Email Hacker gets Six Months

Friday, January 26, 2018 @ 03:01 PM gHale

An Arizona man who accessed over 1,000 email accounts maintained by Pace University in New York to download inappropriate photos and videos ended up sentenced to six months.

Jonathan Powell, 30, of Phoenix, AZ, pleaded guilty last August in Manhattan federal court.

Guilty: British Teen a Social Engineer
Canadian Man Charged with Hacking 3B Accounts
Malware, Spyware Creator Indicted
NSA Contractor Guilty in Data Leak

Powell gained unauthorized access to the email accounts by accessing the password reset utility maintained by the email servers at Pace University, law enforcement officials said. The tool was meant for authorized users to reset their forgotten passwords.

“Jonathan Powell used his computer skills to breach the security of a university to gain access to the students’ personal accounts. Once Powell had access, he searched the accounts for compromising photos and videos. No college student should have to fear that personal, private information could be mined by strangers for potentially compromising material,” said Geoffrey S. Berman, the United States Attorney for the Southern District of New York.

Powell’s lawyer, Deborah Colson, declined to comment on the sentence.

Powell abused the utility between October 2015 and September 2016 to change the email account passwords of students and others affiliated with the University and to gain access to more than 1,000 accounts.

Once inside the email accounts, he obtained unauthorized access to other password-protected email, social media, and online accounts to which the users of the compromised accounts were registered. These include Apple iCloud, Facebook, Google, LinkedIn, and Yahoo! accounts.

Powell then requested password resets for the linked accounts and changed those passwords as well, after a password reset email was sent to the compromised email accounts. He was then able to log into the accounts and start to look for private and confidential content, according to court records.

The investigation into Powell’s activities found he accessed all the compromised accounts to download sexually explicit photographs and videos of college-aged women.

Between October 2015 and September 2016, Powell accessed the password reset utility approximately 18,640 different times and attempted around 18,600 password changes for an estimated number of 2,054 unique university email accounts. He succeeded in changing approximately 1,378 passwords for 1,035 email accounts, as he compromised some of the accounts multiple times.

Powell was also found to have compromised 15 email accounts hosted by the University in Pennsylvania. He also admitted to compromising email accounts at other educational institutions in Arizona, Florida, Ohio, and Texas.

Powell was also sentenced to two years of supervised release and ordered to pay $278,855 in restitution.

United States District Judge Alison J. Nathan imposed the sentence.

Leave a Reply

You must be logged in to post a comment.