It is every woman’s nightmare. For almost close to a year (Dec 2009 – Sept 2010) George Samuel Bronk, a 23 year old computer hacker from Citrus Heights, California used Facebook status updates by various women across the world, to hack into their email accounts and then post nude photos of the victim on her own Facebook page!
In a press release yesterday, the California Attorney Attorney General Kamala D. Harris revealed details of the horrific crime and the guilty plea entered by the defendant on the 7 felony he was charged with.
Bronk allegedly targeted his victims by scanning Facebook status updates (which are public to the entire world, unless you opt-out of it, in case you didn’t know) for women who also posted their e-mail addresses on their facebook page. He then went to the password recover page of the email provider and managed to correctly answer the security questions posed by the e-mail service by finding the answers also on the victims’ Facebook pages and Facebook status updates.
This is really not hard to do, because as you already know, most of the security questions posed by e-mail providers are common knowledge to friends and family anyways, like
- “What is your high school mascot?”
- “What is your father’s middle name?”
- “What is your favorite food?” and
- “What is your favorite color?”
Once Bronk gained access to the e-mail account, he changed the password and the victim was locked out. Bronk then searched the victim’s “sent mail” folder for nude or semi-nude photographs and videos, which he often sent to the victim’s entire e-mail address book. He also gained access to some victims’ Facebook accounts by clicking the “Forgot Your Password?” link and asking for a new password to be sent to the victim’s e-mail account, which he now controlled. In many cases, he posted the photographs to victims’ Facebook pages and to other Internet sites and made comments on the Facebook sites of friends.
Also in the press release, Attorney General Harris reminded users of e-mail and social networking sites that security questions and answers need to be as secure as passwords.