Hacker turns around, works for good guys

The Denver Post - - FRONT PAGE - By Kirk Mitchell

A soft­ware hacker who helped sex ad­dicts pi­rate pri­vate nude pic­tures from Pho­to­bucket’s on­line cache of 10 bil­lion pho­to­graphs will avoid prison time by help­ing the Denver com­pany he vic­tim­ized.

Once an en­abler for in­ter­net black­mail­ers, Greek com­puter pro­gram­mer Athana­sios “Thaos” An­dri­anakis, 27, now works as an un­paid com­puter en­gi­neer for Pho­to­bucket, us­ing ar­ti­fi­cial in­tel­li­gence tools to write soft­ware that ex­poses child pornog­ra­phers and fer­rets out clients who vi­o­late the com­pany’s pornog­ra­phy pro­hi­bi­tion.

An­dri­anakis’ story is sim­i­lar to that of a 1960s-era check forger, Frank Abag­nale Jr., who stole mil­lions of dol­lars from banks be­fore work­ing as a cor­po­rate se­cu­rity con­sul­tant. Abag­nale was re­leased early from prison on the con­di­tion he work without pay for the FBI’s fraud de­tec­tion unit. Abag­nale’s ex­ploits were memo­ri­al­ized by Leonardo DiCaprio in the movie “Catch Me if You Can.”

Cyrus Jack, Pho­to­bucket’s di­rec­tor of en­gi­neer­ing, wrote a let­ter on An­dri­anakis’ be­half to U.S. District Judge Wi­ley Daniel be­fore his sen­tenc­ing on com­puter-fraud charges ask­ing for le­niency. Jack be­lieved An­dri­anakis was gen­uinely con­trite af­ter be­ing caught in the photo-pi­rat­ing scheme. That later helped en­sure An­dri­anakis got pro­ba­tion and would be avail­able to work for the com­pany.

An­dri­anakis’ ac­com­plice, Brandon Bour­ret, who didn’t have Pho­to­bucket’s back­ing, was sen­tenced to 29 months in prison. An­dri­anakis must work for Pho­to­bucket for 18 months to help plug the soft­ware se­cu­rity weak­nesses that he once ma­nip­u­lated for cash.

“This is an ex­traor­di­nary ac­cord be­tween a crim­i­nal de­fen­dant and the vic­tim, and it demon­strates Mr. An­dri­anakis’s ex­em­plary char­ac­ter and ac­cep­tance of re­spon­si­bil­ity,” his Denver at­tor­ney, Pa­trick Burke, wrote in a fed­eral court mo­tion.

Jef­frey Dorschner, spokesman for Act­ing U.S. At­tor­ney Bob Troyer, said it’s ex­tremely rare for a de­fen­dant to be sen­tenced to work for a vic­tim for free.

The cases of the two de­fen­dants are also dif­fer­ent, Dorschner said. Bour­ret con­tacted vic­tims and asked for money to re­move their sen­si­tive pho­tos from pub­lic view, while An­dri­anakis’ role in the crime was more tech­ni­cal and fo­cused on the weak­nesses in Pho­to­bucket’s com­puter pro­gram.

An­dri­anakis grew up in a small vil­lage on Crete, a Greek is­land, where at the age of 10 he be­gan fix­ing elec­tron­ics for neigh­bors. An­dri­anakis earned a de­gree in com­puter en­gi­neer­ing from the Tech­ni­cal Uni­ver­sity of Crete in 2012 and a master’s de­gree in elec­tri­cal en­gi­neer­ing at San Jose State Uni­ver­sity in 2015.

On May 25, 2012, An­dri­anakis found Bour­ret’s web­site and of­fered him a bet­ter way to hack into Pho­to­bucket to find and copy, or “rip,” nude im­ages from spe­cific Pho­to­bucket clients. Bour­ret sold that pro­gram for $29.99 us­ing PayPal. He ad­ver­tised the pro­gram on the web­site Skch.me, us­ing nude pic­tures pi­rated from Pho­to­bucket.

Bour­ret’s cus­tomers tapped the ac­counts of 1.9 mil­lion Pho­to­bucket clients. One of his cus­tomers, “pinkmeth,” black­mailed peo­ple with their own nude pic­tures that he pi­rated. An ad­mit­ted pornog­ra­phy ad­dict used the pro­gram to hunt down nude pic­tures of for­mer class­mates.

Pho­to­bucket work­ers found and fixed three of the duo’s se­cu­rity breaches, but An­dri­anakis wrote new “ex­ploits” each time to again hack the sys­tem. Pho­to­bucket has since patched all of the ex­ploits. The com­pany found Bour­ret’s web­site and re­ported him to au­thor­i­ties, lead­ing to the ar­rests of both Bour­ret and An­dri­anakis.

Be­cause of the crim­i­nal charges, An­dri­anakis’ pro­gram­ming ca­reer ap­peared to be over. He was fired from one com­puter com­pany and couldn’t get a job af­ter ap­ply­ing to 200 soft­ware com­pa­nies.

The mat­ter of resti­tu­tion to Pho­to­bucket came up as An­dri­anakis’ crim­i­nal case wound its way through fed­eral court. The com­pany ex­plored the pos­si­bil­ity of tap­ping his pro­gram­ming skills.

“Some­one so smart about get­ting into our sys­tem could help us keep oth­ers out,” Pho­to­bucket at­tor­ney Marc Cal­li­pari said.

Jack and Pho­to­bucket ex­ec­u­tive di­rec­tor John Cor­pus let An­dri­anakis tell them his side of the story, and they be­lieved he made a youth­ful mis­take.

“We wanted to take him on a trial ba­sis,” Jack said. “We were very, very careful.”

They asked An­dri­anakis to help tackle a trou­bling pat­tern in which child pornog­ra­phers were us­ing Pho­to­bucket to trans­fer graphic pic­tures of chil­dren.

An­dri­anakis be­gan work­ing without pay from his home in Cal­i­for­nia as a pro­ba­tion con­di­tion.

Years ear­lier, Pho­to­bucket had hired four em­ploy­ees to scour their site for pornog­ra­phy and re­port any find­ings to de­tec­tives. The crew turned over 350 ex­plicit pho­to­graphs to au­thor­i­ties, con­tribut­ing to the ar­rests of dozens of child pornog­ra­phers and one child killer, Jack said.

But Pho­to­bucket clients up­load 2 mil­lion pho­to­graphs daily on the web­site and the crew could only scan about 100,000 pic­tures a day, Jack said. That’s where An­dri­anakis came in.

In just six weeks, us­ing a form of ar­ti­fi­cial in­tel­li­gence, he fig­ured out a way to an­a­lyze all 2 mil­lion pho­to­graphs to iden­tify ex­plicit con­tent, Jack said. He added: “The pro­gram is 82 per­cent ef­fec­tive in de­ter­min­ing if a pic­ture is child porno. It made our job more ef­fi­cient and ef­fec­tive.”

The pro­gram will also help the com­pany de­tect le­gal but ex­plicit nude pho­to­graphs and videos up­loaded by clients in vi­o­la­tion of com­pany terms.

“Hope­fully, the word will get out that Pho­to­bucket is not the place to hide ex­plicit pho­to­graphs,” Cal­li­pari said.

An­dri­anakis works up to 15 hours a day and is a per­fec­tion­ist, Jack said. His pro­gram­ming has helped ev­ery de­part­ment of Pho­to­bucket, in­clud­ing mar­ket­ing the site over­seas.

Also like Abag­nale, it ap­pears An­dri­anakis will be able to make the tran­si­tion from work­ing for free while on crim­i­nal pro­ba­tion to mak­ing a full-time wage do­ing good work rather than bad, Jack said.

Jack is so im­pressed with An­dri­anakis’ work that he said he would hire him without hes­i­ta­tion.

“We are very happy with the work he is do­ing. He will get the best rec­om­men­da­tion,” Jack said. “He is very in­ter­ested in mak­ing a pos­i­tive im­pact on the world.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.