A 28-year-old Ohio man was indicted for digitally spying on people for more than 13 years.
Phillip Durachinsky has been charged with allegedly creating and installing computer malware called Fruitfly that let him spy on and record victims.
He allegedly accessed thousands of computers, including those owned by individuals, companies, schools, a police department and a subsidiary of the U.S. Department of Energy. The U.S. Department of Justice announced the 16-count indictment on Wednesday.
Durachinsky is charged with violating the Computer Fraud and Abuse Act and the Wiretap Act, aggravated identity theft, and production of child pornography.
He allegedly created the Fruitfly malware to spy on Mac and Windows users between 2003 and 2017. An attorney for Durachinsky did not immediately respond to a request for comment.
According to the indictment, Durachinsky stole private credentials, tax, medical, and banking records, internet searches, photos and private communications. He allegedly used stolen usernames and passwords to access and download information from third-party sites.
“Durachinsky is further alleged to have watched and listened to victims without their knowledge or permission and intercepted oral communications taking place in the room where the infected computer was located,” the DOJ said in a press release. “In some cases, the malware alerted Durachinsky if a user typed words associated with pornography.”
He “regularly kept detailed notes” of what he saw, the indictment says.
Researchers found the Fruitfly malware last year. Patrick Wardle, chief research officer at Digita Security who discovered one strain of the malware infecting Macs, saw at least 400 infected computers.
Wardle, who makes free software security tools for Macs, assisted the FBI with its investigation.
He said the span of the hacking campaign was “mind-blowingly long,” and incredibly invasive. It also illustrated that even though Mac malware is less widespread than Windows, Apple products can still get infected with harmful tools, he said. Apple did not respond to a request for comment.
“This is in a way the worst case scenario,” Wardle said. “If my computer got hacked for ransom, that would suck. But something like this can be life-impacting in a horrible way. It’s nothing I’ve seen before.”