WASHINGTON – A Ohio man was charged Wednesday as part of chilling, 13-year cybertheft campaign in which he allegedly stole personal data from thousands of people and remotely controlled their devices, allowing him to monitor unsuspecting victims and listen to their communications.
Phillip Durachinsky, a 28-year-old computer programmer, was charged in a 16-count federal indictment alleging fraud, identity theft and violations of the federal Wiretap Act.
Among his alleged victims were workers whose computers were owned by private companies, schools, a law enforcement agency and a subsidiary of the U.S. Department of Energy. The case was announced as government officials continue to assess the vulnerability of critical online systems, and as cybercriminals and U.S. adversaries have increasingly trained their sights on American targets.
Starting in 2003 and running through last January, federal prosecutors assert that Durachinsky installed malware--which authorities later named "Fruitfly" – to steal passwords, tax records, medical documents, photographs, bank statements and sensitive personal communications.
At the same time, according to court documents, the suspect amassed a collection of child pornography.
"This defendant is alleged to have spent more than a decade spying on people across the country and accessing their personal information," Ohio Assistant U.S. Attorney David Sierleja said.
Cleveland FBI chief Stephen Anthony described Durachinsky as possessing "sophisticated skill" that was used to compromise "numerous systems and individual computers."
Federal authorities said the malware allegedly allowed Durachinsky to control personal computers and some systems, providing access to stored data and commandeer internal cameras and microphones "to surreptitiously record images and audio."
In many cases, according to court documents, Durachinsky "watched and listened to victims without their knowledge or permission and intercepted oral communications taking place in the room where the infected computer was located."
The suspect allegedly saved "millions of images and often kept detailed notes of what he saw."
According to court documents, Durachinsky was identified following a breach involving more than 100 computers at Case Western Reserve University. That breach was traced to the suspect who is a university alumnus.
Durachinsky was arrested a short time later, but it has taken federal investigators much of the past year to complete the inquiry, producing Wednesday's charges.
Durachinsky, whose initial appearance on the indictment has yet to be set, faces a maximum punishment of at least 20 years in prison.
► Make it easy to keep up to date with more stories like this. Download the WFMY News 2 App now