Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Yahoo! Crime Privacy Security The Courts

Former Yahoo Engineer Who Infiltrated 6,000 Accounts Avoids Jail (siliconvalley.com) 35

This week finally saw the federal sentencing of a former Yahoo software engineer who "admitted to using his access through his work at the company to hack into about 6,000 Yahoo accounts" back in 2018, according to America's Department of Justice: Ruiz admitted to targeting accounts belonging to younger women, including his personal friends and work colleagues. He made copies of images and videos that he found in the personal accounts without permission, and stored the data at his home. Once he had access to the Yahoo accounts, Ruiz admitted to compromising the iCloud, Facebook, Gmail, DropBox, and other online accounts of the Yahoo users in search of more private images and videos. After his employer observed the suspicious account activity, Ruiz admitted to destroying the computer and hard drive on which he stored the images.
He stopped working at Yahoo in July of 2018. The next month the FBI visited his home. He was indicted in April of 2019 and pleaded guilty in September — facing up to five years in prison and a $250,000 fine.

But it was not until this week that a federal court finally handed down its sentence for the "former Yahoo! engineer who hacked 6,000 accounts on a hunt for private sexual videos and pictures," according to one Bay Area newspaper.

The sentence? Five years of probation, with a home confinement condition: Reyes Daniel Ruiz, 35, of Tracy, is allowed to leave his home for "verified employment, medical needs and religious services," according to the sentencing terms. He has also been ordered to pay nearly $125,000 in fines and restitution, court records show...

He also accessed financial information, but his main goal was to steal pornographic files, prosecutors said. Assistant U.S. Attorney Daniel Kaleba asked for Ruiz to be sentenced to "a period of incarceration," arguing he'd violated not only the trust of his employee but the privacy of thousands of people. "By his estimation, he downloaded approximately two terabytes of data, and possessed between 1,000 and 4,000 private images and videos," Kaleba wrote in a sentencing memo.

The defense argued that Ruiz, who has no criminal history, deserved leniency because he accepted responsibility quickly. He admitted to destroying the hard drive where he stored the ill-gotten files when the FBI visited his home in August 2018. Ruiz told federal investigators that he acquired the pictures and videos for his own personal "self-gratification" and that he didn't share them online, a pre-sentence report says.

In October Gizmodo reported that Ruiz was now working for a Silicon Valley company specializing in SSO (single sign-on) solutions.
This discussion has been archived. No new comments can be posted.

Former Yahoo Engineer Who Infiltrated 6,000 Accounts Avoids Jail

Comments Filter:
  • by mschaffer ( 97223 ) on Saturday July 04, 2020 @12:39PM (#60261656)

    I'm guessing he hacked into all of the active Yahoo accounts at the time and then quit when he was done.

    • Lol, In a better world that would be true. But All AT&T email accounts are actually Yahoo accounts, so there are many.

    • The inactive accounts might be even better. He was looking for people's private data (mostly explicit content). People are more wary of how that stuff is handled these days but they may not have cleaned out an old Yahoo! account. And if the account was still liked to iCloud and other services, he would be able to reset the password without anybody noticing!
  • He's obviously a freak and a scumbag and violated the privacy of 6000 people.

    OTOH, I'm not in favor of people getting an extra 20 years just because a crime was committed "with a computer".

    I am shocked a security company hired him. Sorry, but no way someone so ethically empty would get a job at any of the companies I've been at. Zero chance.

    • If there were a practical way to do it I'd be tempted to make a wager on that particular matter.

      • You'd lose that bet. We do serious background checks and have bounced otherwise qualified candidates for serious ethical failures. Why is that so surprising? It's what most real companies do and a security company in particular should be very hardcore about.

        • I didn't realize that no true company would do that. I apologize for the misunderstanding.

          • I don't know what a true company is but ok, never mind. I've never had a job, even at a tiny startup, without a background check. Ethics problems (lying, theft, etc) are always a bounce. Systems people or devs with a history of destroying code or system or abusing their system access are always bounced. I thought this was common place.

            • I worked for Xerox once, the hiring process was extensive, involving 3 interviews over a couple of months. But surprisingly there was no background check required. Though they did have manditory annual training sessions for every employee on a wide range of ethical matters, and a policy where any sort of ethical problem had to be reported. They also had a ton of monitoring software on all machines to detect breeches etc.

        • by vlad30 ( 44644 )
          Sometimes the best way to improve a security system is to hire a burglar
    • I certainly wouldn't do business with someone who DID hire him, so hopefully that information becomes public.
      • He was hired by Okta. He worked there for about eight months until May/2019. Which was right around the time (within a month) of when he was indicted. Okta hired him while he had a clean record and was under no (known to them) investigation. However he left, he didn't work there once he was indicted.
    • by sjames ( 1099 )

      I am shocked a security company hired him.

      That does seem to be a real problem. A company that provides single sign on hiring someone with a criminal history of violating people's accounts...

      As for the penalty, he's avoided jail, but not confinement. It's not like he could be called free.

    • Re: (Score:3, Interesting)

      He's obviously a freak and a scumbag and violated the privacy of 6000 people.

      Perhaps. But he still shouldn't go to prison.

      Prison is for people that are a physical danger to society. For everyone else, there are are more appropriate punishments. For instance, we can put an ankle tracker on him, and then he can spend 60 hours per week cleaning bedpans at nursing homes for five years.

      One thing that bothers me about the George Floyd incident is that nobody is questioning why the police were arresting him in the first place. His offense (passing a counterfeit bill) was a non-violent

    • by rtb61 ( 674572 )

      What I found odd, was the missing prosecution. Each and every victim should have been a seperate charge, they should have been notified and have been legally enabled to seek damages for theft of their privacy. Something really wrong going on there, the lobbyists and corrupt lawyers hard at work. If they had done it to one person, that person would have been entitled to full justice, the legal harm, civil and criminal suffered. Just because it was over 6,000 why they fuck were they let off the fucking hook.

    • Sorry, but no way someone so ethically empty would get a job at any of the companies I've been at. Zero chance.

      How would you know in advance? Are you a mind reader in addition to being a blowhard?

  • Will "forced home detention" really mean anything much different from him than for the rest of us for some time? Almost like he's getting ant least six month of his sentence taken off.

    • by sjames ( 1099 )

      Try this: Get in your car and drive to a local park. You may or may not be required to wear a mask, but please take one with you at least in case you find yourself in a crowded situation. Find a nice spot and take a walk enjoying nature. Notice how the police aren't showing up to arrest you?

      • by hey! ( 33014 )

        Current guidance is that you don't need a mask for hiking either, but you should take one in case you find yourself in a situation where you have to interact with other people.

        I've been hitting the hiking trails two to three times a week since April, and virtually everybody has a mask and a majority of people just wear them all the time on the trail.

        • "a majority of people just wear them all the time on the trail" Not my experience. The vast majority of people I see do not have asks on. On a hot day in southern California hills like today a mask would make hiking much harder. I see some people put them on, mostly women, when they come across someone.
          • by hey! ( 33014 )

            Could be why California has seen a rise in cases.

            In my state we overran our rather large ICU bed capacity in April. People take it seriously here, and there are few significant pockets of people who have ideological objections to masks.

  • You can't beat it.

  • They gave this guy a break, so why not everyone else?

    https://www.ajc.com/news/crime... [ajc.com]

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...