MySpace Scam: Teens Arrested for Extortion

The chime of $150,000 would sound pretty sweet to a pair of teenagers, and MySpace exploit codes allegedly played the tune. Shaun Harrison, 18, and Saverio Mondelli, 19, from Suffolk County, N.Y. were arrested in a sting operation last week in Los Angeles for allegedly orchestrating the entire scam.

Scamming 70 Million Users

MySpace is an extremely popular community website that offers its users “home pages”. Recently the website, owned by News Corp., announced that their membership had broken 70 million (some estimates point to around 78 million active users). These members place everything from music video clips to poetry on their home pages, and trust the company behind them to keep personal information secure.

This is where the alleged crime begins. Late last year, Harrison and Mondelli are believed to have taken advantage of a flaw in the MySpace website. This flaw allowed the teens to gather personal information on any of those 70 million+ users, and when the intrustion was found, MySpace reacted swiftly to block the exploit and report Harrison and Mondelli to authorities.

During the investigation, which Harrison and Mondelli were apparently not aware of, further threats were made to MySpace owners that new exploit code would be released unless the teens weere paid $150,000. Authorities set up a sting operation that involved meeting with the pair from New York in Los Angeles; Harrison and Mondelli believed they were meeting with execs from MySpace, but were actually offering their threats to undercover officers from the U.S. Secret Service and the Los Angeles District Attorney’s Bureau of Investigation.

The arrests of Harrison and Mondelli have produced charges of multiple felony counts, including illegal computer access, sending a threatening letter for extortion, and attempted extortion. The teens are facing a minimum of 4 years in prison if convicted, according to Jane Robinson, press secretary for the L.A. District Attorney’s Office. Both Harrison and Mondelli were arraigned this week and plead not guilty to the charges; the preliminary hearing is scheduled for June 5.

Further investigation has shown that the teens, both programmers, operated a website called “”, which works as a storefront for SpyFuse, a tool that manipulates MySpace code. Statements on the website say that the tool is currently unavailable due to “unexpected legal complication.”

Phishing on MySpace

Harrison and Mondelli are just the latest of the scam battles MySpace has been involved in. Highly popular with teens because of its easy sharing of jokes, gossip, photos, and videos, phishing scams are reportedly threatening teens’ – and their parents’ – financial information.

The way that a phishing scam works is that a con artist creates a copycat website, realistic looking in every way, and tricks people into signing in on that website. Once the user has signed in, their computer can be infected with keystroke logging software that will capture every credit card and bank account number they use. This information is then turned around and sold – online, your entire identity can go for as little as $20 according to Todd Davis, CEO of LifeLock, a company that sells identity theft prevention services.

Leave a Reply

Your email address will not be published. Required fields are marked *

× 8 = forty