Facebook clues used to hack email accounts, steal nude pics
SACRAMENTO – In a cautionary tale for users of social-networking sites, a California man has admitted using personal information he gleaned from Facebook to hack into women’s email accounts, then send nude pictures of them to everyone in their address book.
The California attorney general’s office said Friday that George Bronk, 23, commandeered the email accounts of dozens of women in the US and England.
He then scanned the women’s “sent” folders for nude and seminude photos and videos, and forwarded any he found to all the women’s contacts, prosecutors said.
Bronk coerced one woman into sending him more explicit photographs by threatening to distribute the pictures he already had. One victim told authorities the intrusion felt like “virtual rape.”
Bronk, who lives in the Sacramento suburb of Citrus Heights, pleaded guilty to seven felonies in Sacramento County Superior Court, including computer intrusion, false impersonation and possession of child pornography.
Prosecutors are seeking a six-year prison term when Bronk returns for a sentencing evaluation March 10.
His attorney, Monica Lynch of Roseville, called her client a “23-year-old boy going on 15.”
“He’s accepted full responsibility. It’s a tragic situation,” she said.
Lynch said she will argue for less than a six-year sentence.
Prosecutors said Bronk would scan women’s Facebook accounts looking for those who posted their email addresses. He would then study their Facebook postings to learn the answers to common security questions like their favourite colour or father’s middle name.
He contacted the women’s email providers and used the information to gain control of their accounts. He also often gained control of their Facebook accounts by hijacking their passwords, then posted compromising photographs on their Facebook pages and other internet sites.
“This case highlights the fact that anyone with an email account is vulnerable to identity theft,” Attorney General Kamala Harris said in a statement announcing Bronk’s guilty plea.
Investigators found 172 email files containing explicit photographs of women when they searched Bronk’s computer in September, according to a court affidavit.
They were able to track his victims to England, Washington, D.C., and 17 states: Alabama, Arizona, California, Georgia, Illinois, Iowa, Kansas, Louisiana, Massachusetts, New Hampshire, New Jersey, New York, Ohio, Oregon, Texas, Virginia and Washington.
“He is a sick individual,” said 22-year-old Danielle Piscak of Parkland, Wash., one of Bronk’s victims.
Piscak said one of her friends alerted her that nude photographs she had sent privately to her husband were posted on her Facebook page last fall. Facebook removed the photos the next day.
“I have a network of like 1,500 people, so they all saw my pictures. So my graduating class of 2007 saw that. I’m in the military, so all my army friends saw that,” Piscak said. She had to explain the embarrassing situation to her family and husband, from whom she is separated.
Piscak used a different email account to contact the person who had hacked her page.
“I said, ‘Why are you doing this?’ and he said, ‘Because it’s funny,’” Piscak said in a telephone interview. The Associated Press does not identify victims in sex cases as a matter of policy, but Piscak gave permission for her name to be used. She also said she has agreed to tell her story on a nationally televised talk show.
Piscak said she fears the postings could harm her future in the military and her plans for a career in criminal justice, though most people who saw the photos were understanding.
A second victim, Stephanie, 24, of Los Angeles, said she, the FBI and other authorities tried for seven hours to remove an album of 10 photographs that Bronk posted on her account before Facebook took it down.
“Then he wrote just crass, racist, disgusting comments on people’s walls that I was friends with,” said Stephanie, who did not want her last name used for fear the story could harm her career. She said she felt violated, “kind of a rape-like situation.”
Stephanie said she originally had sent the private photos to a boyfriend, only to have them seen by her college professors and co-workers.
Both of the victims, along with Bronk’s attorney, said Facebook should have caught Bronk’s activities more quickly. Facebook spokesmen did not return telephone or email messages on Friday.
Bronk began his hacking in December 2009, prosecutors said. He will have to register as a sex offender because of his guilty plea.
Investigators caught on after a victim called Connecticut State Police, which referred the complaint to the California Highway Patrol. They used information from Bronk’s confiscated computer to email questionnaires to 3,200 of his internet contacts, asking if they had been victimised.
Forty-six women said they had. Bronk was arrested in October and remains jailed on $500,000 bond.
The attorney general’s office advised those using email and social-networking sites to pick security questions and answers that aren’t posted on public sites, or to add numbers or other characters to common security answers. Additional safety tips are on the California attorney general’s website