February 24, 2009

Hacking for Nudes?

Derek sent me this story this morning, and I think I said to myself (out loud, and slowly) "what... the... f?"

A good friend of mine years ago who worked as a volunteer firefighter used to tell me that they had to watch new volunteers very closely because pyromaniacs like to watch the fires they set, and how better to watch your work than to volunteer as a firefighter, light a fire, then help put it out.

This story has nothing to do with firefighters, but it does have to do with what happens when a person has a certain appetite or tendency and they are suddenly given the access they need to indulge their whims.

A UMass Dartmouth graduate and on-campus computer administrator faces charges that he illegally obtained nude and semi-nude photos of about 16 female students by hacking into their UMass e-mail accounts and Facebook files. [...]

His first step, according to court documents, was to search Facebook for female UMass Dartmouth students. Next, he checked the names with the campus Web site.

Then he would use his administrative authority to access their e-mail, where he would attempt to log into their personal Facebook accounts. When that failed because he lacked their Facebook passwords, he would have Facebook send a link for a new password back to their e-mail. The hacker would then open the e-mail to reset the password, then enter Facebook with all the privileges and access of the student.

At that point he could view all of the students' photographs, including private ones, and do further searches for their friends. - Police say UMD hacker snagged women's nude Facebook photos, SouthCoastToday.com

It's worth reading the entire article for more disturbing details, such as his "attempted up-skirt" photos.

One obvious reaction to this story is: why are people uploading nude pictures of themselves to Facebook? This is certainly a teachable moment about the assumption of privacy in on-line services. That's a worthy discussion on its own.

However, the hacker's behavior crosses into stalker territory, as evidenced by his searching for directions to the house of one of the commuting students. Whether he found nude photos of every girl or not (perhaps most of the girls had simply made some beach pictures private -- we can't jump to conclusions) he was willing to exploit his access to dig for further information, and seemed poised to act on his "research." That's worrying.

Posted by James at February 24, 2009 5:06 PM
Create Social Bookmark Links

What a creep.

This is EXACTLY what I fear when universal health records become a reality... a lot of people will abuse the system -- and not just the new recruits like the firefighter example.

Posted by: magenta321 at February 24, 2009 6:18 PM

That's friggin' creepy.

Personally I upload naked pictures of myself to all my online accounts. It's a security mechanism--one look at that and the hackers run screaming and may even claw out their own eyes.

That which has been seen, cannot be unseen.

But yes, there is no such thing as truly private online. That's an oxymoron.

Some of the comments on the article are interesting too. One is by a lady who brought a computer to best buy for repairs and discovered upon getting it back that several of her personal photos had been viewed multiple times--including some nude shots.

Probably a good idea to keep your personal stuff on an external hard drive that you can unhook and lock up when you are going to be away from the computer or when someone else is going to be using it.

Posted by: Chuck S at February 24, 2009 6:25 PM


First, posting naked pix? Stupid.

Second, seeking out and stealing naked pix? Disgusting. While "working"? Fire-able and actionable.

Posted by: Patti M. at February 24, 2009 7:07 PM

Copyright © 1999-2007 James P. Burke. All Rights Reserved