On Wednesday, one North Carolina man was sentenced for breaking into the email and online accounts of dozens of women, using a combination of phishing emails and open source research to figure out the answers to victims' security questions. Although the case may not be all that interesting from a technical perspective, it does highlight what sort of threat completely ordinary people can face online.
Kevin Maldonado, 35, "repeatedly and indiscriminately gained access to multiple women's computers for a period of at least two years using a number of methods in essence to stalk them," a sentencing memorandum written by government attorneys and filed earlier this month reads.
According to the document, most of the time Maldonado would create fictitious email accounts in order to impersonate various email providers, and then send messages to the targets asking for their login credentials. He would also use sites such as spokeo.com, a search engine for finding information on people, in order to uncover dates of birth, places of employment, and details on a victim's college education, the memorandum adds. And he didn't only target email services, but sometimes also victims' iCloud and Dropbox accounts, according to court records.
"In all, based on the file's on the defendant's hard drive and a sample of his phishing activity obtained by Google, the defendant victimized at least fifty women," the memorandum reads. These included women he had been romantically involved with, women he had only interacted with briefly, and apparently just random women he found on the internet.
Although Maldonado did steal personal, sexual photos from some of his victims, Maldonado did not break into accounts solely to obtain pornographic images, according to government attorneys.
"The defendant could have obtained such images, and better images, far more easily with a basic internet search. The defendant's actions, instead appear to be based on an intentional need to violate others privacy—as many others as he could," the sentencing memorandum reads.
This does appear to be a phenomenon among low-level hackers who break into women's accounts, or even their computers. In 2014, the UK's National Crime Agency arrested Stefan Rigo, who claimed he was "addicted" to watching unsuspecting victims carry out sexual acts in front of their web cameras.
Maldonado was sentenced to six months in federal prison, according to a press release from the Department of Justice.