Phillip R. Durachinsky Indicted for FruitFly Malware
January 11, 2018
Ohio man was charged in a 16-count indictment today for
allegedly creating and installing malware on thousands of
computers for more than 13 years in order to watch, listen to,
and obtain personal data from unknowing victims, as well as
produce child pornography.
Phillip R. Durachinsky, 28, of North Royalton, Ohio, was charged
with Computer Fraud and Abuse Act violations, Wiretap Act
violations, production of child pornography, and aggravated
According to the indictment, Durachinsky is alleged from 2003
through Jan. 20, 2017, to have orchestrated a scheme to access
thousands of protected computers owned by individuals,
companies, schools, a police department, and the government,
including one owned by a subsidiary of the U.S. Department of
Energy. He is alleged to have developed computer malware later
named “Fruitfly” that he installed on computers and that enabled
him to control each computer by accessing stored data, uploading
files, taking and downloading screenshots, logging a user’s
keystrokes, and turning on the camera and microphone to
surreptitiously record images and audio.
As alleged in the indictment, Durachinsky used the malware to
steal the personal data of victims, including their logon
credentials, tax records, medical records, photographs, banking
records, Internet searches, and potentially embarrassing
communications. According to the indictment, Durachinsky used
stolen logon credentials to access and download information from
Durachinsky is further alleged to have watched and listened to
victims without their knowledge or permission and intercepted
oral communications taking place in the room where the infected
computer was located. In some cases, the malware alerted
Durachinsky if a user typed words associated with pornography.
According to the indictment, Durachinsky saved millions of
images and often kept detailed notes of what he saw.
“For more than 13 years, Phillip Durachinsky allegedly infected
with malware the computers of thousands of Americans and stole
their most personal data and communications,” said Acting
Assistant Attorney General Cronan. “This case is an example of
the Justice Department’s continued efforts to hold accountable
cybercriminals who invade the privacy of others and exploit
technology for their own ends.”
defendant is alleged to have spent more than a decade spying on
people across the country and accessing their personal
information,” said First Assistant U.S. Attorney Sierleja.
“Durachinsky is alleged to have utilized his sophisticated cyber
skills with ill intent, compromising numerous systems and
individual computers,” said Special Agent in Charge Anthony.
“The FBI would like to commend the compromised entities that
brought this to the attention of law enforcement authorities. It
is this kind of collaboration that has enabled authorities to
bring this cyber hacker to justice.”
The charges in the indictment are merely allegations, and the
defendant is presumed innocent unless proven guilty beyond a
reasonable doubt in a court of law.
The case was investigated by the FBI. This case is being
prosecuted by Senior Counsel Brian L. Levine of the Criminal
Division’s Computer Crime and Intellectual Property Section and
Assistant U.S. Attorneys Daniel J. Riedl, Michelle M. Baeppler
and Om M. Kakani of the Northern District of Ohio.