An army contractor who worked on a U.S. military base in Iraq hacked into the computers of teenage girls to harass and extort sexually explicit images from them, authorities allege. Police say he and an accomplice targeted some 4,000 young women around the world, including six Florida teens — one of whom he cyber-stalked for years, beginning when she was 14, and showed up at her work place.
According to the complaint filed in the case (.pdf), the alleged perpetrator, Patrick Connolly, 36, planted malware on victims’ computers to spy on them and threatened them and family members with harm and public embarrassment if they didn’t send suggestive images or perform sexually for him in front of their web cameras. He also allegedly used his personal Paypal account to purchase and send a pair of Abercrombie & Fitch jeans and Louis Vuitton handbag to one of his victims.
The Northern Ireland-born contractor and UK citizen was employed in Iraq by Tennessee-based EOD Technologies and resided on the U.S. military base at the Baghdad International Airport. He was arrested at an airport in Atlanta, Georgia, last week. The complaint didn’t indicate what he was doing in the U.S., though it’s possible he was lured to the U.S. under a ruse to arrest him. He’s been charged with one count of computer hacking, but he’ll be transferred to Florida, where he may face additional charges.
The U.S. attorney’s office in Florida has not yet responded to a query from Threat Level.
Connolly’s arrest followed a years-long investigation that was aided by information from an accomplice named Ivory Dickerson, who told authorities that he “shared” the teen victims with Connolly.
Dickerson, a civil engineer, pleaded guilty to child pornography charges two years ago after authorities said they found several hundred thousand child porn images on his home computer in North Carolina. He’s currently serving a 110-year sentence.
According to the complaint, which lists details, but not the names, of seven female victims, one of the victims was 15 years old in 2005 when Connelly allegedly contacted her via AOL instant message using the screen-name “cucumbersn7” and instructed her to send him digital pictures of herself in the shower. When she sent him a photo of herself clothed with wet hair instead, he told her he knew where she lived — and sent her address to prove it — and threatened to harm her sister if she didn’t comply with what he wanted. To avoid distressing her family, she sent him ten black and white photos, two of them showing her topless with her arms covering her breasts. When her harasser said the photos weren’t good enough, she sent 10 more color photos of her in the nude. Connelly later allegedly created a MySpace page where he posted some of the images she sent him.
Another victim, who resides in Vancouver, British Columbia, told authorities she’d been harassed for several years by an anonymous perpetrator who convinced her to use her web cam to record herself performing sex acts. During this time, she said someone named Patrick Connolly called her and told her he wanted to help her get rid of the person who hacked her computer and was harassing her.
A victim in Florida told investigators that in 2002 when she was 14, she began chatting online with someone who identified himself as Patrick Connolly. He told her he was from Ireland and was in the UK army and residing in Saudi Arabia. He even sent her photos of himself, purportedly taken in Saudi Arabia.
After they’d been in touch a while, Connolly allegedly demanded that she send him sexual videos of herself. When she refused, he sent suggestive photos of her to her boyfriend. In 2004, she told investigators, he popped up in Florida at her job and said he wanted to take her to Universal Studios. She refused and he left but continued to harass her online. When she tried to end contact, Connolly allegedly threatened to send some of the explicit videos she’d given him to her grandmother. The harassment stopped for a while, but in January of this year, someone contacted her through a Facebook account and demanded more images of her under threat that he’d post the ones she’d previously sent him online.
Another Florida victim was 14 when she was contacted by the harasser online. While he was chatting with her online, he called her from a Saudi Arabian cell phone number.
FBI and Secret Service agents launched an investigation, posing as the victims online and creating a honeypot to sniff packets sent to the victims’ computers. They found that a malicious program the perpetrator embedded in an image file sent to some of the victims caused their computers to contact an IP address in Saudi Arabia. They also contacted an IP address belonging to Dickerson in the U.S.
According to the complaint, authorities initially contacted Dickerson as a potential victim in November 2005. Agents told Dickerson his system might have been hacked by the harasser and asked permission to search his computer for evidence of an intruder. Dickerson refused. Shortly after this, the URLs that had pointed to his IP address redirected to an address in Saudi Arabia, and the communication between the victims and their attacker ceased.
But then about seven months later, a 17-year-old girl in Miami received an AIM from someone using the screen-name “cucumbersn” and “Casper Loves Ya.” Agents found the same malicious program on this victim’s computer, which was communicating surreptitiously with a computer at an IP address registered to Dickerson in Seven Lakes, North Carolina.
In November 2006, agents executed a search warrant on Dickerson’s North Carolina residence. They seized an external hard drive that contained copies of the same Trojan horse program that infected the victim’s computers as well as images and text files taken from the victims’ computers. Agents found evidence of more than 4,000 victims whose computers had been targeted by Dickerson as well as more than a million pornographic images, several hundred thousand of which were categorized as child porn.
Dickerson told authorities that he targeted the girls with a female accomplice in London named “Lauren” who hacked into the girls’ computers. Dickerson said he believed “Lauren” was actually Patrick Connolly because “Lauren” often talked about Connolly and said she vacationed with him in Thailand. “Lauren” even sent Dickerson pictures of Connolly.
Connolly eluded capture until investigators got a break this year, when the victim in Canada told investigators that someone using the name “Lanie Crooks” contacted her through her Facebook account and threatened to post nude photos of her on Facebook before identifying himself as her harasser from “the old days.” To bolster his threat, he sent the victim a webcam video of her naked in her bedroom and said he had 87 other similar videos.
Investigators tracked “Lanie Crooks” to a Hotmail account that was opened from an IP address in Baghdad. Right after the Hotmail account was created, a Facebook account for “Lanie Crooks” was created, after which someone immediately used the account to search for names of the teen girls who had previously been the harasser’s victims in 2005 and 2006. Investigators traced a Facebook account in Connolly’s real name to an IP address that was also used to open the Lanie Crooks Hotmail and Facebook accounts. The IP block was registered to Magic Island Technologies at Camp Liberty in Baghdad.
The investigation culminated in his arrest last week.
According to the complaint, Connolly’s real Facebook page indicated he’s married to a woman from Thailand and is expecting a son with her in April.
Filed under: Military Industrial Complex Tagged: | Iraq, FBI, malware, Patrick Connolly, Paypal, EOD Technologies, Ivory Dickerson, Secret Service, cucumbersn, cucumbersn7, Casper Loves Ya, Lauren, Lanie Crooks, Magic Island Technologies, Camp Liberty