A former US Embassy worker who sextorted, phished, broke into email accounts, stole explicit images and cyberstalked hundreds of women around the world from his London office has been sentenced to nearly 5 years in jail.
Michael C. Ford, of Atlanta, pleaded guilty in December to nine counts of cyberstalking, seven counts of computer hacking to extort, and one count of wire fraud.
He ran his predatory scams from his official, government-issued computer for more than two years, posing as a member of the fictional Google “Account Deletion Team.”
He used aliases including “David Anderson” and “John Parsons”, telling victims that their email accounts would be deleted if they didn’t respond.
Once he’d gained access to their Gmail accounts, he used the details to hijack at least 450 Google, Facebook, Twitter and iCloud profiles belonging to 200 individuals. He ransacked their personal information and photos, then he’d start extorting them.
His preferred prey was young females, some of whom were students at US colleges and universities, with a particular focus on members of sororities and aspiring models.
Having stolen photos and personally identifying information (PII) that included their home and work addresses, school and employment information, and names and contact information of family members, Ford went on to demand more sexually explicit material and personal information, emailing victims the photos he’d stolen and threatening to publish them if they didn’t give him what he demanded.
Specifically, Ford demanded that his victims record and send to him videos of “sexy girls” undressing in changing rooms at pools, gyms and clothing stores.
He was a busy guy.
Ars Technica’s Cyrus Farivar posted a sentencing memorandum filed by prosecutors prior to the sentencing hearing on Monday.
In it, they expressed shock at the scale of Ford’s activities:
The sheer number of phishing emails that Ford sent is astounding.
According to the memorandum, on one day alone – 8 April, 2015 – Ford sent phishing emails to about 800 unique email addresses.
That’s not all. On the same date, he sent 180 followups to targets who hadn’t yet responded to his original email, plus 15 emails to potential targets who’d provided the wrong passwords.
Jamie Perry, a prosecutor, wrote this in the filing:
Considering Ford’s daily volume, repeated over the course of several months, the number of Ford’s potential phishing victims is staggering.