back to article This scumbag stole and traded victims' nude pics and vids after guessing their passwords, security answers

A college graduate has admitted hacking into the email and online accounts of female students, stealing their nude photos and videos, and trading them with others. Nicholas Faber, 25, on Tuesday pleaded guilty to one count of computer intrusion causing damage, and one count of aggravated identity theft. He is scheduled to be …

  1. WolfFan Silver badge

    He faked letters to the judge, using a computer in violation of the terms of his bail? O-kay, he’s an idiot. The judge will throw the book at him. Kiss bye-bye to sunlight, boyo, you ain’t gonna be seeing it for a while.

  2. Falmari Silver badge
    Joke

    Bring to the boil and simmer for 20 years

    "Fish is in deeper hot water" Looks like that fish is boiled.

    1. IT's getting kinda boring
      Joke

      Re: Bring to the boil and simmer for 20 years

      He's definitely not off the hook yet.

    2. DJV Silver badge

      Re: Bring to the boil and simmer for 20 years

      Yep, that looks like the scale of it!

      1. Trigonoceps occipitalis

        Re: Bring to the boil and simmer for 20 years

        There's a plaice for him in gaol.

        1. Jonathan Richards 1 Silver badge
          Joke

          Re: Bring to the boil and simmer for 20 years

          "Good evening, here are the fish jokes."

          - I'm Sorry, I'll Read That Again, circa 1968

          Carry on. I like a good re-porpoised joke.

    3. Chris G Silver badge

      Re: Bring to the boil and simmer for 20 years

      You think he may get time off for cod behaviour?

  3. Falmari Silver badge
    Devil

    Computer++ sentence

    The computer intrusion offence carries a maximum sentence of 10 years.

    Not saying the maximum sentence is too high also I really don’t know much about sentencing in the US. But is that comparable to old fashion burglary and stealing nude photos and films? I maybe wrong but it seems put computer in the mix and up the penalty goes.

    1. IGotOut Silver badge

      Re: Computer++ sentence

      If you break in and steal nude photos, can you distribute those to millions of people?

      1. deadlockvictim

        Re: Computer++ sentence

        You can but may not.

        In the same way that you can mug someone and keep their money.

        Aside from causing unasked-for distress to those involved, it gets you jail-time if you get caught.

      2. Falmari Silver badge

        Re: Computer++ sentence

        @IGotOut you have a point. But what’s to stop you selling to someone that uploads to a porn site. The computer intrusion and how much and what you steal is the crime the same for burglary. Does how you enjoy your ill-gotten gains make a difference to the sentence. If I spend it alcohol and fast women will I get a heavier sentence than spending it on real estate and travel?

        But yes, you have a point I just wondered as it seems to me that breaking into a computer carries a heavier penalty than breaking into a house stealing the same value of property.

        Just my observation from the UK which may be wrong.

        1. low_resolution_foxxes Silver badge

          Re: Computer++ sentence

          In the UK, if the police catch you 3 times for domestic burglary, it is generally a 2-4 year sentence. Although frankly the 1st time you'll probably get away with a court order.

          Amusingly, you have to think how many times/how bad the thief was, if they managed to be caught 3 separate times by the police. I mean, it's not like the police actively chase you down for it. You literally have to be caught on camera and recognised with a full name and address, in order to get them to arrest you (I recognise it is a hard job btw).

          1. Arthur the cat Silver badge

            Re: Computer++ sentence

            You literally have to be caught on camera and recognised with a full name and address, in order to get them to arrest you

            In a recent case round here the very considerate burglar left his wallet, complete with (his own) credit cards and driver's license, at the scene of the crime. I bet the copper knocking on his door had a bit of fun: "excuse me sir, did you recently lose your wallet?".

            1. Cynic_999

              Re: Computer++ sentence

              Although the burglar could have said that his wallet had been recently stolen, and any court would find it quite plausible that the unknown wallet thief then went on to commit burglary. Thus unless he was stupid, the wallet alone would not have been enough to convict.

            2. MachDiamond Silver badge

              Re: Computer++ sentence

              "In a recent case round here the very considerate burglar left his wallet, complete with (his own) credit cards and driver's license, at the scene of the crime. "

              Not as good as the one that broke into an off-license, cracked open a bottle and got so pissed he passed out. The police didn't have a hard time tracking him down as he was sprawled out on a table when they finally made it around.

          2. DrewWyatt

            Re: Computer++ sentence

            A few years ago I was looking in to putting in a CCTV system. I asked the local old bill about it and they told me that they would not accept any images from private CCTV systems as evidence, as there was no chain of custody. Basically, I couldn't prove that the location, date and time were correct. If I wanted them to accept the footage as evidence it had to be installed by a qualified and certified installer and run by an approved and certified company.

            In the end I didn't bother.

            1. Anonymous Coward
              Anonymous Coward

              Re: Computer++ sentence

              I asked the local old bill about it and they told me that they would not accept any images from private CCTV systems as evidence

              Seems a little odd then, how many times police actually ask for CCTV images and how often it is shown in news items where some crime is involved.. evidence is evidence whatever form it takes. Not only that but CCTV is useful for reasons other than anything to do with whether your local police think it is useful to them or not. I think most detectives would find it useful even if it's inadmissible in a court.

              1. adam 40 Silver badge

                Re: Computer++ sentence

                Exactly,

                they would accept the pictures as information, that might be useful in identifying the perps.

                But for prosecution they would need "evidence", which they could then glean by other means, having "fitted up" said perps.

            2. Cynic_999

              Re: Computer++ sentence

              You cannot always prove time & date, but you can usually prove the location from the image itself. And if the police were willing to make the effort, time & date can often be proven from things such as the weather, shadow angle and questioning the owners of vehicles and innocent passers-by seen on the CCTV image.

              Plus if the owner of the CCTV testifies that the recordings were made at a certain time & date, or that he checked the system time and date soon afterwards and found it to be correct, while not being absolute proof, the testimony is just as much evidence as the testimony of an assault victim or eye witness.

              1. Jonathan Richards 1 Silver badge
                Boffin

                Re: Computer++ sentence

                > time & date can often be proven

                I've thought of this off and on for years. One used to be able to get a document notarized, i.e. certified by a trusted professional as having been dated at a point in time. What we could do with is a digitally-signed time signal service which yields an encrypted stream that could be incorporated into e.g. surveillance video, which would (a) place it in time exactly, and even (b) prove that the image had not been tampered with.

                Now someone will kindly reply that this is already A Thing, and I shall be grateful.

                1. doublelayer Silver badge

                  Re: Computer++ sentence

                  It depends how you want it done. If a stream is generated and sent to a system for it to be embedded by that system, there are two possible problems. The first is that someone wishing to forge a time could get the stream and store it, later to overlay the stream as it was released at the desired fake time. They can also wait until the time they want and overlay a future time. The second problem is that such a stream would require a consistent network connection. If power or network failed but the camera continued recording, there would be no way to continue adding the time until those came back. This might not be important.

                  I can solve the first problem but not the second. The way to solve the first one is to set up a system which can accept hashes and store them in a database. The video for a given time can be hashed and that hash submitted to the remote service, which timestamps the entry. That would prevent someone specifying an earlier time, which is the most often deliberate adjustment. They could provide an old hash to make something look like it happened later than it did, but they'd have to do it consistently because the chunks before and after the occurrence could be verified true as well. That still requires a network connection and someone external who stores the database. Given the worth to a police department of unverified images, I don't think I'd bother going to that extent on private security cameras.

            3. John Brown (no body) Silver badge

              Re: Computer++ sentence

              "In the end I didn't bother."

              If you had, and there was an "incident" in the neighbourhood that may have been caught by your CCTV or even a possible suspect walking past your house, you can bet they'd have been around asking to view it though. Chain of custody or not.

            4. Morat

              Re: Computer++ sentence

              I installed the CCTV at work, I'm not a qualified installer. The police have made successful convictions on the back of "my" CCTV evidence.

              Our system does incorporate the time/date into the video. I guess you could argue about whether our NTP is correctly configured but it hasn't been challenged so far.

        2. Michael Wojcik Silver badge

          Re: Computer++ sentence

          The simple fact is that sentencing guidelines don't make a lot of sense. And when they do, it's the wrong kind of sense: crimes for which poor people and minorities are disproportionately convicted often have disproportionately high sentences, for example.

          Congress and state legislatures don't deliberate proportional responses to various categories of crimes. Someone decides to grind a particular ax and gets a section stuffed into a bill raising the sentence for a particular category of criminal activity. Then for whatever reason that bill gets enough support to pass.

          We could assign penalties by throwing darts, but that might prove too equitable.

      3. aphiatri

        Re: Computer++ sentence

        If you put them on a scanner ...

    2. deadlockvictim

      Re: Computer++ sentence

      @Falmari

      For me the bigger problem was the distribution. Breaking in a computer and looting is not dissimilar to a burglary, but generally burglars don't publish their ill-gotten gains to millions around the world.

      1. John Brown (no body) Silver badge

        Re: Computer++ sentence

        Apart from the criminals who delight in exposing their wads of cash, expensive watches etc on Farcebook before receiving a visit from the cops. There's been a couple of instances of that in the news recently.

    3. My-Handle Silver badge

      Re: Computer++ sentence

      Theoretically speaking, a longer sentence acts as more of a deterrent.

      Burglary may have a shorter sentence because less of a deterrent is needed. In most cases it's much harder to physically break into someone's house than hack their computer and you're likely to leave a lot more evidence behind. You're more easily caught, and that risk will act as a deterrent in itself.

      Hacking, on the other hand, is much easier for a certain subset of people. The perceived risk is much lower, so there's less deterrent in committing the crime itself. So a harsher sentence may be needed to add that deterrent.

    4. Blazde

      Re: Computer++ sentence

      I think 10 years is a fairly typical maximum sentence for non-aggravated residential burglary (the kind most likely to lead to nudes being physically stolen). It will vary between States of course.

      If you broke into a data centre and physically stole a hard-drive with nudes on I think you might get off more lightly since it's only burglary from a commercial building. (Or maybe they'd find a way to do you for computer offences anyway, I don't know).

    5. MachDiamond Silver badge

      Re: Computer++ sentence

      "I maybe wrong but it seems put computer in the mix and up the penalty goes."

      Stealing things from an online repository breaks the myth of how safe it is to commit all of your information to "the cloud". We all know that a home can be broken into through years of news reports.

      They® want people to put all of their private information online with an emphasis on financial records. The more information that is digitized, the easier it is to have a squizz without actually kicking in a door.

  4. sreynolds Silver badge

    He'll get off for the pics but get the chair for the deception.

    No male judge would put a grad in prison, knowing full well the stuff that he got up to at that age. Being a devious little prick is a totally different matter.

  5. Joe W Silver badge

    "Security" questions....

    Yeah, right. Those actually decrease the security of the account, as much of the information can be found online, like the town you grew up in, pets (for me not the first pet, as the internet was still very much in its infancy, as was I), former girlfiend-/boyfriends and where you met them, cars, favourite books or movies, you name it, the internet's got it. Maybe not for me, not too easily found at least (I hope), but for the kids (everybody under the age of 30 ;-p ) today. Everything is likely archived on facebook, easy to search for (I guess, but I don't use FB, so I don't know).

    I hate these "security" questions. "A lot" (as Brian of Nazareth said)

    1. Jan 0

      Re: "Security" questions....

      Who says you have to give the correct answers when setting up an account? No amount of internet searching would suggest that I was born in a town called Yzsssphftt or that my first pet was called Z9%4ë. Mind you, you won't find my nude vids on any internet connected server!

      1. Mongrel

        Re: "Security" questions....

        or that my first pet was called Z9%4ë

        Is that you Mr Musk?

      2. MyffyW

        Re: "Security" questions....

        "Mind you, you won't find my nude vids on any internet connected server!"

        Well indeed, and whilst I'm perfectly up for getting my kit off with the right partner it never even occurred to me to be photographed in such a state. For which the world should be very thankful.

      3. arachnoid2

        Re: "Security" questions....

        Yes why do people take such questions so literally, adding your own spin on the responses is an extra layer to the onion.Its like everyone and his dog wants to know your date of birth as part of their security (looks up your media account oooh there it is), pick an obscure date not related to your own.

        1. adam 40 Silver badge

          Re: "Security" questions....

          Exactly, my "first pet" is Debee Ashbee....

        2. Jan 0

          Re: "Security" questions....

          Most organisations have to believe that I was born on the first day of the Unix "epoch".

          1. MarkSitkowski

            Re: "Security" questions....

            Me too...

      4. Martin Silver badge

        Re: "Security" questions....

        ... you won't find my nude vids on any internet connected server...

        You may be assured (or perhaps reassured) that you won't find my nude vids anywhere full stop.

      5. John Brown (no body) Silver badge

        Re: "Security" questions....

        "Who says you have to give the correct answers "

        Unless you are consistent or keep careful note, what's the odds of most people remembering which fake details they gave to a specific site? The reality is that you just creating multiple passwords for the same site. The vast majority pf people will create real answers to so-called security questions simply because that's what's easiest to remember.

        1. FrogsAndChips

          Re: "Security" questions....

          If you already use a password manager, it's straightforward to add random or bogus answers to these security questions as additional notes. From a quick look, I was born in 10 different places and my mother had 5 maiden names.

      6. Anonymous Coward
        Anonymous Coward

        Re: "Security" questions....

        Just make sure to properly record your "new" security questions. I once tried to cancel a credit card account but couldn't remember what i told them my mother's maiden name was, so I was unable to cancel it.

    2. Anonymous Coward
      Anonymous Coward

      Re: "Security" questions....

      I always give weird and irrelevant answers to the security questions. This usefully ensures that no-one else can guess them, but also means I have no idea either! [1]

      -

      [1] Well, naturally I do keep notes containing hints to the answers. But what may have been an obvious & giveaway hint two years ago when I made up the answer is typically of less use when I actually *need* it. :-)

    3. aphiatri

      Re: "Security" questions....

      Another problem is that a large portion of the attacks come from people that know the victim anyways (disgruntled ex, pranking friends, employees, horny students, ...).

      Even if you don't share anything on the internet, these people will often already know the answers to many of these questions or can simply ask without raising too much suspicion.

      Most of the answers are also easily guessed (especially with some knowledge of the victim).

      There are only about 700 birthdays in a two year period, most pet names will be from a set of a few dozen and the top ten lists for a few years likely cover favorite shows, books and movies for lots of people...

    4. Arthur the cat Silver badge
      Unhappy

      Re: "Security" questions....

      former girlfiend

      Yes, I've had one or two of those as well.

  6. Neil Barnes Silver badge
    Coat

    John Kettley is a weatherman

    And so is Michael Fish.

    Oh, wrong bloke. Sorry. The, er, raincoat please! -->

    1. yoganmahew

      Re: John Kettley is a weatherman

      Poor Wincey Willis!

    2. SimonL

      Re: John Kettley is a weatherman

      I came to the comments to see this exact comment :)

    3. David 132 Silver badge
      Thumb Up

      Re: John Kettley is a weatherman

      Is it bad that even after, what, 30 years? I still found myself humming that to the correct melody?

      Scary.

    4. Neil Barnes Silver badge

      Re: John Kettley is a weatherman

      And for those who might be wondering just what we are smoking: https://www.youtube.com/watch?v=XJRdsqMvBgE

    5. M. Poolman
      Happy

      Re: John Kettley is a weatherman

      <Mainwaring> I was wondering who would be the first to make that connection </Mainwaring>

      https://www.youtube.com/watch?v=Db6WHtNV5-I

  7. Potemkine! Silver badge

    It isn't a excuse, but

    When people will realise that mails are not a safe way to transmit sensitive information?

    Stealing those pictures was bad, but posting them online while identifying the people was much worse, it can destroy those people.

    1. aphiatri

      Re: It isn't a excuse, but

      I'd guess that they didn't transmit the photos by email but rather connected their email address to the services where they did send them (Snapchat, Messengers, ...) and the attacker simply used access to their email address to reset the associated passwords.

      Or perhaps the attacker gained access to their iCloud or Google Account where their phones synchronize and/or backup every picture they take automatically...

      Your email account(s) provide access to almost all of your other online accounts through password reset features and conveniently your stored emails typically reveal where those other accounts are as well.

      1. John Brown (no body) Silver badge

        Re: It isn't a excuse, but

        According to the article, the files were stored on their university cloud portal. Without trying to victim-blame, if I was tempted to create nude photos or videos of myself, I'd sure as hell not be saving the files to my university account, or anywhere else not in my direct physical control!

        1. FrogsAndChips

          Re: It isn't a excuse, but

          The article isn't that specific. The uni portal gave access to "email, a cloud storage account, college billing and financial aid information, coursework, grades, and other personal information". The attacker used that information to gain access to other social media accounts, which is probably where he found the pics and vids, rather than on the uni cloud storage.

  8. SecretSonOfHG

    "Fish is in deeper hot water"

    Wasn't expecting that wordplay... well done.

    1. The Oncoming Scorn Silver badge
      Coat

      Re: "Fish is in deeper hot water"

      Maybe he can still batter a deal...

    2. DJV Silver badge

      Re: "Fish is in deeper hot water"

      You've definitely come to the right plaice for that sort of wordplay!

  9. deadlockvictim

    Michael Fish

    There is only one adjective for him: 'Hmm, these letters of recommendation do look fishy.'

    Apologies to everybody else with the surname Fish.

  10. deadlockvictim

    Blame

    Article» The two broke in either by guessing passwords or answering a security question correctly, then used the portal's information to try again for external email, cloud, and social media accounts.

    The two on trial are clearly bad eggs.

    I won't blame those accused on the grounds that they followed the rules laid down by the uni.

    Does this demonstrate that the security laid down by the university is insufficient and should be tightened? For example, Time-based One-Time Passwords.

    [TOTP (1)]

    By having a portal, the university greatly increased the value of breaking the password.

    I wonder if the rules regulating the pasword were too weak and allowed easy-to-guess passwords.

    To what extent, though, is the university to blame?

    [1] https://www.youtube.com/watch?v=ed5n5I7L2x4

    1. John Brown (no body) Silver badge

      Re: Blame

      "To what extent, though, is the university to blame?"

      That's an interesting concept. I'd say no blame if the password could be long and complex, but still allowed a short, simple password. On the other hand, if the University limited how long and/or complex the password could be, then yes, they deserve some blame.

      Some people might say the university should enforce a long and complex password, but in this day and age, complex passwors should be a "given" by now and not something users need to be forced to do.

  11. chivo243 Silver badge
    Trollface

    you can lead a horse to water

    but you can't make him drink. You can send your brood to college, and they still don't learn.

  12. Mr Dogshit
    FAIL

    If you don't want people to see you in your birthday suit

    don't make pictures or videos of yourself in your birthday suit.

    1. chivo243 Silver badge

      Re: If you don't want people to see you in your birthday suit

      +1 but I doubt the pix that were purloined came from people worried about other people seeing their goods... I mean they stored them on a Uni Portal?

      It's a big fail pie, plenty to go around.

      1. Ben Tasker Silver badge

        Re: If you don't want people to see you in your birthday suit

        > ut I doubt the pix that were purloined came from people worried about other people seeing their goods... I mean they stored them on a Uni Portal?

        Re-read the article ;)

        These 2 hacked the uni portal, which led to other student's email. Those email addresses were then used to try and "rest" access to cloud storage. Also, having guessed someone's password correctly, you can try it on other services to see if they've reused passwords.

        There's no suggestion that the nudes were stored on the uni portal

        1. chivo243 Silver badge
          Thumb Up

          Re: If you don't want people to see you in your birthday suit

          So, they did store a breadcrumb trail in their uni account? Used and reused passwords etc, uni using other auth services and getting stung, sounds about right. Regardless of which portal... all paths lead to Rome.

          I remember a saying, Posting something once on the internet and then getting it back is like trying to get pee out of the swimming pool. I guess we have to assume that "storing" anything on the cloud.... is like offering your neck up to Dracula?

    2. Ben Tasker Silver badge

      Re: If you don't want people to see you in your birthday suit

      - If you don't want to get robbed, don't have nice stuff.

      - If you don't want to get raped, don't wear a short skirt.

      Don't seem quite as reasonable do they?

      Having pictures/videos of yourself naked increases the chance of them being seen (because they can't be seen if they don't exist - deepfakes not withstanding), but that doesn't make it the victims to blame for the fact some moralless dicks decided to help themselves.

      "Don't take pictures of yourself" does nothing but try and deprive people of agency over their own bodies, whilst giving others an excuse to go "oh it's their own fault".

      It doesn't matter whether they're nudes or pictures of your gran in iCloud, they are not there for someone else to peruse and distribute. Just as a short skirt isn't an invitation to grab her arse.

      1. Christoph

        Re: If you don't want people to see you in your birthday suit

        Unfortunately bad people exist. And bugs in software exist. Yes, you should be able to store whatever you want on your private account. Yes, it ought to be safe there. But just as you have to have high-security locks on your house if you live somewhere there's lots of burglars even though you should be able to leave it open if you want, if you store your photos on the net then you've put them somewhere there are a lot of hackers. The only way to be certain something isn't stolen off the public net is to not put it on there. Saying it's victim blaming doesn't change the fact that there are some extremely nasty people out there.

        1. Ben Tasker Silver badge

          Re: If you don't want people to see you in your birthday suit

          > Saying it's victim blaming doesn't change the fact that there are some extremely nasty people out there.

          There are.

          And yet, on any news story about nudes getting nicked, there's always some eejit saying "shouldn't take nude pictures" or similar, as if that was the solution.

          People are going to take photos of themselves, and should have the right to do so.

          When one of those nasty people comes along, we should perhaps be focusing on the fact that person is nasty rather than "oh well, you shouldn't have taken pictures of yourself". Otherwise, you are - quite literally - shifting a portion of the blame onto the victim.

          Which is a particularly dickish thing to do, particularly given that people who've had their nudes circulated tend to be feeling quite vulnerable anyway.

      2. yetanotheraoc Silver badge

        Re: If you don't want people to see you in your birthday suit

        Sometimes I blame the perpetrator and the victim *both*. I found your statements to be incomplete:

        * "If you don't want to get robbed, don't have nice stuff." ... and go flashing it in a rough neighborhood.

        * "If you don't want to get raped, don't wear a short skirt." ... and get drunk alone in a sailor's bar at 3 AM.

        * "Don't take pictures of yourself" ... and save them in the cloud.

        There's a local bar on the corner. When I walk to the market, I cut through a field so I don't have walk past the driveway to the bar. Because, if I were to be run over by an auto operated while "under the influence", I would blame the drunk driver and myself *both*. So I take the necessary precautions every time.

        If the law says that I, as a bystander, have to take action to prevent foreseeable harm coming to another individual, then I don't see why I shouldn't be able to expect other people to take action to prevent foreseeable harm coming to *themselves*.

        1. Cynic_999

          Re: If you don't want people to see you in your birthday suit

          You'll find that insurance companies are very quick to do similar "victim blaming" Try claiming for a stolen vehicle that you had left parked in an ally with keys in the ignition and the engine running ...

          Yes, the car thief is the only criminal. But you'd not be exactly blameless.

          1. yetanotheraoc Silver badge

            Re: If you don't want people to see you in your birthday suit

            With a handle like Cynic_999, I doubt you downvoted me.

            Usually I try to avoid being downvoted, but in this case I don't care. Shooting the messenger? There are bad people out there, maybe someone thinks my attitude is making things worse for the victims, but you have the wrong guy. I work in Risk and Controls and spend a significant part of my time helping my *managers* comply with their own risk policies. I spend a significant part of my conversations helping my friends be safe in an unsafe world. "Please don't go visit your parents and bring them covid." Etc. At a family reunion I am the one discreetly watching someone else's kids. At a party I am watching that some guy isn't asking the drunk girl to "go for a walk".

            I know all about victim blaming. It's wrong when it's done to deflect blame away from the perpetrator. It's right when it's about helping people make safe choices in a dangerous world. Wishing potential victims didn't have to worry about those things doesn't make it so. You want to blame me for victim blaming? I think it's *your* attitude is making things worse. Bring on the downvotes.

      3. Danny 2 Silver badge

        Re: If you don't want people to see you in your birthday suit

        Thankin' you Ben.

        Rape Crisis Scotland Skirt

    3. Anonymous Coward
      Anonymous Coward

      Re: If you don't want people to see you in your birthday suit

      So stay away from artists - after a year in college art classes I don't need photographs to know what a person looks like naked when they walk past me fully clothed. As a result I have zero interest in porn.

      1. Neil Barnes Silver badge

        Re: If you don't want people to see you in your birthday suit

        There's probably some sort of internet help group for that.

  13. Anonymous Coward
    Anonymous Coward

    Poacher Fish Poached

  14. herman Silver badge
    Devil

    Oh yeah?

    Well, someone has to say the obvious: Pics, or it didn't happen.

  15. Tempest
    Thumb Up

    There are Openings for Dubious Characters at . . .

    Hubble Road, Cheltenham. Pays well, too.

  16. Pirate Dave Silver badge
    Pirate

    Kids today...

    Eh, do they ALL take pics of themselfs naked these days? I mean, these guys successfully broke into what, 10 accounts total? And that was enough to find substantial numbers of nekkid pics? Jeesh. And then there's the whole "why did they have those pics into their school account" question, although maybe that was from device backups?

    1. doublelayer Silver badge

      Re: Kids today...

      "what, 10 accounts total?"

      The article gives numbers. You didn't pay attention.

      "He and accomplice Michael Fish, also a former graduate, worked together for two years afterwards to break into dozens of students' accounts in the university's MyPlattsburgh portal and steal their data.": More than ten, surely. Let's see how many.

      "Fish also posted some pictures online, later finding graduation photos of the same students and creating edited versions of them alongside the nude photo, naming the 100 students whose photos he had stolen.": Just to make sure it's clear, that's 100 students with compromised information deemed worthy of releasing, not 100 accounts attacked.

      "Faber also admitted asking others to break into another 50 or so accounts, providing them with specific names and sometimes email addresses.": We don't know what happened to those people, but they're not in the previous count.

      "He tried to break into over 24 accounts himself and was successful with around 10 of them, using a VPN to try and cover his tracks.": I'm assuming this is where you got the 10 from? You should have read the whole sentence to realize that that's just one of the two and the stuff he admitted rather than the truth. Perhaps the sentences above it to get more accurate totals too.

      1. Pirate Dave Silver badge
        Pirate

        Re: Kids today...

        So, eh, 10 then.

  17. Sleep deprived

    Tabloid title

    If it weren't on my computer screen, I'd swear I read this article title on some tabloid while waiting in line at the grocery store... I'm surprised no mug shot is attached to make your point.

  18. Anonymous South African Coward Silver badge

    Nicholas the Slide*

    Sliding deeper and deeper into hot water...

    *sword of truth, pillars of creation

  19. Bbuckley

    Excuse me but ... "their nude photos and videos" ... nobody see what is wrong with this picture?

  20. Bbuckley

    And another thing (as my hero might say), they were "fellow female students". I wonder if they were "fellow male students" would the article say "their porn"? #me-too is alive and kicking!

  21. EnviableOne Silver badge

    Hacked ?

    so guessing passwords and security questions is Hacking now?

    yeah they shouldnt have been doing it, but the victims should have chosen better passwords and/or security answers.

    And to top it all, follow the Bruce's advice

    "if you wouldn't put it in the local paper, Don't Put It Online"

    1. Lotaresco

      Re: Hacked ?

      "if you wouldn't put it in the local paper, Don't Put It Online"

      Precisely and it may be extended to "Don't put it on your phone either".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022