Posted: 12:47 am EDT
[twitter-follow screen_name=’Diplopundit’ ]
We’ve blogged previously about the Michael C. Ford case (see State Dept Employee Posted at US Embassy London Faces ‘Sextortion’ Charges in Georgia; US Embassy London Local Employee Charged With Cyberstalking, Computer Hacking and Wire Fraud).
On December 9, USDOJ announced that the former State Department/Embassy London employee pleaded guilty to perpetrating a widespread, international e-mail phishing, computer hacking and cyberstalking scheme against hundreds of victims in the United States and abroad. More below:
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney John A. Horn of the Northern District of Georgia, Director Bill A. Miller of the U.S. Department of State’s Diplomatic Security Service and Special Agent in Charge J. Britt Johnson of the FBI’s Atlanta Field Office made the announcement.
Michael C. Ford, 36, of Atlanta, was indicted by a grand jury in the U.S. District Court for the Northern District of Georgia on Aug. 18, 2015, with nine counts of cyberstalking, seven counts of computer hacking to extort and one count of wire fraud. The names of the victims are being withheld from the public to protect their privacy.
Ford pleaded guilty to all charges and admitted that between January 2013 and May 2015, he used various aliases that included “David Anderson” and “John Parsons” and engaged in a widespread, international computer hacking, cyberstalking and “sextortion” campaign designed to force victims to provide Ford with personal information as well as sexually explicit videos of others. Ford targeted young females, some of whom were students at U.S. colleges and universities, with a particular focus on members of sororities and aspiring models.
Ford posed as a member of the fictitious “account deletion team” for a well-known e-mail service provider and sent phishing e-mails to thousands of potential victims, warning them that their e-mail accounts would be deleted if they did not provide their passwords. Ford then hacked into hundreds of e-mail and social media accounts using the passwords collected from his phishing scheme, where he searched for sexually explicit photographs. Once Ford located such photos, he then searched for personal identifying information (PII) about his victims, including their home and work addresses, school and employment information, and names and contact information of family members, among other things.
Ford then used the stolen photos and PII to engage in an ongoing cyberstalking campaign designed to demand additional sexually explicit material and personal information. Ford e-mailed his victims with their stolen photos attached and threatened to release those photos if they did not cede to his demands. Ford repeatedly demanded that victims take sexually explicit videos of “sexy girls” undressing in changing rooms at pools, gyms and clothing stores, and then send the videos to him.
When the victims refused to comply, threatened to go to the police or begged Ford to leave them alone, Ford responded with additional threats. For example, Ford wrote in one e-mail “don’t worry, it’s not like I know where you live,” then sent another e-mail to the same victim with her home address and threatened to post her photographs to an “escort/hooker website” along with her phone number and home address. Ford later described the victim’s home to her, stating “I like your red fire escape ladder, easy to climb.” Ford followed through with his threats on several occasions, sending his victims’ sexually explicit photographs to family members and friends.
Ultimately, Ford sent thousands of fraudulent “phishing” email messages to potential victims, successfully hacked into at least 450 online accounts belonging to at least 200 victims, and forwarded to himself at least 1,300 stolen email messages containing thousands of sexually explicit photographs. Ford sent threatening and “sextortionate” online communications to at least 75 victims.
During the relevant time period, Ford was employed by the U.S. Embassy in London. The majority of Ford’s phishing, hacking and cyberstalking activities were conducted from his computer at the U.S. Embassy.
“When a public servant in a position of trust commits any form of misconduct, to include federal crimes such as cyberstalking and computer hacking, we vigorously investigate such claims,” said Director Miller. “The Diplomatic Security Service is firmly committed to investigating and working with the Department of Justice, U.S. Attorney’s Office and our other law enforcement partners to investigate criminal allegations and bring those who commit these crimes to justice.”
U.S. District Judge Eleanor L. Ross of the Northern District of Georgia scheduled Ford’s sentencing hearing for Feb. 16, 2016.
The Diplomatic Security Service and the FBI are investigating the case. Senior Trial Attorney Mona Sedky of the Criminal Division’s Computer Crime and Intellectual Property Section, Trial Attorney Jamie Perry of the Criminal Division’s Human Rights and Special Prosecutions Section and Assistant U.S. Attorney Kamal Ghali of the Northern District of Georgia are prosecuting the case. The Criminal Division’s Office of International Affairs and the U.S. Embassy in London provided assistance in this case.
The case is USA v. Ford, CRIMINAL DOCKET FOR CASE #: 1:15-mj-00386-ECS-1 in the U.S. District Court in the Northern District of Georgia (Atlanta).
According to court records, this individual, a U.S. citizen lived in London and joined the U.S. Embassy there in 2009; which suggests that he was a locally hired employee. The charging documents do not indicate which section of the embassy he worked in or what was his job. But he apparently used his State Department-issued computer at the U.S. Embassy in London while he did his cyberstalking and sextortion schemes.
There are a few curious things about this case. One, that there’s no mention anywhere in court records about his location of work within the embassy; 2) no explanation of how he came to target Jane Doe, an 18 year old Kentucky resident; where did he find her and his other victims? and 3) he successfully hacked 450 online accounts belonging to at least 200 victims, and forwarded to himself at least 1,300 stolen email messages containing thousands of sexually explicit photographs — how come nobody noticed? Was this guy a locally hired IT person, so spending all that time on his computer did not raise red flags? 4) Did Embassy London/HR know that this person had a prior criminal record when it hired this employee? If not, why not?
The affidavit in support of a criminal complaint and arrest warrant executed by DSS Agent Erik Kasik is available below: