Apple iCloud Hacker Steals Nudes

A hacker from Michigan who stole and sold the sensitive data of tens of thousands of University of Pittsburgh Medical Center (UPMC) employees have been sent to prison. 

Former Federal Emergency Management Agency (FEMA) IT specialist Justin Sean Johnson pleaded guilty on May 20 to counts 1 and 39 of a 43-count indictment.

The court heard that the 30-year-old former resident of Detroit admitted infiltrating and hacking into the UPMC’s human resources server database in 2013 and 2014. 

Johnson used his tech skills to steal personal information belonging to 65,000 UPMC employees, including W-2 wage and tax forms. Using the handles TheDearthStar, Dearthy Star, TDS, and DS, Johnson then sold the stolen data on the dark web via illicit marketplaces. 

The criminals who purchased the stolen employee data used it to file hundreds of false 1040 tax returns. 

“These false 1040 filings claimed hundreds of thousands of dollars of false tax refunds, which they converted into Amazon.com gift cards, which were then used to purchase Amazon merchandise, which was shipped to Venezuela,” stated the US Attorney’s Office for the Western District of Pennsylvania. 

As a result of the fraudulent claims, the United States Internal Revenue Service lost approximately $1.7m.

UPMC wasn’t Johnson’s only target. The offender confessed to stealing and selling nearly 90,000 additional (non-UPMC) sets of personally identifiable information (PII) to buyers on dark web forums from 2014 to 2017. 

On Friday, Chief United States District Judge Mark Hornak handed Johnson the statutory maximum sentence of 60 months of incarceration for Conspiracy to Defraud the United States and the statutory maximum of 24 months for Aggravated Identity Theft. Johnson’s sentences will run consecutively, meaning the cyber-crook will spend the next seven years behind bars.

“The actions of criminals like Justin Johnson can have long-lasting and devastating effects on the lives of innocent people,” said Yury Kruty, acting special agent in charge of IRS-Criminal Investigation. 

“Johnson carried out his intricate scheme with no regard for his victims. Today’s sentencing will hopefully be a deterrent to other potential crooks who may be considering carrying out similar conduct.”

What’s Hot on Infosecurity Magazine?