Federal authorities have accused two men of hacking the email and social media accounts of multiple athletes with the National Football League and the National Basketball Association and either selling or ransoming the credentials for profit.
In one case, according to a criminal complaint unsealed on Wednesday, the account compromises resulted in explicit photos of one of the NFL players being posted to his Twitter and Instagram accounts. The complaint didn’t identify the athlete except to call him Victim-1 and to say that he lived in New Jersey and the photos appeared on June 4, 2018.
Based on the information, the player appeared to be New York Giants defensive end Avery Moss, who, according to ESPN, found naked pictures and videos posted to his Twitter timeline shortly after finishing an OTA practice on June 4. Accounts he followed were blocked, most likely in an attempt to delay Moss from learning of the postings. More explicit videos and images appeared later but were subsequently removed within about 30 minutes.
One of “multiple”
According to federal prosecutors, Victim-1 was one of multiple NFL and NBA athletes targeted in a hacking conspiracy by Trevontae Washington, 21, of Thibodaux, Louisiana, and Ronnie Magrehbi, 20, of Orlando, Florida.
The complaint charging Washington said that the man obtained account credentials belonging to the victims by sending them links to what appeared to be legitimate social media login pages but were, in fact, phishing sites. Washington, Magrehbi, and others would lock the rightful owners out of the accounts and sell access to them for amounts ranging from $500 to $1,000.
On June 1, 2018, Victim-1 made two $250 payments by Venmo and, in exchange, received a text including a password. He gained access to the account, but as soon as he tried to change the password, he was locked out again. Three days later, the explicit photos were posted. On the same day, hacking conspirators demanded an additional $2,500 and “threatened to release additional images and videos of Victim-1 if he did not comply.” Victim-1 didn’t comply.
Washington and Magrehbi are charged with one count each of conspiracy to commit wire fraud and conspiracy to commit computer fraud and abuse. They face maximum penalties of $500,000 and 20 years in prison if found guilty. Both men are scheduled for their initial court appearances on Wednesday.
reader comments
36