A gay high school teacher was fired from his job in October after a cyberthief broke into his Dropbox account, stole a sex tape, and posted it to the school’s site.
Brian Cody Bray told the Washington Blade that he was home sick on 29 October when a co-worker called to tell him that the video had been posted to his faculty page on the website of Maumelle Charter High School, in Maumelle, Arkansas.
The newspaper quotes him:
Pretty much immediately after that phone call I went to the bathroom and threw up.
I was just in shock that, oh, my God, this is something that will impact my career, impact my life, and what am I going to do?
Bray explained to school administrators that a cyberintruder had somehow gotten unauthorized access to his Gmail account, from which they had found and stolen his user names and passwords for multiple accounts.
That included the login details for his Dropbox account.
Bray recently put up a site that explains the incident, which he calls a cyber hate crime.
On the site, Bray says that the intruder accessed a folder on his Dropbox account that contained a video of “an intimate encounter between myself and another informed, consenting adult male.”
While they were trespassing in Bray’s Dropbox account on 28 September, the marauder renamed a folder from “Private” to “FagTeachBray.”
On that same Monday, the intruder texted the sex video URL to a student.
He or she apparently got the phone number from the Dropbox account, where Bray says he kept phone numbers of students he called regularly about school activities.
The next day, 29 September, the link to the sex tape was posted to the school’s faculty site, and more texts from somebody identifying himself as “Jonathan” pointed the student to the school site where it could be viewed.
Bray told the Washington Blade that he believes that “Jonathan” is the person responsible for the breach.
The student who received the text messages reportedly said that the sender had his own cell phone number blocked on his text messages.
Bray posted screenshots showing that whoever accessed his Dropbox account appears to be located in Gainesville, Florida.
Students took screenshots of the video and passed around the images via Snapchat and texting.
The linked video was live for only a few hours before school administrators took it down.
The same day, Bray was put on unpaid leave while the charter school investigated. He was fired on 8 October.
Bray told the Washington Blade that he wasn’t surprised. Initially, he agreed with the move, given that he wasn’t emotionally ready to face his students:
[I was told that] of course I had to be dismissed at the time because I had lost any kind of authority with my students there.
He says he has since come to the conclusion that he wasn’t given due process and that the school acted unfairly by refusing to provide him with severance pay and by suggesting to the school community that he was at fault for what happened despite his explanation that the video was posted to the school website by a malicious cyberintruder.
School officials also filed what Bray says were two ethics complaints against him with the Arkansas Professional Licensure Standards Board, which has authority to revoke teachers’ licenses.
The school asserted that Bray had at least some responsibility for the posting of a pornographic video on the school’s website.
But on 12 January, the board cleared Bray, citing insufficient evidence.
The school is yet to comment.
Bray told the Washington Blade that he was told the FBI is investigating the case. But he said that on contacting local police, he found that the school hadn’t filed an official report.
A KATV reporter has filed a Freedom of Information Act (FOIA) request to find out, among other things, what disciplinary action against Bray is on file.
Bray told the newspaper that he’s filed his own police complaint but isn’t sure what law enforcement agencies, if any, are investigating.
As Bray points out on his site, Arkansas is one of only 5 US states that lack hate crime laws. The others are Georgia, Indiana, South Carolina, and Wyoming.
At any rate, even if Arkansas had a hate crime law, it likely wouldn’t cover this crime, given that such laws tend to limit themselves to coverage of violent hate crimes.
But whatever state you live in, the law doesn’t ignore the type of crime inflicted on Bray.
The unauthorized accessing of Bray’s accounts constitutes one or more felony offenses.
Bray is now appealing for financial assistance as he grapples with unemployment and legal costs.
He’s pledged to donate money that exceeds his $10,000 goal to a campaign to get hate crime laws enacted in Arkansas and to a program for LGBTQ homeless people.
Nobody should have to go through what he’s gone through.
To protect yourself from having your passwords stolen, keep them out of your email account.
A much safer place to store logins is in a password manager.
You still have to cook up one long, strong master password (here’s how), but it’s much safer than keeping them all in one spot where an intruder can get at them, be it in your Gmail account or scribbled on sticky notes that you’ve plastered to your monitor.
Image of Sex Tape courtesy of Shutterstock.com
bbusschots
Looking at this from outside the US, this just looks like homophobia. This guy did nothing wrong, and now he is fired. Would a straight victim of hacking be treated in the same way?
I’m guessing Arkansas is also lacking in non-discrimination laws – it’s a pitty ENDA did not get through the legislature.
JR
Yes, it has happened before.
Greg
Yes a straight person would have been fired. I can think of of one particular example in my Country, a Female teacher who featured as a partially nude model in a mens magazine in her own time, she was fired as a result of parent’s complaints. This had nothing to do with the school.
Besides which, this is the US we’re talking about, violence is fine but consensual sex is an abomination, so being gay had nothing to do with it. Such a very very weird country.
Hugo Köncke
It’s up to this guy to record his intimate life on video, but he should be a little more cautious about leaving this kind of things online, no matter if it’s under a “protected” account. Things that shouldn’t be published, much better keep them safe in your drawer, or even better, don’t keep them at all.
bbusschots
Good old victim blaming – never takes long.
Mike
Isn’t cybersecurity all about victim blaming?
I hold nothing but malice toward the perpetrator, but thing like this will keep happenning if people don’t learn from the victim’s mistakes at the same time.
ch33kyf3ll0w
As a security professional, anyone who uploads something incredibly personal to the internet like this needs to realize there is ALWAYS a chance that something like this could happen. By uploading the sensitive data you, whether knowingly or unknowingly, are subjecting yourself to the possibility people will see it outside of whom you intended.
Eu
Even better – don’t create such a content!
This is not the first, and certainly, not the last case when a private picture/video is leaked through whatever means, including the alleged hacking.
Mary
You are nobody to tell people what to create and what not.
KEN
It is like forgetting to put on your pants and then blaming those who look at you…..except that he did not FORGET…..he did intentionally…..unless he is claiming rape.
I was just in shock that, oh, my God, this is something that will impact my career, impact my life, and what am I going to do?
here’s a clue…..don’t do the film.
Chris M
He did create the video intentionally, but he didn’t post it on the school website intentionally, did he?
I assume you are sometimes naked in your own home (like when taking a shower), if I snuck in a took a photo of you and posted it in your workplace, would it be my fault or your fault?
Mahhn
I feel sorry for the person taking the hit to his career, but, if you put anything on the internet at all, you should always expect it to become public. Inventions, photos, documents, chats, databases.
All internet storage dropbox/googledox are a fools safe, because they aren’t.
Paul
I doubt the school board would have acted differently had the sex tape been of a heterosexual teacher and a woman. Why is it automatically a ‘hate crime’ only if a homosexual is involved?
Paul Ducklin
I’m assuming the “hate crime” aspect is because the crook didn’t just steal the data but deliberately used it in a way calculated to get the guy in trouble, potentially ruin his career, screw up his life, etc. In other words, over and above the computer hacking crimes, a “hate crime” law would take into account what the crook did with the data that was stolen, and why. It needn’t have been a sex tape. Could have been anything done with the intention of causing some sort of injury to the other person.
(I think this is the reason that in some countries, truth alone is not a defence against libel. Statements must be true *and in the public interest*.)
MossyRock
I agree that the school board’s decision probably would have been the same if the teacher was heterosexual. However, there’s nothing “automatic” about it being classified as a hate crime. Refer to the definition of a “hate crime” and you’ll see that it was. The fact that his folder was renamed with the ugly “F” word makes it quite clear.
It is very unfortunate that the victim lives in Arkansas. Attitudes there, as with the rest of the southern USA tend to be very harsh with respect to sexual minorities.
I see a lot of people that I know taking breath-taking risks with their privacy in cyberspace. Additionally, their passwords are generally weak and often re-used. Their attitude is that this type of stuff will never happen to them, as cyberspace is vast and no one is interested in their stuff.
David Daynard
What’s more likely? He was “hacked” or he left a shared work computer logged into Gmail and or Dropbox?
MossyRock
More likely he was hacked. On Bray’s website he shows how his account was accessed from someone in Gainesville, FL.
phillipduran (@phillipduran)
Adults can have sex. Adults can move pictures online privately. He was hacked. Private stuff got leaked. What he did is not illegal or even irresponsible. Why doesn’t the school stand with the teacher and support him during this violation of his privacy? Instead, they fire him. Makes no sense. You can deal with issues like this. The schools reaction is condemning his legal, adult activities. I’d show up to school the next day, explaining that yes, just like every single one of your parents, I have sex too. Unfortunately my private pictures of this were stolen and shared online. Yes, I’m and adult, I do those things. . . OK, open your books to page 25, were going to learn about the Pythagorean theorem. The teachers administrators are acting like 12 year olds.
wkitty42
my only comment is that the headline is incorrect… bray’s dropbox account was not hacked… it was illegally accessed… it was his gmail account that was hacked… that all from the details given in the article…
Paul Ducklin
I think it’s OK to talk about “Y was hacked” when what happened is that “X was hacked and as a result of information retrieved, Y was subsequently hacked too.”
If I picked the lock on your front door, searched your house from top to bottom and found the hidden keys to your safe, then opened the safe and stole the contents…
…I think you’d say, “Someone broke into my safe!”
wkitty42
actually, no… because i know better… i’ve seen folks leave a phone or computer unlocked and then claim that someone “”hacked”” it when nothing of the sort was done… someone else just walked over and did something on it… no hacking involved… if the safe was drilled and busted open, then sure, “someone broke into my safe” but if they found and used the keys or the combination, that’s no breakage…
FWIW: i’m from the old school where hacking was a special talent used to recover access to corporate systems when the previous admin left no documentation with the passwords or they maliciously changed them right before the door hit them where the $deity split them… today’s use of the term is atrocious and doesn’t represent the real activity that hacking truly is or was…
you know
HAHAHAHAHAHAHAH
SR
It’s all very well those who are IT professionals and others who are suitably informed criticising the victims in these stories (and it has become somewhat of a trend), but not everyone sees the security implications with what they assume are personal and secure accounts.
People are so attached to their phones (rightly or wrongly) and even if they think they’ve used a good password often they haven’t. Without getting everyone who uses IT to think like someone in IT security there needs to be a radical change by the security experts as to how we secure information/access and not leave it so much to the users.
I’d like to see devices use other features, such as Iris scan, fingerprint scan, voice recognition, face recognition etc far more frequently or have it as a default security setting. That way the user wouldn’t have think of having to remember anything like a password if they are not particularly good at it.
Mex5150
This really does sound like the perfect story for Naked Security!