Natalie Claus was alerted one day by people known to her that they have received her nude images. The incident happened to the college student, who is enrolled at a state university in New York, when a hacker tricked her into sharing a code to gain access to her Snapchat account.
The hacker gained access to a private section of the app which was called ‘My Eyes Only’ which contained her nudes which she clicked for herself as she was recovering from a rape.
The intruder spread those pictures to Claus’ contacts with a message: “Flash me back if we’re besties”.
Those messages were met with varied responses. Most were confused if Claus played a bad joke. But one of her ex-boyfriends yelled at her and a group which she intended to join bullied her using those messages.
The hacker, however, did not ask Claus for anything.
Claus told news agency Bloomberg that she contacted Snapchat and the company replied by saying that they ejected the hacker from Claus’s profile within 24 hours of learning of the breach, a claim with which she does not agree.
Claus also contacted the Geneseo university police and asked them for help. She told Bloomberg that it was a harrowing experience as the police throughout the discussions made it seem like Claus was responsible for the incident which hurt her reputation.
During this ordeal, Claus was contemplating hurting herself and even suicide until her friend Katie Yates stepped in.
Yates, a victim of abuse herself, asked if Claus wanted to take the matter into her own hands and find out the person who hacked into her account.
Claus agreed almost immediately, she told Bloombergwhen Yates presented the action plan.
Yates contacted Claus’ account from her own saying she had nude images to share. She and Claus made an URL which was made to look like a porn site.
However, the URL collected the IP address of anyone who clicked it, through a website called Grabify IP Logger. The hacker did not use a VPN, to the advantage of Yates and Claus, making a crucial mistake by clicking the link.
The hacker was redirected to not a porn website but the Wikipedia page for the word “gotcha.” Yates immediately blocked the hacker but the needful was done: The hacker was in Manhattan and using an iPhone without a VPN.
The Geneseo police officers then took note after failing to address the issue initially. They redirected her to the New York state law enforcement where one detective had a contact in the Federal Bureau of Investigation (FBI).
David Mondore, a 29-year-old chef living in Harlem, was found to be the hacker. When apprehended by law enforcement officials, Mondore said he gained unauthorized access to at least 300 Snapchat accounts. He pled guilty to hacking-related charges and acting with the intent to defraud and was sentenced to six months in prison.
Mondore and Claus did not know each other.
The case also shows that tech companies are slow to respond when users report their online safety has been compromised. Snapchat is considered to be vulnerable to such ‘sextortion’ attacks.
Snap Inc., according to a Bloomberg report, is subject of a class-action lawsuit filed by a 16-year-old teenager who alleges the company did nothing to prevent sexual exploitation of minors.
The FBI, who lauded Yates and Claus, says it received 18,000 sextortion-related complaints in 2021. The FBI further added victims paid attackers a reported $13.6 million that year. The National Center for Missing and Exploited Children told Bloomberg it received 44,000 reports of online enticement in 2021, the category that includes sextortion, up from 17,000 from 2019.
(with inputs from Bloomberg)
Read all the Latest News and Breaking News here