Risk
1/30/2013
11:19 AM
50%
50%

FBI Busts Alleged Skype 'Sextortionist'

Man is accused of extorting over 350 women into posing nude on Skype by threatening to post compromising photos of them to Facebook.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The FBI Tuesday announced the arrest of Karen "Gary" Kazaryan, a 27-year old man, for allegedly coercing female Internet users into posing topless via Skype. Investigators said they recovered 3,000 nude and semi-nude pictures from Kazaryan's PC and suspect him of victimizing over 350 women between 2009 and 2011.

An indictment unsealed Tuesday in U.S. District Court charges Kazaryan with 15 counts of computer intrusion and 15 counts of aggravated identity theft. If convicted on all counts, Kazaryan faces up to 105 years in jail.

According to the indictment, Kazaryan's "sextortion" campaigns began with hacking into people's e-mail and Facebook accounts, harvesting naked or semi-naked pictures and collecting information about the account holders' friends.

[ Want more on Skype security? Read Skype Deals With Account Hijacking Exploit. ]

"Using the accounts to which he had obtained unauthorized access, defendant Kazaryan would then, in the guise of the victims' online identities, contact friends or associates of the victims in order to fraudulently persuade, or extort, those individuals into removing their clothing so that defendant Kazaryan could view, and take pictures of, their naked or semi-naked bodies on their webcams," said the indictment. "Defendant Kazaryan would also use naked or semi-naked images of victims to further extort those and other victims to remove their clothing so that defendant Kazaryan could view, and take pictures of, their naked or semi-naked bodies."

The FBI said that it hasn't yet linked all of the nude and semi-nude images with people's actual identities. "Anyone who believes they may have been a victim in this case should contact the FBI's Los Angeles Field Office at (310) 477-6565," said a statement issued by the bureau.

A related search warrant, executed in 2011 and unsealed Tuesday, details Kazaryan's alleged working methods, which left some of his victims "fearful of using the Internet and computers." The search warrant was written by FBI special agent and cyber squad investigator Tanith Rogers, who has previously investigated numerous sextortion cases.

In one series of creepy extortion attacks described in the search warrant, Kazaryan contacted a female target ("A.M."), posing as her female friend ("L.A."), and inviting her to connect via a Skype account that "she" had just created. But after several minutes, the victim suspected that the person on Skype wasn't really L.A., and confirmed that fact by calling L.A. on the phone. A.M. told the unknown person to stop contacting her.

"While still logged into Skype, the unknown person told A.M. that he had damaging photo (sic) of her sister, D.M., and another friend, M.O. To prove that he had the photo, the unknown person changed his Skype profile photo to the pornographic photo of D.M. The photograph was sexually explicit and embarrassing to D.M. and M.O." and showed them both in a hot tub, naked from the waist up, according to the search warrant.

From there, the unknown person demanded that both A.M. and her sister D.M. pose naked for their webcam or he would post the embarrassing photo to their Facebook walls. He gave them 10 seconds. When they attempted to stall him, he logged into L.A.'s Facebook account and added the hot-tub photo to her Facebook wall. That led the two women to comply with the unknown person's demands, and briefly flash their breasts via a Skype video chat. When the unknown person said they hadn't posed long enough, the pair again posed for him via Skype.

After that episode, the unknown person removed the embarrassing photo from L.A.'s Facebook wall. Both of the victims, meanwhile, immediately closed down their Facebook and webmail accounts. But the unknown person continued to contact them and demand that they pose naked for new photos and threatened to post more embarrassing photos of them to Facebook unless they complied.

According to the FBI's search warrant, as a result of the sextortion campaign, "A.M. stated she is emotionally distraught and stated that D.M. said she felt as if she was raped."

Although Kazaryan allegedly amassed hundreds of victims, the search warrant suggests he was no hacking wunderkind and that he took few if any steps to try to cover his online tracks. Notably, access records for victims' hacked Facebook accounts, shared by Facebook with the FBI, showed that the same IP address had been used to access 176 different hacked Facebook accounts between Nov. 1, 2010 and Dec. 26, 2010 -- including the aforementioned victims.

According to the search warrant, in that timeframe, the same IP address used to hack into those pages was also the most-used IP address -- used 190 times, and nearly every day -- for accessing Kazaryan's Facebook page. According to Facebook personnel, the IP address also corresponded with Kazaryan's regularly used PC, and Kazaryan had never reported that his account had been hacked.

According to the search warrant, Kazaryan had been previously arrested, and as of Jan. 18, 2011, had a pending trial for a 2008 rape charge.

Offensive cybersecurity is a tempting prospect. It's also way too early to go there. Here's what to do instead. Also in the new, all-digital Nuclear Option issue of InformationWeek: Military agencies worldwide are figuring out the tactics and capabilities that will be critical in any future cyber war. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
0%
100%
PJS880,
User Rank: Ninja
2/3/2013 | 6:09:37 PM
re: FBI Busts Alleged Skype 'Sextortionist'
This sound like a whole new form of terror and crime that is a result of social media and being able to exploit people through their image. I understand with technology comes a whole slue of threats and attacks just waiting to be launched, but this is ridiculous, that a man with a previous rape record is able to conduct this sort of behavior and go unnoticed for so long and effect so many people. Clearly he did not care about getting caught or was to stupid to cover his tracks, either way glad this guy will be doing some pretty painful time.

Paul Sprague
InformationWeek Contributor
Melanie Rodier
0%
100%
Melanie Rodier,
User Rank: Black Belt
1/31/2013 | 3:49:28 PM
re: FBI Busts Alleged Skype 'Sextortionist'
How horrible. Amongst other issues at stake here, it's a reminder that all computer users definitely need to ramp up security - in addition to changing passwords regularly, everyone needs to explore other ways and products that can help boost security.
NG11209
0%
100%
NG11209,
User Rank: Apprentice
1/31/2013 | 3:07:06 PM
re: FBI Busts Alleged Skype 'Sextortionist'
Another reminder that nothing you post to the internet is safe...
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1449
Published: 2014-12-25
The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

CVE-2014-2217
Published: 2014-12-25
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.

CVE-2014-3971
Published: 2014-12-25
The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

CVE-2014-7193
Published: 2014-12-25
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site ...

CVE-2014-7300
Published: 2014-12-25
GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.