from THE DAILY BEAST:
The Webcam Sex Crimes
by Tim McGirk
A divorced mother of three in Seattle, K.S. opened her email one day and found a message from a stranger. “Read This and Be Smart,” it said. When K.S. opened the email she found, to her horror, a sexually explicit photo—of herself.
The accompanying note was nothing less than blackmail: “This is what I want: a porn video of you… if I don’t get that video in a day I will publish these images and let your family know about your dark side as a hooker so you better do that video and send it to me via email and you will never hear from me ever.”
Mijangos would demand that the woman send him new photos or videos of herself masturbating, according to the FBI. Out of fear, they sometimes obliged.
K.S. didn’t know the mysterious blackmailer, firstname.lastname@example.org
. But she knew that photograph. Her boyfriend had taken some pictures of her during a bout of raunchy fun and emailed them to her afterward. But she had never bothered to open the attachment, and the pictures, unbeknownst to her, had been sitting in her inbox for ages. Through the Internet, this stranger had managed to seize control of K.S.’s computer and pluck them out. He’d also rifled through her emails to learn other unsavory bits of information that could be used against her—he knew, for instance, about her three kids and that she had “a psycho ex (husband).” And when K.S. tried to exorcise him from her computer, he fired back: “I’m not playing you have six hours and don’t be stupid changing your emails or Myspace passwords won’t change a thing… if I don’t hear from you then your family will hear from me.”
Only the FBI and the Glendale, California, police know whether K.S. gave in to the blackmailer’s sexual extortion. But plenty of other women and girls did, terrified that this voyeur would carry out his threats to circulate compromising photos and videos to their classmates, parents, husbands, bosses—everyone listed in their online address books.
The FBI found K.S.’s email and those of 229 other female victims—including 44 minors—on March 10 when they raided a blue house in the tidy suburban neighborhood of Santa Ana, California. They arrested Luis Mijangos, 31, a Mexican citizen who said he earned $1,000 a week writing computer programs and designing websites. Paraplegic ever since he was paralyzed at age 18 when he strayed into a gunfight between two rival gangs, Mijangos was charged last week with extorting women for “sexually compromising photographs.” Laura Eimiller, spokesperson at the FBI’s Los Angeles bureau, says that the investigation is continuing into Mijangos’ possible links with other hackers, and additional charges have not been ruled out.
Among the most unnerving charges are indications that Mijangos even spied on women through their webcams, clandestinely watching and videotaping them in their homes. Using hacker software, he was able to track which keys his victim was tapping on her computer and then send instant messages to her friends with gremlin-like codes that would allow him access to their computers, too. One victim, known as N.W., noticed that her webcam kept turning on, seemingly by itself. She became nervous that the computer, which was in her bedroom, had been hacked, and that someone was watching her, she told the FBI. She was probably right. Police found a log of her instant messages in Mijangos’ home. According to the FBI, Mijangos possessed dozens of webcam videos of women “undressing, getting out of the shower, having sex.” Many of them, according to court documents, “appear to be juveniles.”
Most of us conduct ourselves online as if our computers are built like Fort Knox. But according to John Naughton, a British writer on technology and professor at the U.K.’s Open University, “The Internet is the nearest thing to a perfect surveillance machine the world has ever seen.” It teems with hackers siphoning off credit-card numbers, bank passwords, and personal details for a multiplicity of money-making scams. Pedophiles troll for children and, as the so-called Craigslist killings show, even alleged murderers have turned to the Web to conduct their business.
But in the pantheon of hackerdom sleaze, Mijangos, if guilty, may be something of a rarity: a hacker whose primary motive was sexual exploitation. It is the first case of its kind in California, and perhaps anywhere in the United States, according to authorities. The FBI’s affidavit paints a picture of Mijangos as a wheelchair-bound voyeur who roamed online chat rooms stalking his victims. After the FBI raid, in which investigators confiscated his computer and a trove of videos, many of them of teenage girls, Mijangos admitted that he had hacked into women’s computers, but claimed he had only done so at the request of the women’s boyfriends or husbands. Most of his victims lived in Long Beach, not far from Santa Ana, but investigators say he preyed on women as far away as New Zealand.
According to police, Mijangos would eavesdrop on chat rooms and then, pretending to be one of the women’s friends, he would email them a song. Hidden inside the song’s MP3 file would be a malicious computer code that, police allege, enabled Mijangos to seize the controls of the woman’s computer without her knowing it. He scanned files, photos, and videos, siphoning off anything sexually compromising. In exchange for not posting these racy images on the Internet, Mijangos would then demand that the woman send him new photos or videos of herself masturbating, according to the FBI. Out of fear, they sometimes obliged.
Sometimes, the cybervoyeur masqueraded as “yosoylammer.” (In geek slang, a “lammer” is a clumsy hacker. Mijangos, perhaps, used the term ironically—online he was anything but clumsy.) Other times he used the tags “Guicho” or “goldlion14.” But the FBI was able to trace the numerous complaints of sexual extortion back to an internet protocol, or IP, address, which every computer connected to the Internet has, and which was registered in Mijangos’ name. Mijangos even had a stack of T-shirts made with the nickname “Guicho” written on them.
These days, it doesn’t take an evil genius to infiltrate someone else’s computer. In fact, breaking and entering a computer by remote control is fairly commonplace, according to security experts. Says Robert Ellis Smith, founder of Privacy Journal, “Anyone with a year of community college and a fascination with computers can do this.” Ryan Calo, a senior research fellow at Stanford Law School’s Center for the Internet and Society, cautions that Google, Yahoo, and the other search engines sift out our personal choices for “marketing purposes.” As he explains, “They target specifically on this vulnerability.” And from there, with the available technologies, it’s a small step for a hacker to exploit those same vulnerabilities for profit or, in this case, sexual blackmail.
Staying out of a sexual predator’s clutches in cyberspace requires vigilance and good sense. Many of “Guicho’s” victims were underage, and Privacy Journal’s Smith suggests that parents should keep the kids’ computer in a well-trafficked place in the home so the adults can keep an eye on what’s on the screen. Also, he cautions, don’t open emails or attachments from unknown sources. If you believe that someone on the Internet is pretending to be a friend, don’t take a chance by opening the email. And don’t ignore the computer’s reminder to update the security software.
“The Internet can be a place of mischief,” he warns. But for K.S., N.W., and Guicho’s hundreds of other female victims, the Internet became a place of shame and dread.
Tim McGirk has covered Afghanistan, Pakistan, Iraq and the Israeli-Palestinian conflict as a bureau chief for Time magazine. He is now writing out of California.