Social Account Thief Goes to Prison For Stealing, Trading Nude Photos

A New York man received a three-year sentence in federal prison for hacking social media accounts of dozens of female college students and stealing nude photos and videos of them.

The individual was part of an online community that was engaged in the same activities and also traded the files.

Simple tricks

Nicholas Faber, 25, of Rochester, along with co-conspirator Michael Fish, accessed the school email accounts of female students at the State University of New York at Plattsburgh (SUNY-PB) to get the information that allowed them to hack into their social media and cloud storage accounts (Snapchat, Google, Facebook, iCloud).

For two years, between 2017 and 2019, they illegally accessed dozens of email accounts with the scope of stealing nude, sexually explicit, and personally embarrassing images and video material. On February 8, Faber pleaded guilty.

“[Nicholas Faber] also identified, by name, those females whose stolen materials he possessed and was willing to trade. The defendant solicited and received such stolen nude materials of specific women, some of whom he knew personally,” reads the plea agreement.

Faber would sometimes provide the email addresses or usernames of the accounts he wanted to be hacked. The prosecutors found evidence of more than 50 such requests.

Also Read: Data Minimization; Why Bigger is Not Always Better

According to the prosecutors, Faber tried to hack into more than two dozen accounts of females he knew but managed to break into just ten of them.

One of the methods used was to initiate the password reset procedure and providing the correct answers for the security questions that allowed defining a new password.

When he successfully accessed online accounts, he looked for and stole any nude photographs or videos he found and traded the stolen materials with others online.

Faber also pulled a sick prank and created collages that mixed private photos of students and formal graduation ones. These collages were then distributed.

When complaints came in about account lockouts due to the unauthorized password changes, the university started to investigate and acted to prevent the “hackers” from accessing the systems through virtual private networks.

Another method described for accessing victim Snapchat accounts included texting them that they used the victim’s phone number to sign up to and they needed the ephemeral code to log in.

As part of the guilty plea, Faber agreed to pay restitution of $35,000 to the SUNY-PB (investigation efforts) and an order of forfeiture for the electronic equipment he possessed at the time of the arrest.

Also Read: Vulnerability Management For Cybersecurity Dummies

Fish also pleaded guilty (computer hacking, aggravated identity theft, and child pornography offenses). He is awaitin his sentence on November 3.