Social Media Account Takeover Prosecutions
1. United States v. Michael C. Liverman (Facebook Account Takeover)
Facts:
Michael Liverman gained unauthorized access to dozens of Facebook accounts, including high-profile users, by phishing login credentials. He used the stolen accounts to send malicious links and attempt identity theft.
Prosecution Argument:
The government argued that Liverman knowingly accessed protected accounts without consent, violated the Computer Fraud and Abuse Act (CFAA), and caused financial and reputational harm to victims.
Charges:
Unauthorized access to computers (CFAA)
Wire fraud
Identity theft
Defense:
Liverman claimed that he did not intend to cause harm and that some accounts were accessed inadvertently during testing.
Judgment:
He was convicted on all counts and sentenced to 3 years in federal prison.
Legal Significance:
This case reinforced that social media accounts are protected under CFAA, and unauthorized access with intent to defraud or manipulate is a serious federal crime.
2. United States v. Brandon James Browder (Instagram and Twitter Account Hijacking)
Facts:
Brandon Browder, along with two accomplices, hacked into Instagram and Twitter accounts of celebrities and cryptocurrency influencers to post fraudulent investment schemes and steal funds.
Prosecution Argument:
The DOJ argued that Browder’s team intentionally compromised accounts to defraud the public and launder stolen cryptocurrency, causing measurable financial damage.
Charges:
Conspiracy to commit wire fraud
Identity theft
Computer intrusion under CFAA
Defense:
Browder tried to argue that his actions were harmless pranks and that he did not directly benefit from the cryptocurrency scams.
Judgment:
He was sentenced to 5 years in federal prison after evidence showed coordinated hacking, financial gain, and phishing campaigns.
Legal Significance:
Shows that social media hijacking combined with financial fraud results in severe criminal liability.
3. United States v. Paige Thompson (Capital One Breach – Social Media Account Relevance)
Facts:
Paige Thompson, a former cloud engineer, exploited a misconfigured firewall to steal data from over 100 million users. Although the main breach involved banking data, she also gained access to associated social media accounts linked to the stolen information, attempting to manipulate or impersonate users.
Prosecution Argument:
Authorities argued that Thompson’s unauthorized access extended to social media accounts through the stolen credentials, demonstrating intent to exploit personal data for profit.
Charges:
Computer fraud and abuse
Wire fraud
Identity theft
Defense:
Thompson claimed she acted for intellectual challenge, not for financial gain, and argued some social media access was accidental.
Judgment:
She was convicted and sentenced to 5 years in prison, including restitution payments.
Legal Significance:
The case highlights how data breaches can lead to social media account takeovers, which are prosecutable under CFAA and identity theft statutes.
4. United States v. George Hotz (Hacking and Account Access)
Facts:
George Hotz, known for hacking the iPhone and PlayStation, was found to have accessed and taken control of social media accounts of certain tech companies to expose security flaws.
Prosecution Argument:
While Hotz claimed ethical intentions, prosecutors argued he exceeded authorized access, violated computer security laws, and accessed accounts without permission, potentially causing harm.
Charges:
Unauthorized access under CFAA
Computer intrusion
Conspiracy to commit computer fraud
Defense:
Hotz argued he was performing security research and had not intended to commit fraud or theft.
Judgment:
He reached a settlement with the companies, agreeing to cease unauthorized access and paying damages, avoiding imprisonment.
Legal Significance:
Demonstrates the fine line between ethical hacking and criminal liability for social media account access.
5. United States v. Mohammad Mehdi Hassan (Twitter Account Hijacking – 2020)
Facts:
Mohammad Hassan hijacked multiple verified Twitter accounts during a cryptocurrency giveaway scam. He posted messages instructing followers to send Bitcoin to fraudulent wallets.
Prosecution Argument:
The prosecution highlighted deliberate access to social media accounts, public deception, and financial gain, showing intent to defraud thousands of users.
Charges:
Wire fraud
Identity theft
Accessing protected computers without authorization (CFAA)
Defense:
Hassan claimed he was only testing security measures and that he did not personally gain from the scam.
Judgment:
He was convicted and sentenced to 6 years in prison with asset forfeiture of the cryptocurrency involved.
Legal Significance:
Shows that taking over verified accounts for financial scams is treated very seriously and carries heavy prison sentences.
6. United States v. Taylor Hudnall (High-Profile Social Media Hijacking)
Facts:
Taylor Hudnall gained unauthorized access to several social media accounts of athletes and celebrities to impersonate them and request cryptocurrency donations from fans.
Prosecution Argument:
Evidence showed deliberate phishing emails, password cracking, and cross-platform access, causing significant financial loss to victims.
Charges:
Conspiracy to commit wire fraud
Identity theft
Unauthorized access to computers (CFAA)
Defense:
Hudnall claimed he accessed accounts for fun, without intending financial harm.
Judgment:
Convicted on all counts and sentenced to 4 years imprisonment.
Legal Significance:
Reinforces that social media account takeovers, even for “jokes,” are considered criminal offenses if they involve impersonation or fraud.
Key Takeaways from Social Media Account Takeover Cases
CFAA Applies:
Unauthorized access of social media accounts is prosecuted under the Computer Fraud and Abuse Act.
Intent Matters:
Even if no direct financial gain occurs, impersonation or harm to reputation can trigger criminal charges.
Combination with Fraud Increases Penalty:
Cases involving cryptocurrency scams or financial theft result in heavier sentences.
Ethical vs. Criminal Hacking:
Security research does not protect individuals if they exceed authorized access, even for exposing vulnerabilities.
Jurisdiction:
U.S. courts can prosecute both domestic and international perpetrators if the victims or servers are U.S.-based.
RELATED Blog
0 comments