Arrested for hacking into 1,050 email accounts belonging to two US universities and attempting to do so at 75 other educational institutions, Arizona man Jonathan Powell, 29, was charged with fraud in connection with computers, risking 5 years’ imprisonment.
Using password reset tools, Powell tried to access accounts from New York Pace University and an unnamed university in Pennsylvania, looking for confidential information and “potentially embarrassing content” on victims’ social network or email accounts. Causing financial losses estimated around $5,000, Powell attempted to change the password for 2,054 accounts since October 2015.
“As alleged, Jonathan Powell targeted dozens of universities around the country, successfully hacking into student email accounts hosted on at least two universities’ servers and accessing the social media, email, and other online accounts of many of those students,” said Manhattan U.S. Attorney Preet Bharar. “Powell allegedly stole students’ personal information and searched their photos for potentially embarrassing content. This case should serve as a wakeup call for universities and educational institutions around the country. There is no greater threat to our security and personal privacy than the cyber threat, and hackers must be identified, stopped, and punished.”
The password reset utility is believed to have been used 18,640 different times, succeeding to compromise some accounts more than once. A number of Facebook accounts are also believed to have been compromised, as they were dependent on the compromised email addresses. Apple iCloud, Facebook, Google, LinkedIn, and Yahoo! accounts are also believed to have been compromised by Powell, leveraging the fact that they were linked with the compromised email addresses.
While credentials for other universities were discovered during investigations, their names have remained undisclosed by authorities. The FBI is actively pursuing cybercriminal activities that involve illegal access to personal accounts, said FBI Assistant Director William F. Sweeney Jr.
“Cybercrime victims can be large companies or individual users who have their network or accounts accessed illegally, even if there is no theft,” said Sweeney. “The FBI takes seriously any allegations of intrusions, and we will continue to hold accountable those who pose a threat in cyberspace.”