Ex-US Embassy London Employee Gets 4.9 Years For “Sextortion” Scheme

Posted: 4:03 am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

Last December, the Justice Department announced that the former State Department/US Embassy London employee, Michael C. Ford  pleaded guilty to perpetrating a widespread, international e-mail phishing, computer hacking and cyberstalking scheme against hundreds of victims in the United States and abroad.

In a court filing submitted to aid in the sentencing, the USG recommended a sentence of 96 months of incarceration, followed by three years of supervised release. It also notes the following:

The sheer number of phishing e-mails that Ford sent is astounding. For example, on one day alone, April 8, 2015, Ford sent phishing e-mails to approximately 800 unique e-mail addresses. On the same date, Ford then sent 180 follow-up e-mails to potential victims who had not yet responded to his original phishing e-mail, as well as approximately 15 e-mails to victims who had provided incorrect passwords. Considering Ford’s daily volume, repeated over the course of several months, the number of Ford’s potential phishing victims is staggering.
[…]
Ford’s conduct was relentless and strikingly callous. He harassed his victims on almost a daily basis. He was particularly motivated by their reactions of fear, anger, and defiance. He was unmoved by their pleas to leave them alone. He laughed in the face of their fear, and he escalated his threats when they threatened to involve the police. He showed no remorse and thrived on his power over his victims.

Ford’s conduct was persistent and compulsive. He sometimes spent the majority of his work day, at taxpayer expense, engaged in his criminal scheme. This speaks powerfully about Ford’s dedication to his crime. In addition, his conduct was incredibly brazen. He used his U.S. Embassy work computer (which was positioned in a common, shared work area) to commit his crimes and at one point, filed a complaint with his employer, requesting more privacy in his workspace.

Today, U.S. District Judge Eleanor Ross sentenced the 36-year-old Michael C. Ford to serve four years and nine months (59 months) in prison followed by three years of supervised release.  The case is USA v. Michael C. Ford, Case No. 1:15-CR-319-ELR.

Related posts:

 

#

Advertisements

Former US Embassy London Employee Pleads Guilty to Cyberstalking and “Sextortion” Scheme

Posted: 12:47 am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

We’ve blogged previously about the Michael C. Ford case (see State Dept Employee Posted at US Embassy London Faces ‘Sextortion’ Charges in GeorgiaUS Embassy London Local Employee Charged With Cyberstalking, Computer Hacking and Wire Fraud).

On December 9, USDOJ announced that the former State Department/Embassy London employee pleaded guilty to perpetrating a widespread, international e-mail phishing, computer hacking and cyberstalking scheme against hundreds of victims in the United States and abroad. More below:

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney John A. Horn of the Northern District of Georgia, Director Bill A. Miller of the U.S. Department of State’s Diplomatic Security Service and Special Agent in Charge J. Britt Johnson of the FBI’s Atlanta Field Office made the announcement.

Michael C. Ford, 36, of Atlanta, was indicted by a grand jury in the U.S. District Court for the Northern District of Georgia on Aug. 18, 2015, with nine counts of cyberstalking, seven counts of computer hacking to extort and one count of wire fraud.  The names of the victims are being withheld from the public to protect their privacy.

Ford pleaded guilty to all charges and admitted that between January 2013 and May 2015, he used various aliases that included “David Anderson” and “John Parsons” and engaged in a widespread, international computer hacking, cyberstalking and “sextortion” campaign designed to force victims to provide Ford with personal information as well as sexually explicit videos of others.  Ford targeted young females, some of whom were students at U.S. colleges and universities, with a particular focus on members of sororities and aspiring models.

Ford posed as a member of the fictitious “account deletion team” for a well-known e-mail service provider and sent phishing e-mails to thousands of potential victims, warning them that their e-mail accounts would be deleted if they did not provide their passwords.  Ford then hacked into hundreds of e-mail and social media accounts using the passwords collected from his phishing scheme, where he searched for sexually explicit photographs.  Once Ford located such photos, he then searched for personal identifying information (PII) about his victims, including their home and work addresses, school and employment information, and names and contact information of family members, among other things.

Ford then used the stolen photos and PII to engage in an ongoing cyberstalking campaign designed to demand additional sexually explicit material and personal information.  Ford e-mailed his victims with their stolen photos attached and threatened to release those photos if they did not cede to his demands.  Ford repeatedly demanded that victims take sexually explicit videos of “sexy girls” undressing in changing rooms at pools, gyms and clothing stores, and then send the videos to him.

When the victims refused to comply, threatened to go to the police or begged Ford to leave them alone, Ford responded with additional threats.  For example, Ford wrote in one e-mail “don’t worry, it’s not like I know where you live,” then sent another e-mail to the same victim with her home address and threatened to post her photographs to an “escort/hooker website” along with her phone number and home address.  Ford later described the victim’s home to her, stating “I like your red fire escape ladder, easy to climb.”  Ford followed through with his threats on several occasions, sending his victims’ sexually explicit photographs to family members and friends.

Ultimately, Ford sent thousands of fraudulent “phishing” email messages to potential victims, successfully hacked into at least 450 online accounts belonging to at least 200 victims, and forwarded to himself at least 1,300 stolen email messages containing thousands of sexually explicit photographs.  Ford sent threatening and “sextortionate” online communications to at least 75 victims.

During the relevant time period, Ford was employed by the U.S. Embassy in London.  The majority of Ford’s phishing, hacking and cyberstalking activities were conducted from his computer at the U.S. Embassy.
[…]
“When a public servant in a position of trust commits any form of misconduct, to include federal crimes such as cyberstalking and computer hacking, we vigorously investigate such claims,” said Director Miller.  “The Diplomatic Security Service is firmly committed to investigating and working with the Department of Justice, U.S. Attorney’s Office and our other law enforcement partners to investigate criminal allegations and bring those who commit these crimes to justice.”
[…]
U.S. District Judge Eleanor L. Ross of the Northern District of Georgia scheduled Ford’s sentencing hearing for Feb. 16, 2016.

The Diplomatic Security Service and the FBI are investigating the case.  Senior Trial Attorney Mona Sedky of the Criminal Division’s Computer Crime and Intellectual Property Section, Trial Attorney Jamie Perry of the Criminal Division’s Human Rights and Special Prosecutions Section and Assistant U.S. Attorney Kamal Ghali of the Northern District of Georgia are prosecuting the case.  The Criminal Division’s Office of International Affairs and the U.S. Embassy in London provided assistance in this case.

The case is  USA v. Ford, CRIMINAL DOCKET FOR CASE #: 1:15-mj-00386-ECS-1 in the U.S. District Court in the  Northern District of Georgia (Atlanta).

According to court records, this individual, a U.S. citizen lived in London and joined the U.S. Embassy there in 2009; which suggests that he was a locally hired employee.  The charging documents do not indicate which section of the embassy he worked in or what was his job. But he apparently used his State Department-issued computer at the U.S. Embassy in London while he did his cyberstalking and sextortion schemes.

There are a few curious things about this case. One, that there’s no mention anywhere in court records about his location of work within the embassy; 2) no explanation of how he came to target Jane Doe, an 18 year old Kentucky resident; where did he find her and his other victims? and 3) he successfully hacked 450 online accounts belonging to at least 200 victims, and forwarded to himself at least 1,300 stolen email messages containing thousands of sexually explicit photographs — how come nobody noticed? Was this guy a locally hired IT person, so spending all that time on his computer did not raise red flags? 4) Did Embassy London/HR know that this person had a prior criminal record when it hired this employee? If not, why not?

The affidavit in support of a criminal complaint and arrest warrant executed by DSS Agent Erik Kasik is available below:

#

US Embassy London Local Employee Charged With Cyberstalking, Computer Hacking and Wire Fraud

Posted: 5:50 pm EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

We posted about this case last May (see State Dept Employee Posted at US Embassy London Faces ‘Sextortion’ Charges in Georgia). On August 19, the Justice Department announced that a locally employed staff member of US Embassy London,  Michael C. Ford, 36, was charged by indictment on Aug. 18, 2015, with nine counts of cyberstalking, seven counts of computer hacking to extort and one count of wire fraud.  During the Daily Press Briefing of May 21st, the deputy spokesperson for the State Department informed the press that as of May 18th, this individual is no longer an embassy employee.

Via USDOJ | August 19, 2015:

WASHINGTON—A former locally-employed staff member of the U.S. Embassy in London was charged with engaging in a hacking and cyberstalking scheme in which, using stolen passwords, he obtained sexually explicit photographs and other personal information from victims’ e-mail and social media accounts, and threatened to share the photographs and personal information unless the victims ceded to certain demands.

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney John A. Horn of the Northern District of Georgia, Director Bill A. Miller of the U.S. Department of State’s Diplomatic Security Service and Special Agent in Charge J. Britt Johnson of the FBI’s Atlanta Division made the announcement.

Michael C. Ford, 36, was charged by indictment on Aug. 18, 2015, with nine counts of cyberstalking, seven counts of computer hacking to extort and one count of wire fraud.

“According to the indictment, Ford hacked into e-mail accounts and extorted sexually explicit images from scores of victims,” said Assistant Attorney General Caldwell. “As these allegations highlight, predators use the Internet to target innocent victims. With the help of victims and our law enforcement partners, we will find those predators and hold them accountable.”

“Ford is alleged to have hacked into hundreds of e-mail accounts and tormented women across the country, by threatening to humiliate them unless they provided him with sexually explicit photos and videos,” said U.S. Attorney John Horn. “This sadistic conduct is all the more disturbing as Ford is alleged to have used the U.S. Embassy in London as a base for his cyberstalking campaign.”

“The Diplomatic Security Service is firmly committed to working with the Department of Justice and our other law enforcement partners to investigate allegations of crime and to bring those who commit these crimes to justice,” said Director Miller. “When a public servant in a position of trust is alleged to have committed a federal felony such as cybercrime, we vigorously investigate such claims.”

“While the allegations in this case are disturbing, it does illustrate the willingness and commitment of the FBI and its federal partners to aggressively follow those allegations wherever they take us,” said Special Agent in Charge Johnson. “The FBI will continue to provide significant resources and assets as we address complex cyber based investigations as seen here.”

According to allegations in the indictment, from January 2013 through May 2015, Ford, using various aliases that included “David Anderson” and “John Parsons,” engaged in a computer hacking and “sextortion” campaign to force numerous women to provide him with personal information and sexually explicit photographs and videos. To do so, Ford allegedly posed as a member of the fictitious “account deletion team” for a well-known e-mail service provider and sent notices to thousands of potential victims, including members of college sororities, warning them that their accounts would be deleted if they did not provide their passwords.

Using the passwords collected from this phishing scheme, Ford allegedly hacked into hundreds of e-mail and social media accounts, stole sexually explicit photographs and personal identifying information (PII), and saved both the photographs and PII to his personal repository.

Ford then allegedly e-mailed the victims and threatened to release the photographs, which were attached to the e-mails, unless they obtained videos of “sexy girls” undressing in changing rooms at pools, gyms and clothing stores, and then sent the videos to him.

The indictment alleges that, when the victims either refused to comply or begged Ford to leave them alone, Ford responded with additional threats, including by reminding the victims that he knew where they lived. On several occasions, Ford allegedly followed through with his threats by sending sexually explicit photographs to victims’ family members and friends.

During the pendency of the alleged scheme, Ford was a civilian employee at the U.S. Embassy in London, England. He allegedly used his government-issued computer at the U.S. Embassy to conduct the phishing, hacking and cyberstalking activities.

The charges and allegations contained in an indictment are merely accusations. The defendant is presumed innocent unless and until proven guilty.

The case is being investigated by the U.S. Department of State’s Diplomatic Security Service and the FBI. The Criminal Division’s Office of International Affairs and the U.S. Embassy in London provided assistance. The case is being prosecuted by Senior Trial Attorney Mona Sedky of the Criminal Division’s Computer Crime and Intellectual Property Section, Trial Attorney Jamie Perry of the Criminal Division’s Human Rights and Special Prosecutions Section and Assistant U.S. Attorney Kamal Ghali of the Northern District of Georgia.

Anyone who believes that they are the victim of hacking, cyberstalking, or “sextortion” should contact law enforcement. Resources regarding hacking and other cybercrimes can be found at: https://www.fbi.gov/about-us/investigate/cyber.

#

State Dept Employee Posted at US Embassy London Faces ‘Sextortion’ Charges in Georgia

Posted: 1:41 pm EDT
Updated: 8:09 pm PDT
[twitter-follow screen_name=’Diplopundit’ ]

 

A State Department employee based at the U.S. Embassy in London  was arrested at Hartsfield-Jackson Atlanta International Airport and is now facing charges of interstate threats, computer fraud, wire fraud, and cyberstalking. The employee identified by news reports and court documents as Michael C. Ford reportedly has a home in Alpharetta, Georgia but has worked at the U.S. Embassy in London since 2009. Typical State Department assignments are normally 3 years, sometimes with one-year extensions. The complaint does not say what work Ford has done at Embassy London or his category of employment.

During the Daily Press Briefing of May 21st, the deputy spokesperson for the State Department informed the press that the individual named in this case was a locally hired administrative support employee who was not a member of the Foreign Service.  She also said that as of May 18th, the individual is no longer working at the embassy.
.

.

The Affidavit (pdf) executed by Eric J. Kasik, Special Agent of the Department of State Diplomatic Security Service (DSS) says that on or about April 2015, DSS began investigating a target, later determined to be a U.S. Embassy London employee, Michael C. Ford (“FORD”), for allegedly engaging in a computer hacking, cyber stalking, and extortion.  We should note that the affidavit is intended to show that there is sufficient probable cause to support the complaint.

According to the affidavit supporting the criminal complaint, Diplomatic Security “identified the specific State Department computer that is located at a workstation cubicle located in the U.S. Embassy in London. Personnel from the U.S. Embassy in London told me that the only person who sits at that workstation cubicle and uses that computer is Michael C. Ford. FORD is a U.S. citizen who has worked as an Embassy employee in London since 2009.”

Item #25 on the complaint reiterates what folks already know — that there is no reasonable expectation of privacy in any communications or data transiting or stored on the information system of the State Department.

DSS computer specialists have apparently obtained copies of specific documents or files that were allegedly stored on the employee’s computer in London. Court documents cited one document as example: “a spreadsheet that appears to summarize some of FORD’s more recent criminal activities. Along the far left hand column of the spreadsheet is a list of account names for approximately 250 e-mail addresses.” Special Agent Kasik says that “DSS agents have determined that several of the accountholders appear to attend the same college in Indiana, where they belong to the same sorority. One is a 17-year-old. This leads me to believe that FORD may be targeting college-aged women throughout the U.S.”

The alleged MO is described in item #16 of the Kasik affidavit:

16. The target initially sent Jane Doe Two an e-mail message to her Google e-mail account, posing as a Google representative and claiming that Jane Doe Two’s Google e-mail account was going to be deleted unless she provided her password. Jane Doe Two provided her password, as directed. The target then apparently hacked into Jane Doe Two’s Google account, presumably using the stolen password. He then obtained, presumably from Jane Doe Two’s hacked accounts, two or more private photographs of Jane Doe Two of a sexual nature. He also obtained other PII about Jane Doe Two, including her first and last name, her address, where she worked and went to school, and her parent’s first and last names and e-mail addresses. The target then sent Jane Doe Two several threatening e-mail messages to her Google e-mail account. He admitted that he had obtained sexual photographs of Jane Doe Two and sent her the photographs as proof. He then demanded that she provide her current home address and her parents’ contact information and other PII. He warned her that, if she refused, he would e-mail the photographs of her to a list of others, listing the first and last names of several of her acquaintances. The target also threatened to post her photographs online.

The affidavit is available here (pdf) via patch.com/georgia.

WSB-TV2 Atlanta reports that Ford will be in federal court in Atlanta today for a bond hearing and that his attorneys declined to comment at this point in the case.  Click her to read the report via AP.

The case is  USA v. Ford, CRIMINAL DOCKET FOR CASE #: 1:15-mj-00386-ECS-1 in the U.S. District Court in the  Northern District of Georgia (Atlanta).

#