How the Two hackers built a App to steal nude photos of women
The United States Department of Justice, has indicted and arrested two men on May 8th against the charges of “breaching the computer services of Colorado based Photobucket.” The two men, Brandon Bourret, aged 39, of Colorado Springs, Colorado and Athanasios Andrianakis, aged 26, of Sunnyvale, California had developed a software known as “Photofucket” for “fusking”. This software was capable of hacking the private online photo albums of women and plagiarize their naked photos.
It is not yet known as to how many users of Photobucket were affected by the breach.
As of now both the men have not responded to the charges. “The charges contained in the indictment are allegations and the defendants are presumed innocent unless and until proven guilty,” warns the US Department of Justice.
Photobucket is an image and video hosting website and the service is widely availed by lots of people to host their personal photographs online. MySpace acquired Photobucket.com in 2007 for $250 million and ultimately in 2010 it was resold to Seattle based firm. Presently the site is being used by people as a means to store their personal photographs online and comparatively is less popular.
These two alleged hackers,  Bourret and Andrianakis, developed a software which would automatically segregate the hidden photographs by “fusking” URLs which would ultimately lead the hackers to the link which has the private photographs.
How would the software work:
The tool basically targets the location on the web where users store their private photographs and it is otherwise inaccessible to outsiders. Now, the tool automatically tries out different URLs by using sequential methods to change the logical dates or numbers in the original URL till it discovers links to the photos that are there stored privately in an inaccessible location on the web.
The hacker developers first developed the Photofucket. Now, they were in search of buyers who were willing to buy this hacking software from them.
Luckily for these hacker developers, there are umpteen online forums which encourage people who are engaged in buying and selling tools that help them search naked women through private photo albums.
However, most of the tools would require manual hacking of individual account as in case of “the Snappening” tool that is used in mass release of photos of naked celebrities.
Another forum used by hackers to find pornographic material is the very famous AnonIB.
AnonIB was the first website wherein a user known as “Originalguy” had originally posted the photos of naked celebrities from his collection that he had stolen from Apple’s iCloud. This had led to a shocking scenario when the private photographs of Jeniffer Lawrence and Kate Upton were posted online and it was viral right from 4chan to Reditt and to front pages of the bulletin .
The online porn forums have earlier pointed out to the flaw of Photobucket’s system however, the website managed to divert these accusations by automating the process and marketing the software directly to the porn forums.
It was in 2012 when Buzzfeed had mentioned about the fusking related to Photobucket. As a remedy, Photobucket implemented higher levels of security to block the fuskers from these sites. Seems this security implementation infuriated the hackers who were desperately trying to search the naked photos of women.
Further, basic version is available for free of cost, however the hacker developers charged $29.99 for “Photofucket” which would provide the users with fully upgraded version that would help users not only to retrieve the passwords but also automatically scan the user profiles.
As per the indictment, the hackers have purposely committed the computer frauds and abuse. Further, the indictment also alleges that there was an interdependence among the members involved in the conspiracy. The conspirators have indulged in all these frauds knowingly to earn money by selling password protected private information, images, videos which they obtained by fusking the internet. The indictment also mentions that conspirators were involved in this act from July 2012 till July 2004.
The hackers aka conspirators also had sent some messages to the users of the app and PayPal payments which are now being used as evidence against them.
Michael Clark, Photobucket’s chief technology officer said: “We congratulate the Federal Bureau of Investigation and the United States Attorney’s Office for their vigilant investigative work in identifying and bringing these perpetrators to justice. We will continue to support the government’s work and our users through this ongoing criminal investigation.”
Professor Alan Woodward, cyber security expert told BBC that the pair was traceable due to their use of PayPal payments. He further added: “In such a case the law enforcement agencies just ‘follow the money’. If they had been using crypto-currencies it would have made life a lot more difficult for the law enforcement agencies.”
He also indicated that personal data has a great importance on criminals and it seems a full dossier of personal details can sell for $15 (£10) on the black market.
Brandon Bourret and Athanasios Andrianakis face a maximum penalty of five years in prison and a $250,000 (£161,000) fine for computer fraud, if found guilty. Further, they would also face extra imprisonment of upto 10 years and additional $250,000 fine if they are also found guilty of two accounts of access device fraud.
For now, the alleged hacker developers have been arrested however the software is still available online for free and the exploits are still openly being discussed on forums.
Through PayPal payments? When this guy was on HF trying to flog his program to people, he linked his website which had his full name and address in the DNS details. It wouldnt have taken a super sleuth to figure it out. Im surprised it took as long as it did.