PLATTSBURGH — Federal prosecutors are pushing to sentence SUNY Plattsburgh alumnus Nicholas Faber to up to four years in prison for hacking into students’ accounts and stealing explicit and compromising photos, according to court documents.
Faber, 25, of Rochester, pleaded guilty to aggravated Identity theft and computer intrusion causing damage offenses in February, saying he broke into at least 10 student accounts and attempted to access more than two dozen of them, starting when he was a student at SUNY Plattsburgh in 2017, documents said.
“A significant term of imprisonment is necessary to send a strong message that the defendant’s conduct — which will forever haunt and embarrass his victims in countless ways, including their lives as professionals, daughters, friends, wives, and mothers — is illegal, cruel, and intolerable,” prosecutors said in court documents, arguing for a sentence of 42 to 48 months with one to three years of supervised release.
Faber also admitted to requesting stolen photos and videos from 50 different accounts, which included accounts owned by people he knew, from others who had the ability to hack into them, his plea agreement said.
In one case, Faber received more than a dozen stolen photos of a former high school classmate, court documents said.
According to court documents, Faber said he had a preference for photos and videos from student athletes. He was on the SUNY Plattsburgh track and field team for the 2014-15 and 2015-16 seasons.
Prosecutors said Faber showed a “stunning callousness towards his victims,” citing multiple conversations between him and Michael P. Fish, another SUNY Plattsburgh alumnus who also admitted to stealing students’ personal photos and videos, records show.
CALLED THEM ‘WINS’
One conversation detailed how Faber asked Fish to keep sending nude photos so he could continue making collages that would put comprising photos they stole next to public ones, such as graduation pictures, saying “I like doing em haha,” and “never knew how dirty she is.”
Faber also celebrated stealing photos and videos, calling them “wins” and would trade them with others, court documents said.
“The defendant’s conduct was repugnant and resulted in significant harms that cannot be undone. The Court’s sentence should send a clear message: this type of criminal activity — which is pervasive online as entire websites and forums are dedicated to stealing and trading materials in this vein — carries equally tangible consequences for those who commit it. The requested sentence will do just that,” prosecutors said in court documents.
According to his plea agreement, Fish would gain access to student accounts by a variety of means. One included using a password reset feature on students’ emails. After successfully answering security questions, Fish was able to access their SUNY Plattsburgh email accounts. If the students had their school email linked to their private iCloud, Snapchat, Facebook and Google accounts, Fish was able to gain access to those too.
Faber admitted that he later used the same methods Fish used to hack into students’ emails.
REQUESTED TWO YEARS
Faber’s attorney, James S. Wolford of Gallo & Iacovangelo LLP, a Rochester-based firm, requested his client receive the minimum sentence of two years in prison, arguing Faber played a minimal role in the scheme.
“Besides the underlying criminal conduct, Nick has excellent qualities and characteristics,” Wolford argued in court documents.
“A sentence of 24 months would promote the respect for the law, provide just punishment for the offense, reflect the seriousness of the offense.”
Faber is scheduled to be sentenced Aug. 19 before U.S. District Judge Mae A. D’Agostino.
Fish is scheduled to be sentenced Nov. 3.
As a part of his plea agreement, Faber agreed to pay $35,430.85 to SUNY Plattsburgh in restitution for its efforts in “remedying and investigating account lock outs” caused by unauthorized password resets, implementing measures to prevent Faber and Fish from accessing its network through virtual private networks, which were used to conceal their IP addresses, conducting a damage assessment, notifying victims, consulting with experts and attorneys and restoring compromised data.
Email Fernando Alba: