Risk
1/30/2013
11:19 AM
50%
50%

FBI Busts Alleged Skype 'Sextortionist'

Man is accused of extorting over 350 women into posing nude on Skype by threatening to post compromising photos of them to Facebook.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The FBI Tuesday announced the arrest of Karen "Gary" Kazaryan, a 27-year old man, for allegedly coercing female Internet users into posing topless via Skype. Investigators said they recovered 3,000 nude and semi-nude pictures from Kazaryan's PC and suspect him of victimizing over 350 women between 2009 and 2011.

An indictment unsealed Tuesday in U.S. District Court charges Kazaryan with 15 counts of computer intrusion and 15 counts of aggravated identity theft. If convicted on all counts, Kazaryan faces up to 105 years in jail.

According to the indictment, Kazaryan's "sextortion" campaigns began with hacking into people's e-mail and Facebook accounts, harvesting naked or semi-naked pictures and collecting information about the account holders' friends.

[ Want more on Skype security? Read Skype Deals With Account Hijacking Exploit. ]

"Using the accounts to which he had obtained unauthorized access, defendant Kazaryan would then, in the guise of the victims' online identities, contact friends or associates of the victims in order to fraudulently persuade, or extort, those individuals into removing their clothing so that defendant Kazaryan could view, and take pictures of, their naked or semi-naked bodies on their webcams," said the indictment. "Defendant Kazaryan would also use naked or semi-naked images of victims to further extort those and other victims to remove their clothing so that defendant Kazaryan could view, and take pictures of, their naked or semi-naked bodies."

The FBI said that it hasn't yet linked all of the nude and semi-nude images with people's actual identities. "Anyone who believes they may have been a victim in this case should contact the FBI's Los Angeles Field Office at (310) 477-6565," said a statement issued by the bureau.

A related search warrant, executed in 2011 and unsealed Tuesday, details Kazaryan's alleged working methods, which left some of his victims "fearful of using the Internet and computers." The search warrant was written by FBI special agent and cyber squad investigator Tanith Rogers, who has previously investigated numerous sextortion cases.

In one series of creepy extortion attacks described in the search warrant, Kazaryan contacted a female target ("A.M."), posing as her female friend ("L.A."), and inviting her to connect via a Skype account that "she" had just created. But after several minutes, the victim suspected that the person on Skype wasn't really L.A., and confirmed that fact by calling L.A. on the phone. A.M. told the unknown person to stop contacting her.

"While still logged into Skype, the unknown person told A.M. that he had damaging photo (sic) of her sister, D.M., and another friend, M.O. To prove that he had the photo, the unknown person changed his Skype profile photo to the pornographic photo of D.M. The photograph was sexually explicit and embarrassing to D.M. and M.O." and showed them both in a hot tub, naked from the waist up, according to the search warrant.

From there, the unknown person demanded that both A.M. and her sister D.M. pose naked for their webcam or he would post the embarrassing photo to their Facebook walls. He gave them 10 seconds. When they attempted to stall him, he logged into L.A.'s Facebook account and added the hot-tub photo to her Facebook wall. That led the two women to comply with the unknown person's demands, and briefly flash their breasts via a Skype video chat. When the unknown person said they hadn't posed long enough, the pair again posed for him via Skype.

After that episode, the unknown person removed the embarrassing photo from L.A.'s Facebook wall. Both of the victims, meanwhile, immediately closed down their Facebook and webmail accounts. But the unknown person continued to contact them and demand that they pose naked for new photos and threatened to post more embarrassing photos of them to Facebook unless they complied.

According to the FBI's search warrant, as a result of the sextortion campaign, "A.M. stated she is emotionally distraught and stated that D.M. said she felt as if she was raped."

Although Kazaryan allegedly amassed hundreds of victims, the search warrant suggests he was no hacking wunderkind and that he took few if any steps to try to cover his online tracks. Notably, access records for victims' hacked Facebook accounts, shared by Facebook with the FBI, showed that the same IP address had been used to access 176 different hacked Facebook accounts between Nov. 1, 2010 and Dec. 26, 2010 -- including the aforementioned victims.

According to the search warrant, in that timeframe, the same IP address used to hack into those pages was also the most-used IP address -- used 190 times, and nearly every day -- for accessing Kazaryan's Facebook page. According to Facebook personnel, the IP address also corresponded with Kazaryan's regularly used PC, and Kazaryan had never reported that his account had been hacked.

According to the search warrant, Kazaryan had been previously arrested, and as of Jan. 18, 2011, had a pending trial for a 2008 rape charge.

Offensive cybersecurity is a tempting prospect. It's also way too early to go there. Here's what to do instead. Also in the new, all-digital Nuclear Option issue of InformationWeek: Military agencies worldwide are figuring out the tactics and capabilities that will be critical in any future cyber war. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
0%
100%
PJS880,
User Rank: Ninja
2/3/2013 | 6:09:37 PM
re: FBI Busts Alleged Skype 'Sextortionist'
This sound like a whole new form of terror and crime that is a result of social media and being able to exploit people through their image. I understand with technology comes a whole slue of threats and attacks just waiting to be launched, but this is ridiculous, that a man with a previous rape record is able to conduct this sort of behavior and go unnoticed for so long and effect so many people. Clearly he did not care about getting caught or was to stupid to cover his tracks, either way glad this guy will be doing some pretty painful time.

Paul Sprague
InformationWeek Contributor
Melanie Rodier
0%
100%
Melanie Rodier,
User Rank: Black Belt
1/31/2013 | 3:49:28 PM
re: FBI Busts Alleged Skype 'Sextortionist'
How horrible. Amongst other issues at stake here, it's a reminder that all computer users definitely need to ramp up security - in addition to changing passwords regularly, everyone needs to explore other ways and products that can help boost security.
NG11209
0%
100%
NG11209,
User Rank: Apprentice
1/31/2013 | 3:07:06 PM
re: FBI Busts Alleged Skype 'Sextortionist'
Another reminder that nothing you post to the internet is safe...
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5314
Published: 2014-11-23
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.

CVE-2014-5325
Published: 2014-11-23
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity refe...

CVE-2014-5326
Published: 2014-11-23
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-6477
Published: 2014-11-23
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4...

CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?