Modernizing Authentication — What It Takes to Transform Secure Access
The FBI recently announced that hacker Karen "Gary" Kazaryan, 27, has been arrested and charged with 15 counts of computer intrusion and 15 counts of aggravated identity theft. Kazaryan allegedly hacked into victims' e-mail, Facebook and Skype accounts, then changed the passwords to lock the users out.
"He then allegedly searched emails or other files for naked or semi-naked pictures of the women, as well as other information, such as passwords and the names of their friends," writes The Los Angeles Times' Andrew Blankstein. "Kazaryan then posed online as those women and sent instant messages to their friends, coaxing them into removing their clothing so that he could view and take pictures of them, according to the indictment."
"The indictment also states that Kazaryan would use these pictures to blackmail some of his victims into providing more naked photographs or Skype video calls," writes The Register's Iain Thomson. "It is claimed that in some cases he posted nude photographs on Facebook as punishment, after some women refused his demands."
"Investigators estimate that Kazaryan victimized more than 350 women, but they have not identified all of the victims whose accounts were hacked," Help Net Security reports. "Authorities found approximately 3,000 pictures of nude or semi-nude women – some of which were taken from their online accounts, and some of which were taken by Kazaryan on Skype – on Kazaryan’s computer."
"So how did the FBI find Kazaryan? Well -- pretty easily," writes Ars Technica's Nate Anderson. "They simply asked Facebook. By December 27, 2010, Facebook's internal security team had wrapped up an investigation in which it simply pulled the IP addresses for everyone who had accessed the various victim accounts over the last two months, then correlated them. One IP address was common to each: 188.8.131.52."
"According to the search warrant, in that timeframe, the same IP address used to hack into those pages was also the most-used IP address -- used 190 times, and nearly every day -- for accessing Kazaryan's Facebook page," writes InformationWeek's Mathew J. Schwartz. "According to Facebook personnel, the IP address also corresponded with Kazaryan's regularly used PC, and Kazaryan had never reported that his account had been hacked."
If convicted on all counts, Kazaryan faces up to 105 years in federal prison.