November 3, 2016 by

Arizona Man Arrested after Alleged Hack of Thousands of University Email Accounts

A 20-year-old man from Phoenix, Arizona has been arrested and charged for allegedly hacking into thousands of student email accounts at multiple universities around the United States.

Johnathan Powell was arrested on November 2 for allegedly compromising thousands of email accounts using his work computer while targeting an unnamed New York City area university, the U.S. Department of Justice revealed.

Powell also went on to compromise other online and social media accounts linked to the university email accounts, before mining those linked accounts to access email accounts at over 75 other universities across the United States. Prosecutors also allege that Powell caused losses of over $5,000 during his hacking spree.

Highlighting the case as a ‘wakeup call’ for universities and educational institutions around the country, Manhattan U.S. Attorney Preet Bharara stated:

As alleged, Johnathan Powell targeted dozens of universities around the country, successfully hacking into student email accounts hosted on at least two universities’ servers and accessing the social media, email, and other online accounts of many of those students.

“Powell allegedly stole students’ personal information and searched their photos for potentially embarrassing content,” Bharara added.

Powell is alleged to have attempted unauthorized access to over 2,000 university accounts, while “sitting at a computer more than 2,000 miles away,” added FBI Assistant Director William F. Sweeney Jr.

The law enforcement agent further revealed that Powell had used password reset tools to unlock thousands of personal storage spaces online before accessing personal content illegally. The accounts that he compromised further from his initial hack of email accounts include those on popular platforms such as Facebook, Google, Yahoo!, LinkedIn and Apple iCloud, among others.

An analysis of the compromised University’s reset utility logs and other data revealed that Powell had used the institution’s password reset utility approximately 18,640 times between October 2015 and September 2016. During that period, Powell attempted about 18,600 password changes in relation to approximately 2,054 unique university email accounts, ultimately succeeding to make 1,378 password changes in connection with approximately 1,035 university email accounts.

Predictably, that trend replicates with other targeted and compromised universities.

Powell is charged with one count of fraud in connection with computers, a charge that carries a maximum sentence of five years in prison.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

DOJ Charges Leaker of NSA Docs on Russia’s Election Hacking

 A top-secret NSA report published by The Intercept today points has seemingly confirmed long-held...

Read more arrow_forward

Jailed: Teenage Hacker who Developed DDoS Tool Behind 1.7 Million Cyberattacks

A former teenage hacker who developed software in his bedroom that was used to trigger over a...

Read more arrow_forward

Russian Spies Hired Cybercriminals to Hack 500 Million Yahoo Accounts: Justice Dept

The United States government has directly implicated Russian agents of instigating and directing the...

Read more arrow_forward