WASHINGTON—A former locally-employed staff member of the U.S. Embassy in London was charged with engaging in a hacking and cyberstalking scheme in which, using stolen passwords, he obtained sexually explicit photographs and other personal information from victims’ e-mail and social media accounts, and threatened to share the photographs and personal information unless the victims ceded to certain demands.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney John A. Horn of the Northern District of Georgia, Director Bill A. Miller of the U.S. Department of State’s Diplomatic Security Service and Special Agent in Charge J. Britt Johnson of the FBI’s Atlanta Division made the announcement.
Michael C. Ford, 36, was charged by indictment on Aug. 18, 2015, with nine counts of cyberstalking, seven counts of computer hacking to extort and one count of wire fraud.
“According to the indictment, Ford hacked into e-mail accounts and extorted sexually explicit images from scores of victims,” said Assistant Attorney General Caldwell. “As these allegations highlight, predators use the Internet to target innocent victims. With the help of victims and our law enforcement partners, we will find those predators and hold them accountable.”
“Ford is alleged to have hacked into hundreds of e-mail accounts and tormented women across the country, by threatening to humiliate them unless they provided him with sexually explicit photos and videos,” said U.S. Attorney John Horn. “This sadistic conduct is all the more disturbing as Ford is alleged to have used the U.S. Embassy in London as a base for his cyberstalking campaign.”
“The Diplomatic Security Service is firmly committed to working with the Department of Justice and our other law enforcement partners to investigate allegations of crime and to bring those who commit these crimes to justice,” said Director Miller. “When a public servant in a position of trust is alleged to have committed a federal felony such as cybercrime, we vigorously investigate such claims.”
“While the allegations in this case are disturbing, it does illustrate the willingness and commitment of the FBI and its federal partners to aggressively follow those allegations wherever they take us,” said Special Agent in Charge Johnson. “The FBI will continue to provide significant resources and assets as we address complex cyber based investigations as seen here.”
According to allegations in the indictment, from January 2013 through May 2015, Ford, using various aliases that included “David Anderson” and “John Parsons,” engaged in a computer hacking and “sextortion” campaign to force numerous women to provide him with personal information and sexually explicit photographs and videos. To do so, Ford allegedly posed as a member of the fictitious “account deletion team” for a well-known e-mail service provider and sent notices to thousands of potential victims, including members of college sororities, warning them that their accounts would be deleted if they did not provide their passwords.
Using the passwords collected from this phishing scheme, Ford allegedly hacked into hundreds of e-mail and social media accounts, stole sexually explicit photographs and personal identifying information (PII), and saved both the photographs and PII to his personal repository.
Ford then allegedly e-mailed the victims and threatened to release the photographs, which were attached to the e-mails, unless they obtained videos of “sexy girls” undressing in changing rooms at pools, gyms and clothing stores, and then sent the videos to him.
The indictment alleges that, when the victims either refused to comply or begged Ford to leave them alone, Ford responded with additional threats, including by reminding the victims that he knew where they lived. On several occasions, Ford allegedly followed through with his threats by sending sexually explicit photographs to victims’ family members and friends.
During the pendency of the alleged scheme, Ford was a civilian employee at the U.S. Embassy in London, England. He allegedly used his government-issued computer at the U.S. Embassy to conduct the phishing, hacking and cyberstalking activities.
The charges and allegations contained in an indictment are merely accusations. The defendant is presumed innocent unless and until proven guilty.
The case is being investigated by the U.S. Department of State’s Diplomatic Security Service and the FBI. The Criminal Division’s Office of International Affairs and the U.S. Embassy in London provided assistance. The case is being prosecuted by Senior Trial Attorney Mona Sedky of the Criminal Division’s Computer Crime and Intellectual Property Section, Trial Attorney Jamie Perry of the Criminal Division’s Human Rights and Special Prosecutions Section and Assistant U.S. Attorney Kamal Ghali of the Northern District of Georgia.