Ford gained access to at least 450 email accounts.
On Wednesday, according to a Department of Justice press release, former U.S. State Department employee Michael C. Ford plead guilty to “nine counts of cyberstalking, seven counts of computer hacking to extort and one count of wire fraud.”
The investigation that led to his arrest—which took place as he attempted to board a flight with his wife and 18-month-old daughter back to the U.K., after visiting his parents in Georgia—began when two unconnected women, aged 18 and 22, approached the FBI about potential extortion threats being made against them online.
Although he was only indicted by the U.S. District Court for Georgia’s Northern District on 17 charges, his victims are estimated to number well over 200, with Ford gaining access to about 450 email accounts through phishing techniques. He reportedly sent out thousands of phishing emails, but only a fraction of them worked. Ford would pose as a member of an email service’s support team, and send people emails that claimed a password was needed to fix a problem with their account.
Ford allegedly showed a preference for young women, mostly those involved in sororities or aspiring models, and would use their email passwords to not only look for explicit photos in their inboxes, but also on any other service they used to store files.
Finding dirty photos wasn’t the endgame for Ford, though. He emailed the photos to his victims, and instructed them to record videos of “sexy girls” from inside dressing rooms or gym locker rooms. Here, the extortion blended into blackmail, and his threats to release his victims’ private photographs were not bluffs—on at least one occasion, the photos were sent to a young woman’s parents and brother.
One email, after a victim had failed to procure additional material for Ford, read: “don’t worry, it’s not like I know where you live.” That email was followed up with her home address, phone number, photographs, and a threat that they’d all be uploaded to an online escort database if the woman continued to not comply.
If that isn’t creepy enough, a spreadsheet was found on Ford’s work computer that contained 262 email addresses, many of which were broken down by universities. The network at the U.S. Embassy in London, where Ford was an employee at the time, was a monitored network. When you can’t access a pornography website, but you can launch phishing attacks to blackmail and “sextort” people for nude photos, times have become quite strange.
Ford will be sentenced on Feb. 16, and is under house arrest until then, in a home he owns in Georgia. His bail is set at $50,000, and he is not allowed access to the Internet.