If you're in a monogamous relationship and you come home at 4 a.m. with no explanation, your significant other may wonder where you've been. According to the FBI, some jealous lovers are going straight to the nuclear option: hiring hackers to find your email password.
On Friday, federal prosecutors charged two Arkansas men, Mark Anthony Townsend and Joshua Alan Tabor, with operating a business that illegally obtained email passwords for customers who hoped to catch cheating spouses. The pair's company, needapassword.com, breached nearly 6,000 email accounts, including some hosted by Google and Yahoo, according to the indictments. Townsend, 49, allegedly established the website, which operated as recently as July 2013 and asked $50 to $350 per password. Tabor, 29, allegedly helped Townsend hack into the accounts. Both men are charged with accessing a protected computer without authorization and facilitating further access by others, a felony that carries a five-year prison sentence.
"Is your spouse cheating with someone? Do you know who they are? You have the right to read the personal thoughts your spouse is writing to others," Townsend and Tabor's website advertised last April, according to the FBI. The men allegedly offered to obtain passwords to Hotmail, Yahoo, AOL, Gmail and other accounts. (You can view a version of the site here.) Tabor and Townsend were caught hacking into Yahoo and Gmail accounts, according to the indictments. Attorneys for the two men did not respond to requests for comment Monday.
In the indictments, the FBI notes that the scheme was dependent on a target logging into his or her email and checking it. A Google spokeswoman says that it appears that its servers weren't directly hacked; instead, users' individual Gmail accounts were hijacked using a technique called spear phishing, in which a hacker sends a fake email that tricks an account owner into providing sensitive information. "We have a wide variety of protections in place at all times to guard our users against account hijacking," the Google spokeswoman said. A Yahoo spokeswoman adds, "Yahoo takes the security of our users very seriously."
After gaining access to an email account, the hackers would send a screenshot of the inbox to the customer as proof, and then solicit payment via Paypal for the password, according to the indictment. One bank account the FBI believes to be associated with the defendants received approximately $150,000 in about a year and a half. According to the FBI, Townsend used a computer system that belonged to the fire department in his home town of Cedarville, Arkansas, where he was a volunteer for the local search and rescue team.
The FBI notes that the scheme wasn't always successful: An agent from the Los Angeles field office interviewed a customer identified in the indictment and search warrant as, "J.B.," who suspected her boyfriend of not being faithful. She signed up for the site, but received a message saying that although the site had obtained a password, it wasn't working: "Maybe he typed it wrong or he's suspicious."
The feds aren't just cracking down on people who allegedly do the hacking, they're going after customers too: indictments unrelated to the "needapassword" case were issued last week against three Americans who paid between $1,011 and $21,675 to hackers in order to obtain email passwords.
Read the FBI's search warrant on the case here: