Former U.S. State Department Employee Pleads Guilty to Extensive Computer Hacking, Cyberstalking and "Sextortion" Scheme
A former U.S. State Department employee pleaded guilty today to perpetrating a widespread, international e-mail phishing, computer hacking and cyberstalking scheme against hundreds of victims in the United States and abroad.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney John A. Horn of the Northern District of Georgia, Director Bill A. Miller of the U.S. Department of State’s Diplomatic Security Service and Special Agent in Charge J. Britt Johnson of the FBI’s Atlanta Field Office made the announcement.
Michael C. Ford, 36, of Atlanta, was indicted by a grand jury in the U.S. District Court for the Northern District of Georgia on Aug. 18, 2015, with nine counts of cyberstalking, seven counts of computer hacking to extort and one count of wire fraud. The names of the victims are being withheld from the public to protect their privacy.
Ford pleaded guilty to all charges and admitted that between January 2013 and May 2015, he used various aliases that included “David Anderson” and “John Parsons” and engaged in a widespread, international computer hacking, cyberstalking and “sextortion” campaign designed to force victims to provide Ford with personal information as well as sexually explicit videos of others. Ford targeted young females, some of whom were students at U.S. colleges and universities, with a particular focus on members of sororities and aspiring models.
Ford posed as a member of the fictitious “account deletion team” for a well-known e-mail service provider and sent phishing e-mails to thousands of potential victims, warning them that their e-mail accounts would be deleted if they did not provide their passwords. Ford then hacked into hundreds of e-mail and social media accounts using the passwords collected from his phishing scheme, where he searched for sexually explicit photographs. Once Ford located such photos, he then searched for personal identifying information (PII) about his victims, including their home and work addresses, school and employment information, and names and contact information of family members, among other things.
Ford then used the stolen photos and PII to engage in an ongoing cyberstalking campaign designed to demand additional sexually explicit material and personal information. Ford e-mailed his victims with their stolen photos attached and threatened to release those photos if they did not cede to his demands. Ford repeatedly demanded that victims take sexually explicit videos of “sexy girls” undressing in changing rooms at pools, gyms and clothing stores, and then send the videos to him.
When the victims refused to comply, threatened to go to the police or begged Ford to leave them alone, Ford responded with additional threats. For example, Ford wrote in one e-mail “don’t worry, it’s not like I know where you live,” then sent another e-mail to the same victim with her home address and threatened to post her photographs to an “escort/hooker website” along with her phone number and home address. Ford later described the victim’s home to her, stating “I like your red fire escape ladder, easy to climb.” Ford followed through with his threats on several occasions, sending his victims’ sexually explicit photographs to family members and friends.
Ultimately, Ford sent thousands of fraudulent “phishing” email messages to potential victims, successfully hacked into at least 450 online accounts belonging to at least 200 victims, and forwarded to himself at least 1,300 stolen email messages containing thousands of sexually explicit photographs. Ford sent threatening and “sextortionate” online communications to at least 75 victims.
During the relevant time period, Ford was employed by the U.S. Embassy in London. The majority of Ford’s phishing, hacking and cyberstalking activities were conducted from his computer at the U.S. Embassy.
“With nothing more than a computer and a few keystrokes, modern predators like Michael Ford can victimize hundreds of people around the world,” said Assistant Attorney General Caldwell. “While this criminal prosecution may never return the victims’ sense of security, I hope that today’s guilty plea brings them some peace of mind.”
“Ford engaged in an international sextortion campaign,” said U.S. Attorney Horn. “He tormented numerous women by threatening to humiliate them unless they provided him with sexually explicit photos and videos, and in some cases, he followed through on his threats. This case demonstrates the need to be careful in safeguarding personal information and passwords, especially in response to suspicious e-mails.”
“When a public servant in a position of trust commits any form of misconduct, to include federal crimes such as cyberstalking and computer hacking, we vigorously investigate such claims,” said Director Miller. “The Diplomatic Security Service is firmly committed to investigating and working with the Department of Justice, U.S. Attorney’s Office and our other law enforcement partners to investigate criminal allegations and bring those who commit these crimes to justice.”
“The allegations contained in this federal indictment portray an individual consumed with sexually themed cyber-stalking and exploitation as well as an individual who felt he was beyond detection and grasp of authorities,” said Special Agent in Charge Johnson. “The FBI is proud of the role it played in working with our law enforcement partners to bring Mr. Ford in for prosecution.”
U.S. District Judge Eleanor L. Ross of the Northern District of Georgia scheduled Ford’s sentencing hearing for Feb. 16, 2016.
The Diplomatic Security Service and the FBI are investigating the case. Senior Trial Attorney Mona Sedky of the Criminal Division’s Computer Crime and Intellectual Property Section, Trial Attorney Jamie Perry of the Criminal Division’s Human Rights and Special Prosecutions Section and Assistant U.S. Attorney Kamal Ghali of the Northern District of Georgia are prosecuting the case. The Criminal Division’s Office of International Affairs and the U.S. Embassy in London provided assistance in this case.