NYPD detective charged with hacking

[Erica Absetz <erica () riskbasedsecurity com>]

Edwin Vargas, a detective with the New York City Police Department
(NYPD) has been arrested on hacking charges.  Vargas was arrested this
morning outside his residence in Bronxville, New York.

Manhattan U.S. Attorney Preet Bharara said, “As alleged, Detective
Edwin Vargas paid thousands of dollars for the ability to illegally
invade the privacy of his fellow officers and others. He is also
alleged to have illegally obtained information about two officers from
a federal database to which he had access based on his status as an
NYPD detective. When law enforcement officers break the laws they are
sworn to uphold, they do a disservice to their fellow officers, to the
department, and to the public they serve, and it will not be
tolerated.”

FBI Assistant Director in Charge George Venizelos said,  “As alleged,
the defendant illegally acquired log-in information for the e-mail
accounts of dozens of people, including police department co-workers.
Of all places, the police department is not a workplace where one
should have to be concerned about an unscrupulous fellow employee.
Unlike the e-mail accounts, the defendant didn’t need to pay anyone to
gain access to the NCIC database. But access is not authorization, and
he had no authorization.”

According to the complaint unsealed today in Manhattan federal court:

Between March 2011 and October 2012, Vargas, an NYPD detective
assigned to a precinct in the Bronx, hired an e-mail hacking service
to obtain log-in credentials, such as the password and username, for
certain e-mail accounts. In total, Vargas purchased at least 43
personal e-mail accounts and one cellular phone belonging to at least
30 different individuals, including 21 who are affiliated with the
NYPD; of those 21, 19 are current NYPD officers, one is a retired NYPD
officer, and one is on the NYPD’s administrative staff.

After receiving the log-in credentials he had purchased from the
e-mail hacking services,Vargas accessed at least one personal e-mail
account belonging to a current NYPD officer. He also accessed an
online cellular telephone account belonging to another victim. Vargas
paid a total of more than $4,000 to entities associated with the
e-mail hacking services.

An examination of the contents of the hard drive from Vargas’ NYPD
computer revealed, among other things, that the Contacts section of
his Gmail account included a list of at least 20 e-mail addresses,
along with what appear to be telephone numbers, home addresses, and
vehicle information corresponding to those e-mail addresses, as well
as what appear to be the passwords for those e-mail addresses.

Vargas also accessed the National Crime Information Center (NCIC)
database, a federal database, to obtain information about at least two
NYPD officers without authorization.

The e-mail accounts of those two officers were among the e-mail
accounts Vargas paid the e-mail hacking services to hack into so he
could obtain log-in credentials.

Vargas, 42, of Bronxville, New York, is charged with one count of
conspiracy to commit computer hacking and one count of computer
hacking. Each count carries a maximum sentence of one year in prison.

Source: FBI
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.