Phillip R. Durachinsky, a 28-year-old from North Royalton, Ohio, has been charged with using malicious computer software to steal information and spy on thousands of victims over the course of 13 years.

According to an indictment filed in the United States District Court in Cleveland, Durachinsky is charged with 16 counts of criminal activity including Computer Fraud and Abuse Act violations, Wiretap Act violations, production of child pornography and aggravated identity theft.

Durachinsky allegedly created a piece of spyware called Fruitfly to perform the majority of his crimes. Fruitfly is a notorious piece of malware first discovered in the wild by security researchers in 2017—but had apparently been in use for years prior to its discovery.

Fruitfly can infect Mac and Linux machines (a variant has also been discovered for Windows machines) and is particularly adept at performing invasive actions on a victim’s machine. The malware is capable of taking screenshots of anything on the screen of an infected machine, turning on the webcam and microphone to record and hijacking inputs from the keyboard and mouse and modify files on the machine.

An analysis of Fruitfly done last year by Patrick Wardle, the chief security researcher at security firm ‎Synack and a former NSA hacker, determined that 90 percent of the victims of the spyware were located in the U.S. Wardle theorized at the time that the attack was the work of a single hacker using the tool to spy on people.

It appears that analysis was proven to be correct and Durachinsky is believed to be the lone hacker distributing the attack. According to the Department of Justice, Fruitfly was used to invade machines of individuals, companies, schools including Case Western Reserve University, a police department and a subsidiary of the U.S. Department of Energy, among other targets.

Durachinsky used the malware to steal personal information from victims including passwords and login credentials, tax records, medical records, banking information, personal photographs, internet searches and communications with others.

Over the course of the 13 years Durachinsky was using Fruitfly, he reportedly saved millions of images of his victim’s information and kept detailed notes about user activity. At one point, he automated some of his spying by creating an alert that would notify him if a user typed words associated with pornogrpahy or other explicit activity.

It is believed that Durachinsky used logins stolen during his spying to hack into accounts belonging to his victims and steal additional information. It is also possible that he sold stolen images and data online.

“For more than 13 years, Phillip Durachinsky allegedly infected with malware the computers of thousands of Americans and stole their most personal data and communications,” Acting Assistant Attorney General John P. Cronan said. “This case is an example of the Justice Department’s continued efforts to hold accountable cybercriminals who invade the privacy of others and exploit technology for their own ends.”

RELATED STORIES
Security Security Malware Department of justice