US Embassy Employee Charged with Hacking Hundreds of Women in Creepy Cyber Stalking Scheme
A former employee at the United States embassy located in London has been charged with a creepy sexual extortion scheme, involving as many as 250 women. According to the Justice Department, embassy employee Michael C. Ford allegedly stole passwords and sexually explicit images as part of a broad extortion scheme for the better part of two years, with a majority of the attacks being completed on U.S. embassy computers. “Ford is alleged to have hacked into hundreds of email accounts and tormented women across the country,” said John Horn, a U.S. attorney, in a statement, “threatening to humiliate them unless they provided him with sexually explicit photos and videos.”
An affidavit from the case, filed in May, describes the embassy workers bizarre pattern of sexual harassment and extortion. Allegedly, Ford leveraged nude photos of his victims, threatening to release the photos online unless victims would cooperate with his demands, which were even more disturbing as he requested victims to film other women undresses in retail chaining rooms. “You do that, and I disappear,” he told one target in an email. The affidavit specifically mentions two names, but evidence riding against Ford points to hundreds of women that investigators have yet to even meet with.
An excerpt from Ford’s affidavit (PDF):
For example, on or about January 26, 2015, the target using the Google e-mail account “David Anderson” “xxxxxx2@googlemail.com,” (hereinafter the “talent scout” e-mail account), sent a series of e-mail messages to Jane Doe One. The first stated: “finally I found you! What do you think? Nice ass!” He attached a photograph of her of a sexual nature. When Jane Doe One asked the target where ge got the photo, the target responded, “I’m a wizard, I have lots. Did you like it? :).” He then asked “can I text the picture to [and inserted a phone number of an acquaintance of Jane Doe One] or maybe email it to [list of first names and last names of several of Jane Doe One’s friends].”
Ford’s attacks were hardly sophisticated, relying on general social engineering techniques to acquire his victims information. In one case cited in the affidavit, Ford compromised a victim’s email account by posing as a member of the ‘Gmail account deletion team‘ where he promised the victim’s account would stay fully functional if she replied with her password within 96 hours.
Federal law enforcement arrested Ford after one of his fake email accounts was traced back to a State Department IP address, as well as two others IP addresses located in the United Kingdom. After some investigating, officials were able to trace the email back to a single terminal within the U.S. Embassy in London.
Ford’s full scope of activities is still unclear, however investigators uncovered a spreadsheet allegedly created by Ford that lists 250 unique email addresses that had either been targeted or stolen in part of his two year long sexual stalking scheme. The list of email addresses aimed more towards .edu addresses, suggesting Ford was targeting college-aged women.
Thus far, Ford has been charged with nine counts of cyberstalking, seven counts of computer hacking to extort and one count of wire fraud. “As these allegations highlight, predators use the Internet to target innocent victims,” said Assistant Attorney General Leslie Caldwell. “With the help of victims and our law enforcement partners, we will find those predators and hold them accountable.”
