This scumbag stole and traded victims' nude pics and vids after guessing their passwords, security answers

Nicholas Faber joins accomplice Michael Fish in admitting he raided university portal for sensitive info

A college graduate has admitted hacking into the email and online accounts of female students, stealing their nude photos and videos, and trading them with others.

Nicholas Faber, 25, on Tuesday pleaded guilty to one count of computer intrusion causing damage, and one count of aggravated identity theft. He is scheduled to be sentenced June 9, and faces up to 12 years behind bars, prosecution documents filed in a US federal court [PDF] reveal.

Faber graduated from SUNY Plattsburgh, in New York, in 2017. He and accomplice Michael Fish, also a former graduate, worked together for two years afterwards to break into dozens of students' accounts in the university's MyPlattsburgh portal and steal their data. Fish pleaded guilty last year to computer hacking and aggravated identity theft offenses as well as the possession of sexually explicit material of children, and is scheduled to be sentenced on March 19.

The compromised MyPlattsburgh accounts contained full access to the student’s SUNY-PB email, a cloud storage account, college billing and financial aid information, coursework, grades, and other personal information. The two broke in either by guessing passwords or answering a security question correctly, then used the portal's information to try again for external email, cloud, and social media accounts.


Ex from Hell gets six years for online stalking, revenge pics campaign against two women


After finding intimate photos and videos, they downloaded and traded the files with others, with Faber also identifying the students by name, some of whom he admitted to prosecutors that he knew personally. Fish also posted some pictures online, later finding graduation photos of the same students and creating edited versions of them alongside the nude photo, naming the 100 students whose photos he had stolen.

Faber also admitted asking others to break into another 50 or so accounts, providing them with specific names and sometimes email addresses. He tried to break into over 24 accounts himself and was successful with around 10 of them, using a VPN to try and cover his tracks. Investigators tracked Faber and Fish down, however, and uncovered group chats in which the duo discussed breaking into accounts and resetting passwords.

The university said it spent $35,000 checking computer logs, resetting passwords, and notifying students that their accounts had been compromised. Faber has agreed to pay $35,430 in restitution to SUNY-Plattsburgh.

Fish is in deeper hot water. Last month he was also charged with a fresh offense, falsification of documents, after it was revealed that six letters he sent to the judge in his case stressing his good character and attributed to his mother, grandparents, a woman he dated, his priest, and a top aide to Congresswoman Elise Stefanik (R-NY) had all been faked.

Fish, who was free and awaiting sentencing at the time, was arrested and also charged with violating his conditions of release because he had used a computer without seeking permission beforehand. ®

Similar topics

Broader topics

Other stories you might like

  • Beijing probes security at academic journal database
    It's easy to see why – the question is, why now?

    China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure (CNKI), citing national security concerns.

    In its announcement of the investigation, the China Cyberspace Administration (CAC) said:

    Continue reading
  • Israeli air raid sirens triggered in possible cyberattack
    Source remains unclear, plenty suspect Iran

    Air raid sirens sounded for over an hour in parts of Jerusalem and southern Israel on Sunday evening – but bombs never fell, leading some to blame Iran for compromising the alarms. 

    While the perpetrator remains unclear, Israel's National Cyber Directorate did say in a tweet that it suspected a cyberattack because the air raid sirens activated were municipality-owned public address systems, not Israel Defense Force alarms as originally believed. Sirens also sounded in the Red Sea port town of Eilat. 

    Netizens on social media and Israeli news sites pointed the finger at Iran, though a diplomatic source interviewed by the Jerusalem Post said there was no certainty Tehran was behind the attack. The source also said Israel faces cyberattacks regularly, and downplayed the significance of the incident. 

    Continue reading
  • Hackers weigh in on programming languages of choice
    Small, self-described sample, sure. But results show shifts over time

    Never mind what enterprise programmers are trained to do, a self-defined set of hackers has its own programming language zeitgeist, one that apparently changes with the wind, at least according to the relatively small set surveyed.

    Members of Europe's Chaos Computer Club, which calls itself "Europe's largest association of hackers" were part of a pool for German researchers to poll. The goal of the study was to discover what tools and languages hackers prefer, a mission that sparked some unexpected results.

    The researchers were interested in understanding what languages self-described hackers use, and also asked about OS and IDE choice, whether or not an individual considered their choice important for hacking and how much experience they had as a programmer and hacker.

    Continue reading

Biting the hand that feeds IT © 1998–2022