Snapchat hacking victim in Pittsburgh case pushes to label cyber attackers as sex offenders | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


She doesn’t know what photos were surreptitiously taken from her cellphone.

They could’ve been mundane, like a picture of a family pet, or something more explicit. While she believes an explicit photo was unlikely, the sheer knowledge that someone breached her Snapchat account to swipe her personal images felt like an invasive violation.

“It’s terrifying. It’s really scary,” said the Latrobe native in her 30s whose identity is being withheld by the Trib. “For me, it doesn’t matter what the content of it is. It’s the fact that it’s my private property.”

She is one of hundreds of victims in a Pittsburgh federal court case involving seven accused hackers. Authorities say the men conspired to hack into Snapchat accounts, steal intimate photos and videos and trade them online.

It’s a type of scheme in the shadows that has been ongoing nationwide for years as hackers, typically men, seek out intimate images and videos held electronically by unsuspecting users, typically women. Cybersecurity experts told the Trib data privacy laws have lagged in the United States, leaving a patchwork of protections in some states.

“Technology is moving so fast, and our lawmakers are not doing their jobs,” said Matthew Kisow, Seton Hill University associate professor of cybersecurity.

Investigators in the Pittsburgh case have identified 140 victims, and 150 remain unidentified, Assistant U.S. Attorney Christian Trabold said during a sentencing hearing June 22. Some were known to the suspects or through mutual friends.

One defendant — Michael Yackovich, 30, of West Newton — was sentenced last month to four years in federal prison and three years of supervised release. He pleaded guilty to conspiracy to commit online wire fraud and aggravated identity theft.

Three others have pleaded guilty and are awaiting sentencing over the next couple months. Three cases remain pending.

While the Latrobe native thought Yackovich should’ve gotten a longer sentence, she hopes the remaining six cases have a similar outcome.

She also hopes to use them as a springboard to push legislators to address what she sees as gaps in the law, while technology continues to advance. Though prosecutors said the conspirators illegally acquired sexual images and videos, Yackovich ultimately did not plead guilty to a crime that required he register as a sex offender.

The Latrobe native wants to change that for future cases.

“Myself and the others, we are more than just the objects they wanted to trade and sell around,” she said. “It has notes of human trafficking.”

Challenging cases

Similar criminal cases are not uncommon. Arrests for surreptitiously swiping images from unknowing cellphone users have been reported across the country for years. Experts believe building these cases is difficult.

• An Illinois man pleaded guilty in February in Boston federal court to hacking into Snapchat accounts to steal nude photos from women who lived in the area, which prosecutors said he kept, sold or traded.

A co-conspirator was sentenced to five years in federal prison followed by three years of supervised release.

• Three men were indicted in Michigan on similar allegations involving female classmates at their former high school. One of them was sentenced in March to three years of probation.

• A California man was sentenced in 2022 to nine years in federal prison for hacking into the Apple iCloud accounts of hundreds of women across the country and stealing nude photographs and videos. On more than 300 occasions, the stolen content was sent to conspirators, who prosecutors said then posted the images publicly.

• A New York man was sentenced in 2021 to three years in federal prison and three years of probation for hacking into the social media accounts of fellow university students to get nude photographs and videos. They were then traded online, prosecutors said.

A conspirator was sentenced to 111 months in prison and 15 years of supervised release.

The accusations aren’t anything new — a 2014 hacking scandal led to charges against four men and exposed intimate photos, many of which belonged to high-profile celebrities, that had been stored in Apple’s iCloud, according to CNN.

In a 2014 interview with Vanity Fair, actress Jennifer Lawrence called for the law to change.

“It is not a scandal. It is a sex crime,” she told the magazine then. “It is a sexual violation.”

Twelve years later, the Latrobe native targeted in the Pittsburgh-area scheme is echoing that, saying hackers are exploiting someone else for their own gain.

“I just cannot see this as anything other than sexual predation,” she said.

Court records indicated Yackovich had hundreds of phishing text messages on his cellphone and folders containing stolen images — one of which was labeled “local girls” — that were turned over to the FBI. He advertised his account-hacking services on the internet, authorities said.

“This conduct is plainly deplorable,” prosecutors wrote in a sentencing memorandum.

Social engineering approach

Hacking can be simple for some, said Kisow, the Seton Hill professor.

“For the layman, it’s very difficult to take over an account,” he said. “If you know what you’re doing, it’s very easy to take over an account.”

It’s typically done through social engineering, which is “the art of manipulating people into taking actions they normally would not,” said Michael Pry, director of the Center for Cybersecurity Excellence at the University of Pittsburgh’s Greensburg campus. That can come in the form of illegitimate messages seeking passwords or other account information.

“Rather than exploiting a vulnerability in software, they exploit a natural human tendency to trust others and respond to messages that appear legitimate,” he said.

Some cyber criminals opt to go directly to the source and push through a company’s cyber defense. It can be a cycle for a company to find and patch holes in security while hackers adapt their techniques, experts said.

But even if they’re caught, the ill-gotten goods — in the form of personal information, financial data or intimate images — could be on the internet forever. Though there are often legal and reporting mechanisms to get that content removed, it might have been copied and continue to circulate, Pry said.

“The underground marketplaces, they’re going to continue. That’s why we have to feel for the victims: because that information’s going to truly be out there forever,” Kisow said. “I think that’s the real concern here.”

Patchwork of laws nationwide

There are patchwork laws in various states addressing data privacy and posting of another person’s intimate images without consent, as well as the federal Take It Down Act, which provides an avenue for images to be removed from websites. Other countries have much stricter data privacy laws, experts said, such as the European Union’s General Data Protection Regulation, which governs how companies use personal data and requires a 72-hour notification in the event of a breach.

“I think it would be useful for victims to reach out to legislators,” said Jessica Ghilani, associate professor of communication at University of Pittsburgh’s Greensburg campus.

Ghilani and other experts agree state and federal laws surrounding data protection should be updated to better reflect the rapid evolution of technology and online platforms.

“It’s something that people should have a bigger say about,” Ghilani said.

While Kisow and Pry teach classes full of budding cyberdefense professionals, Pry said he thinks cybersecurity awareness should become commonplace in high schools.

“Students need to understand how social engineering works, how to recognize phishing attempts and fraudulent messages and how to verify the legitimacy of requests before responding,” he said. “As technology becomes more integrated into everyday life, cybersecurity awareness is no longer just an IT skill. It is an essential life skill.”

The Latrobe native encouraged women who have mutual friends with the defendants in the Pittsburgh case to check with the FBI to see if their accounts were affected. There are 150 unidentified victims, prosecutors said recently.

While the remaining six cases wind their way through the court system, she is focused on raising awareness and pushing lawmakers to make changes that would hold future similar cyberattackers accountable as sex offenders.

“It’s not easy, it’s not good or fun, but I have that capacity. I have that bandwidth right now,” she said “I have the room in my life to be pissed off.”





Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW