The FBI has charged the pair with multiple violations of the Computer Fraud and Abuse Act.
The hacking duo behind an app that enabled criminals to steal personal data from users of the photo sharing site, Photobucket, have been arrested and charged with multiple violations of the Computer Fraud and Abuse Act. If found guilty, the pair could face maximum fines of $1 million each and up to 20 years in prison.
Brandon Bourret of Colorado Springs, Colorado, and Athanasios Andrianakis of Sunnyvale, California are alleged to have created an app known as “Photofucket,”which stole and sold personal information from Photobucket users. According to the Department of Justice, this app allowed cyber criminals to bypass Photobucket’s privacy setting to “access and copy users private and password protected information, images and videos without authorization.”
The FBI alleges that beginning on July 12, 2012 and continuing through July 1, 2014, Bourret and Andrianakis knowingly conspired to commit computer fraud and abuse, access device fraud, identification document fraud and wire fraud. Bourret’s and Andrianakis’ plan, apparently, was to to enrich themselves by selling passwords and unauthorized access to private information, images and videos on the Internet.
“It is not safe to hide behind your computer, breach corporate servers and line your own pockets by victimizing those who have a right to protected privacy on the internet,” said U.S. Attorney John Walsh in a statement. “The U.S. Attorney’s Office is keenly focused on prosecuting those people for their theft — and for the wanton harm they do to innocent internet users.”
According to BBC News, federal investigators tracked the pair of hackers down by following the money. The duo allegedly used Paypal, and the FBI was able to track their Paypal statements. Those statements, as well as customer service messages to Photobucket users, will be presented as evidence against them.