Computerworld: Man Sentenced to 110 Years for Hacking, Extortion

A North Carolina man last week was sentenced to 110 years in prison after admitting that he and a co-conspirator hacked into computers used by young girls and used illicitly gained data to blackmail them.

Ivory D. Dickerson, 33, a civil engineer, admitted that he conspired with the other person to send emails or instant messages to underage girls as part of a scheme to trick them into opening a file containing the Bifrost trojan horse. The malware would give Dickerson and his co-conspirator control over the victim’s computer, and they tried to use hacked information to coerce the girls into creating and then electronically sending them lurid photos of themselves, prosecutors said.

The Bifrost malware, “is relatively easy to obtain,” said Richard Wang, manager of SophosLabs U.S. “It’s not something you need to pay for. Since we first saw it in April of 2005, we’ve seen over 1,200 different versions of this Trojan. The guys who write them are always trying to put up new versions to hide them from anti-virus software.”

Wang added that the Trojan horse not only allows hackers to view information and download other malware onto a victims’ computer, it also enables him to pop messages up on their computer screen.

“It gave [Dickerson] administrator type access,” said Assistant U.S. Attorney Roger Handberg, who handled the case in the U.S. District Court in Middle District of Florida. “He was able to access her files and photos… It’s scary. In the law enforcement world, people worry about criminals breaking in through their front door. Now, people have to worry about people breaking in through their computers.”

The prosecutor added that they found other hacking tools on Dickerson’s computer, but Bifrost was the main one used in the attacks. Once they gained control over a girl’s computer, the hackers would harvest her contact list of email addresses, so they could then target other girls.

In one instance, Dickerson used the open backdoor in a victim’s computer to download a keylogger onto her machine, according to court records. He used the keylogger to monitor her online conversations, and sent her a threatening message when he noticed she was communicating with a relative about the hack, Handberg said.

Court records showed that Dickerson also threatened that if the victim didn’t send him pornographic pictures of herself, he would send pictures he had downloaded from her computer to people in her school.

Information stolen by the keylogger, as well as pictures Dickerson stole off her computer, were later found on his external hard drive, Handberg said.

FBI investigators reported that they found folders for each of Dickerson’s victims on his personal computer along with evidence that he had hacked into more than 100 computers in the course of several years. Court documents showed that he also had a tool that enabled him to scan the Internet for Web cameras, so he could try to hack in and record people without their knowledge.

During the search, FBI agents seized a Sony Vaio desktop computer, a 250GB external hard drive, mini video cassettes, zip disks and DVDs.

According to the court documents, the FBI imaged some of the girls’ computers during their investigation and went online with using assumed identities. They were then able to record communications being made by the hackers.

In conjunction with the evidence found on Dickerson’s computer in relation to his hacking and extortion scheme, the U.S. Attorney’s office reported that FBI agents also found more than 600 images of child pornography.

“Typically, most of the computer crime cases here in this office are of people collecting child pornography that’s already out there,” said Handberg. “In my office in Orlando, I’ve never heard of anyone hacking to extort child pornography.”

Dickerson had pleaded guilty in the Orlando court in August to two counts of unlawful computer intrusions and to one count of conspiracy to manufacture child pornography. He pleaded guilty to two more child pornography charges a month later.

Handberg said that the investigation is ongoing and a second arrest has not yet been made.

By Sharon Gaudin, Computerworld