A former NASA contractor has been arrested for allegedly sextorting nude photos out of women.
The US Department of Justice (DOJ) said on Wednesday that Richard Gregory Bauer, 28, a former contractor at NASA Armstrong Flight Research Center who used aliases including “Steve Smith,” “John Smith,” and “Garret,” was arrested by special agents with NASA’s Office of Inspector General.
A 14-count indictment claims that Bauer targeted seven women with online threats to publish nude photos unless the victims provided him with additional explicit pictures. Bauer is charged with stalking, unauthorized access to a protected computer, and aggravated identity theft.
According to the indictment, over the past several years, Bauer harassed his victims on Facebook and via email, sending nude photos to six of the seven victims, and threatening to post the images online unless the women sent him additional photos of them undressed.
How did he get the photos?
Using his real name, Bauer is said to have reached out to his victims on Facebook, asking them questions that were purportedly for a project he was working on for a “human societies class”.
Some of those questions were the same type of thing you’d use to reset your passwords, such as: What’s the name of your first pet? In what city did your parents first meet?
As Google researchers have shown, the kinds of questions that are easy to remember are often insecure because answers are common or distributed unevenly across the user population.
Likely the best a memory-challenged human can do, in order to avoid using common, easy to guess or poorly chosen answers, is to generate a random string of letters, numbers and special characters, and then store them in a password manager.
With answers in hand for password resets, Bauer would have been able to take over the accounts.
Beyond that phishing approach, malware can get a crook what he’s after, and the indictment claims that Bauer used that path as well: it charges him with convincing victims to install malware, claiming that he needed their help in testing software he said he’d written, and using the malware to capture their passwords.
If convicted of the 14 charges in the indictment, Bauer would face a statutory maximum sentence of 64 years in federal prison, though maximum sentences are rarely handed out.
Mahhn
Lisa, is there any word on if he was doing this at the NSA facility, and if he was using their tools (exploits and or malware) to commit his crimes?
Thanks
Mark Stockley
Note that it’s NASA rather than the NSA.
Lisa Vaas
oh yea, the National Stalker Agency, where spying tools come in handy to check out your love interests! https://nakedsecurity.sophos.com/2013/10/01/nsa-national-stalker-agency/
Mahhn
sorry about that, I get a story part read, work interrupts, I get back and, maybe I just expect all these (somebody done somebody wrong stories) to come out of the NSA lol, sorry. I will work on proof reading my misguided rants a little better.
Lisa Vaas
The DOJ didn’t say, one way or the other, but I would conjecture that if he had indeed used NASA equipment to carry out the exploits, it would have led to additional charges in the indictment.
Dave
64 years sounds good. Now go after Rachael.
Max
The amount of “allegedly” in this article is too damn high! “[the indictment] charges him with allegedly convincing victims…” I think they charged him with an actual crime, not an alleged one ;)
Paul Ducklin
Point taken. I reworded it so that the presumption of innocence is clear but the word “allegedly” appears a bit less frequently :-)