A college graduate has admitted hacking into the email and online accounts of female students, stealing their nude photos and videos, and trading them with others.
Nicholas Faber, 25, on Tuesday pleaded guilty to one count of computer intrusion causing damage, and one count of aggravated identity theft. He is scheduled to be sentenced June 9, and faces up to 12 years behind bars, prosecution documents filed in a US federal court [PDF] reveal.
Faber graduated from SUNY Plattsburgh, in New York, in 2017. He and accomplice Michael Fish, also a former graduate, worked together for two years afterwards to break into dozens of students' accounts in the university's MyPlattsburgh portal and steal their data. Fish pleaded guilty last year to computer hacking and aggravated identity theft offenses as well as the possession of sexually explicit material of children, and is scheduled to be sentenced on March 19.
The compromised MyPlattsburgh accounts contained full access to the student’s SUNY-PB email, a cloud storage account, college billing and financial aid information, coursework, grades, and other personal information. The two broke in either by guessing passwords or answering a security question correctly, then used the portal's information to try again for external email, cloud, and social media accounts.
Ex from Hell gets six years for online stalking, revenge pics campaign against two womenREAD MORE
After finding intimate photos and videos, they downloaded and traded the files with others, with Faber also identifying the students by name, some of whom he admitted to prosecutors that he knew personally. Fish also posted some pictures online, later finding graduation photos of the same students and creating edited versions of them alongside the nude photo, naming the 100 students whose photos he had stolen.
Faber also admitted asking others to break into another 50 or so accounts, providing them with specific names and sometimes email addresses. He tried to break into over 24 accounts himself and was successful with around 10 of them, using a VPN to try and cover his tracks. Investigators tracked Faber and Fish down, however, and uncovered group chats in which the duo discussed breaking into accounts and resetting passwords.
The university said it spent $35,000 checking computer logs, resetting passwords, and notifying students that their accounts had been compromised. Faber has agreed to pay $35,430 in restitution to SUNY-Plattsburgh.
Fish is in deeper hot water. Last month he was also charged with a fresh offense, falsification of documents, after it was revealed that six letters he sent to the judge in his case stressing his good character and attributed to his mother, grandparents, a woman he dated, his priest, and a top aide to Congresswoman Elise Stefanik (R-NY) had all been faked.
Fish, who was free and awaiting sentencing at the time, was arrested and also charged with violating his conditions of release because he had used a computer without seeking permission beforehand. ®