in the United States and abroad.
“This case unfortunately shows that cyber-stalkers have the ability to torment victims from any corner of the globe,” said U.S. Attorney John A. Horn. “Hopefully, Ford’s victims can be reassured that he will serve a significant sentence for his conduct. Members of the public must be extremely careful about disclosing their logins and passwords to anyone, even when the person on the other end of an e-mail or instant message appears to be legitimate.”
“Michael Ford hacked hundreds of email accounts, particularly targeting young women so he could extort them into sending him sexually explicit images,” said Assistant Attorney General Caldwell. “He preyed on vulnerable victims, leaving them with indelible emotional scars. His sentence is a necessary step in holding him to account for his crimes and helping his victims move forward with their lives.”
“The sentencing of Mr. Ford will not only hold him accountable for his despicable criminal conduct but will also deny him the ability to further victimize others. The FBI is proud of the role that it played in bringing this case forward for investigation, apprehension, and federal prosecution and it is hoped that those who were victimized by Mr. Ford will find some relief with this sentencing,” said J. Britt Johnson, Special Agent in Charge, FBI Atlanta Field Office.
“The Diplomatic Security Service is proud of the hard work of everyone involved in the investigation including our partners at the FBI and the Department of Justice. When a public servant in a position of trust commits crimes like cyberstalking and computer hacking on such a large scale, we will vigorously investigate those crimes and ensure they are brought to justice. We hope that this sentence will provide some closure for the victims,” said Director Miller.
According to U.S. Attorney Horn, the charges and other information presented in court: Ford admitted that between January 2013 and May 2015, while employed by the U.S. Embassy in London, he used various aliases to commit a widespread, international computer hacking, cyberstalking and “sextortion” campaign designed to force victims to provide Ford with personal information as well as sexually explicit videos of others. Ford targeted young females, some of whom were students at U.S. colleges and universities, with a particular focus on members of sororities and aspiring models.
Posing as a member of the fictitious “account deletion team” for a well-known e-mail service provider, Ford sent thousands of phishing e-mails to thousands of potential victims, warning them that their e-mail accounts would be deleted if they did not provide their passwords. Ford admitted he then used the passwords to hack into at least 450 e-mail and social media accounts belonging to at least 200 victims, where he searched for sexually explicit photographs and for victims’ personal identifying information (PII), including their home and work addresses, school and employment information, and names and contact information of family members, among other things.
Using both the photos and PII, Ford admitted that he then e-mailed at least 75 victims, threatening to release those photos unless they took and sent him sexually explicit videos of “sexy girls” undressing in changing rooms at pools, gyms and clothing stores.
When the victims refused to comply, threatened to go to the police or begged Ford to leave them alone, Ford escalated his threats, according to the plea agreement. For example, Ford admitted that he wrote in one e-mail “don’t worry, it’s not like I know where you live,” followed by another e-mail with her home address and threatened to post her photographs to an “escort/hooker website” along with her phone number and home address. On several occasions, Ford followed through with his threats, sending his victims’ sexually explicit photographs to family members and friends, according to the plea.
Additionally, at sentencing, the government presented evidence that Ford engaged in a related scheme targeting aspiring models beginning in 2009. Posing as a model scout, Ford convinced young women to send their personal information, to include dates of birth and measurements, as well as topless photos for consideration for fictitious modeling opportunities. During this ruse, Ford obtained topless and partially nude photos from hundreds of women, including several minors. He also attempted to entice a minor to take voyeuristic videos of her peers in her school locker room. Some of his early model-scout victims became the first victims of his charged cyberstalking scheme.
Michael C. Ford, 36, of Atlanta, was sentenced by U.S. District Judge Eleanor L. Ross of the Northern District of Georgia, to four years and nine months in federal prison, to be followed by three years of supervised release. On Dec. 9, 2015, Ford pleaded guilty to nine counts of cyberstalking, seven counts of computer hacking to extort and one count of wire fraud in connection with his ongoing criminal scheme. The names of the victims are being withheld from the public to protect their privacy.
The Diplomatic Security Service and the FBI investigated the case.
The case was prosecuted by Assistant U.S. Attorney Kamal Ghali of the Northern District of Georgia, Senior Trial Attorney Mona Sedky of the Criminal Division’s Computer Crime and Intellectual Property Section, and Trial Attorney Jamie Perry of the Criminal Division’s Human Rights and Special Prosecutions Section. The Criminal Division’s Office of International Affairs and the U.S. Embassy in London provided assistance in this case.
Anyone who believes that they are the victim of hacking, cyberstalking, or “sextortion” should contact law enforcement. Resources regarding hacking and other cybercrimes can be found at: https://www.fbi.gov/about-us/investigate/cyber.
SOURCE: U.S. Attorney’s Office, Northern District of Georgia
How did they catch him? And will this case help catch others?
According to earlier documents, the majority of his phishing attempts, threats, etc. were done using his work computer. I’m guessing that when a victim came forward, law enforcement was then able to backtrack the IP address to him.
If this was all done on a work computer, makes me concerned over security and tracking within the federal government. So much oversee there that this was not stopped before it escalated.