Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


FBI Busts Alleged Skype 'Sextortionist'

Man is accused of extorting over 350 women into posing nude on Skype by threatening to post compromising photos of them to Facebook.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The FBI Tuesday announced the arrest of Karen "Gary" Kazaryan, a 27-year old man, for allegedly coercing female Internet users into posing topless via Skype. Investigators said they recovered 3,000 nude and semi-nude pictures from Kazaryan's PC and suspect him of victimizing over 350 women between 2009 and 2011.

An indictment unsealed Tuesday in U.S. District Court charges Kazaryan with 15 counts of computer intrusion and 15 counts of aggravated identity theft. If convicted on all counts, Kazaryan faces up to 105 years in jail.

According to the indictment, Kazaryan's "sextortion" campaigns began with hacking into people's e-mail and Facebook accounts, harvesting naked or semi-naked pictures and collecting information about the account holders' friends.

[ Want more on Skype security? Read Skype Deals With Account Hijacking Exploit. ]

"Using the accounts to which he had obtained unauthorized access, defendant Kazaryan would then, in the guise of the victims' online identities, contact friends or associates of the victims in order to fraudulently persuade, or extort, those individuals into removing their clothing so that defendant Kazaryan could view, and take pictures of, their naked or semi-naked bodies on their webcams," said the indictment. "Defendant Kazaryan would also use naked or semi-naked images of victims to further extort those and other victims to remove their clothing so that defendant Kazaryan could view, and take pictures of, their naked or semi-naked bodies."

The FBI said that it hasn't yet linked all of the nude and semi-nude images with people's actual identities. "Anyone who believes they may have been a victim in this case should contact the FBI's Los Angeles Field Office at (310) 477-6565," said a statement issued by the bureau.

A related search warrant, executed in 2011 and unsealed Tuesday, details Kazaryan's alleged working methods, which left some of his victims "fearful of using the Internet and computers." The search warrant was written by FBI special agent and cyber squad investigator Tanith Rogers, who has previously investigated numerous sextortion cases.

In one series of creepy extortion attacks described in the search warrant, Kazaryan contacted a female target ("A.M."), posing as her female friend ("L.A."), and inviting her to connect via a Skype account that "she" had just created. But after several minutes, the victim suspected that the person on Skype wasn't really L.A., and confirmed that fact by calling L.A. on the phone. A.M. told the unknown person to stop contacting her.

"While still logged into Skype, the unknown person told A.M. that he had damaging photo (sic) of her sister, D.M., and another friend, M.O. To prove that he had the photo, the unknown person changed his Skype profile photo to the pornographic photo of D.M. The photograph was sexually explicit and embarrassing to D.M. and M.O." and showed them both in a hot tub, naked from the waist up, according to the search warrant.

From there, the unknown person demanded that both A.M. and her sister D.M. pose naked for their webcam or he would post the embarrassing photo to their Facebook walls. He gave them 10 seconds. When they attempted to stall him, he logged into L.A.'s Facebook account and added the hot-tub photo to her Facebook wall. That led the two women to comply with the unknown person's demands, and briefly flash their breasts via a Skype video chat. When the unknown person said they hadn't posed long enough, the pair again posed for him via Skype.

After that episode, the unknown person removed the embarrassing photo from L.A.'s Facebook wall. Both of the victims, meanwhile, immediately closed down their Facebook and webmail accounts. But the unknown person continued to contact them and demand that they pose naked for new photos and threatened to post more embarrassing photos of them to Facebook unless they complied.

According to the FBI's search warrant, as a result of the sextortion campaign, "A.M. stated she is emotionally distraught and stated that D.M. said she felt as if she was raped."

Although Kazaryan allegedly amassed hundreds of victims, the search warrant suggests he was no hacking wunderkind and that he took few if any steps to try to cover his online tracks. Notably, access records for victims' hacked Facebook accounts, shared by Facebook with the FBI, showed that the same IP address had been used to access 176 different hacked Facebook accounts between Nov. 1, 2010 and Dec. 26, 2010 -- including the aforementioned victims.

According to the search warrant, in that timeframe, the same IP address used to hack into those pages was also the most-used IP address -- used 190 times, and nearly every day -- for accessing Kazaryan's Facebook page. According to Facebook personnel, the IP address also corresponded with Kazaryan's regularly used PC, and Kazaryan had never reported that his account had been hacked.

According to the search warrant, Kazaryan had been previously arrested, and as of Jan. 18, 2011, had a pending trial for a 2008 rape charge.

Offensive cybersecurity is a tempting prospect. It's also way too early to go there. Here's what to do instead. Also in the new, all-digital Nuclear Option issue of InformationWeek: Military agencies worldwide are figuring out the tactics and capabilities that will be critical in any future cyber war. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
2/3/2013 | 6:09:37 PM
re: FBI Busts Alleged Skype 'Sextortionist'
This sound like a whole new form of terror and crime that is a result of social media and being able to exploit people through their image. I understand with technology comes a whole slue of threats and attacks just waiting to be launched, but this is ridiculous, that a man with a previous rape record is able to conduct this sort of behavior and go unnoticed for so long and effect so many people. Clearly he did not care about getting caught or was to stupid to cover his tracks, either way glad this guy will be doing some pretty painful time.

Paul Sprague
InformationWeek Contributor
Melanie Rodier
Melanie Rodier,
User Rank: Black Belt
1/31/2013 | 3:49:28 PM
re: FBI Busts Alleged Skype 'Sextortionist'
How horrible. Amongst other issues at stake here, it's a reminder that all computer users definitely need to ramp up security - in addition to changing passwords regularly, everyone needs to explore other ways and products that can help boost security.
User Rank: Apprentice
1/31/2013 | 3:07:06 PM
re: FBI Busts Alleged Skype 'Sextortionist'
Another reminder that nothing you post to the internet is safe...
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-25
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
PUBLISHED: 2020-11-25
scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.
PUBLISHED: 2020-11-25
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
PUBLISHED: 2020-11-25
osCommerce has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
PUBLISHED: 2020-11-25
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of ever...