Disney Hacker Busted After AI Tool Scam Exposed—1.1TB of Data Stolen in Massive Cyber Breach
A shocking case of cybercrime has come to light, involving a 25-year-old California resident who pleaded guilty to hacking into a Walt Disney Company employee using a malicious version of an in-demand AI image-making program. The hack resulted in the theft of more than one terabyte of sensitive business and personal information.
According to court filings, Ryan Mitchell Kramer, who used the handle NullBulge online, published a spoofed version of ComfyUI, an open-source image generator, under the fake name ComfyUI_LLMVISION. Posing as an add-on to improve AI-created artwork, the software was riddled with malware that could steal passwords, payment details, and sensitive files.
Kramer hosted the software on GitHub, a popular platform for developers to share their work. Unbeknownst to its victims, innocent users who downloaded the imitation app did so unknowingly, thereby granting Kramer complete control over their computers. The malware was coded to send data secretly to a Discord server that Kramer maintained.
To conceal the scam, Kramer employed misleading file names invoking the names of well-established AI firms, such as OpenAI and Anthropic. This level of sophistication highlights the evolving tactics used by cybercriminals to deceive users.
The Incident Unfolds
The incident was discovered when one of Disney's employees downloaded the malware in April 2024. Once in, Kramer hacked into private Slack channels belonging to Disney, finally stealing around 1.1 TB of sensitive information. This included corporate internal files, creative material, and sensitive employee information.
Last July, Kramer impersonated a hacktivist group member and reached out to the employee, probably to manipulate or frighten them. With no response from the employee, Kramer took the matter to the public by leaking the stolen data. Some of the hacked information included the victim's financial records, medical records, and personal details.
FBI Investigation Continues
Kramer pleaded guilty to two federal charges, including accessing a protected computer and obtaining information, and threatening to destroy a protected computer. These are severe crimes under federal law, and the FBI continues its investigation.
Court filings establish that two other victims also installed the tainted software, resulting in unauthorized access to their systems.
Cybersecurity Concerns Rise
The incident highlights the growing concern over cybersecurity when it comes to open-source tools. While applications like ComfyUI are well-established in design and developer circles as being safe to use, this incident reminds us how popular programs can be manipulated. The altered version of ComfyUI was cleverly disguised, drawing attention to how hackers are now leveraging AI's popularity to spread advanced malware.
Experts warn developers and users alike to verify the authenticity of downloaded tools and inspect code before use, especially when hosted on public repositories like GitHub. The incident serves as a reminder that even well-established programs can be vulnerable to manipulation, and vigilance is crucial in protecting sensitive information.
Potential Consequences
Kramer will be making his initial court appearance in the weeks ahead. If convicted, he faces substantial prison time, heavy fines, and extended computer use restrictions. The incident serves as a cautionary tale for all parties involved, highlighting the importance of staying vigilant against potential cyber threats.