Hacker turns around, works for good guys
A software hacker who helped sex addicts pirate private nude pictures from Photobucket’s online cache of 10 billion photographs will avoid prison time by helping the Denver company he victimized.
Once an enabler for internet blackmailers, Greek computer programmer Athanasios “Thaos” Andrianakis, 27, now works as an unpaid computer engineer for Photobucket, using artificial intelligence tools to write software that exposes child pornographers and ferrets out clients who violate the company’s pornography prohibition.
Andrianakis’ story is similar to that of a 1960s-era check forger, Frank Abagnale Jr., who stole millions of dollars from banks before working as a corporate security consultant. Abagnale was released early from prison on the condition he work without pay for the FBI’s fraud detection unit. Abagnale’s exploits were memorialized by Leonardo DiCaprio in the movie “Catch Me if You Can.”
Cyrus Jack, Photobucket’s director of engineering, wrote a letter on Andrianakis’ behalf to U.S. District Judge Wiley Daniel before his sentencing on computer-fraud charges asking for leniency. Jack believed Andrianakis was genuinely contrite after being caught in the photo-pirating scheme. That later helped ensure Andrianakis got probation and would be available to work for the company.
Andrianakis’ accomplice, Brandon Bourret, who didn’t have Photobucket’s backing, was sentenced to 29 months in prison. Andrianakis must work for Photobucket for 18 months to help plug the software security weaknesses that he once manipulated for cash.
“This is an extraordinary accord between a criminal defendant and the victim, and it demonstrates Mr. Andrianakis’s exemplary character and acceptance of responsibility,” his Denver attorney, Patrick Burke, wrote in a federal court motion.
Jeffrey Dorschner, spokesman for Acting U.S. Attorney Bob Troyer, said it’s extremely rare for a defendant to be sentenced to work for a victim for free.
The cases of the two defendants are also different, Dorschner said. Bourret contacted victims and asked for money to remove their sensitive photos from public view, while Andrianakis’ role in the crime was more technical and focused on the weaknesses in Photobucket’s computer program.
Andrianakis grew up in a small village on Crete, a Greek island, where at the age of 10 he began fixing electronics for neighbors. Andrianakis earned a degree in computer engineering from the Technical University of Crete in 2012 and a master’s degree in electrical engineering at San Jose State University in 2015.
On May 25, 2012, Andrianakis found Bourret’s website and offered him a better way to hack into Photobucket to find and copy, or “rip,” nude images from specific Photobucket clients. Bourret sold that program for $29.99 using PayPal. He advertised the program on the website Skch.me, using nude pictures pirated from Photobucket.
Bourret’s customers tapped the accounts of 1.9 million Photobucket clients. One of his customers, “pinkmeth,” blackmailed people with their own nude pictures that he pirated. An admitted pornography addict used the program to hunt down nude pictures of former classmates.
Photobucket workers found and fixed three of the duo’s security breaches, but Andrianakis wrote new “exploits” each time to again hack the system. Photobucket has since patched all of the exploits. The company found Bourret’s website and reported him to authorities, leading to the arrests of both Bourret and Andrianakis.
Because of the criminal charges, Andrianakis’ programming career appeared to be over. He was fired from one computer company and couldn’t get a job after applying to 200 software companies.
The matter of restitution to Photobucket came up as Andrianakis’ criminal case wound its way through federal court. The company explored the possibility of tapping his programming skills.
“Someone so smart about getting into our system could help us keep others out,” Photobucket attorney Marc Callipari said.
Jack and Photobucket executive director John Corpus let Andrianakis tell them his side of the story, and they believed he made a youthful mistake.
“We wanted to take him on a trial basis,” Jack said. “We were very, very careful.”
They asked Andrianakis to help tackle a troubling pattern in which child pornographers were using Photobucket to transfer graphic pictures of children.
Andrianakis began working without pay from his home in California as a probation condition.
Years earlier, Photobucket had hired four employees to scour their site for pornography and report any findings to detectives. The crew turned over 350 explicit photographs to authorities, contributing to the arrests of dozens of child pornographers and one child killer, Jack said.
But Photobucket clients upload 2 million photographs daily on the website and the crew could only scan about 100,000 pictures a day, Jack said. That’s where Andrianakis came in.
In just six weeks, using a form of artificial intelligence, he figured out a way to analyze all 2 million photographs to identify explicit content, Jack said. He added: “The program is 82 percent effective in determining if a picture is child porno. It made our job more efficient and effective.”
The program will also help the company detect legal but explicit nude photographs and videos uploaded by clients in violation of company terms.
“Hopefully, the word will get out that Photobucket is not the place to hide explicit photographs,” Callipari said.
Andrianakis works up to 15 hours a day and is a perfectionist, Jack said. His programming has helped every department of Photobucket, including marketing the site overseas.
Also like Abagnale, it appears Andrianakis will be able to make the transition from working for free while on criminal probation to making a full-time wage doing good work rather than bad, Jack said.
Jack is so impressed with Andrianakis’ work that he said he would hire him without hesitation.
“We are very happy with the work he is doing. He will get the best recommendation,” Jack said. “He is very interested in making a positive impact on the world.”