A California resident has admitted to creating a computer program that allowed him to illegally connect to various personal computers, including one linked to a Walt Disney Company employee, which ultimately gave him access to the entertainment giant’s internal files.
Ryan Kramer, 25, of Santa Clarita entered a guilty plea this week to two federal computer hacking charges, the U.S. Department of Justice said in a press release on Thursday.
Federal investigators say Kramer created a program that claimed to generate artwork using artificial intelligence, but which actually included malicious code that allowed him to break into other computers connected to the Internet.
In early 2024, Kramer uploaded his finished program to GitHub, a developer platform owned by Microsoft. Then, he waited for people to download his program and start using it, at which point he would have unfettered access to their computers.
At some point, a Disney employee downloaded the program from GitHub. Kramer broke into the victim’s computer, and ultimately gained access to an internal Slack group used by Disney to discuss internal, non-public matters, federal prosecutors said.
Kramer used his illegal access to download more than 1 terabyte of chat logs, files and other proprietary data. He then attempted to extort Disney by contacting the victim while pretending to be a Russian hacker associated with a group called “NullBulge,” which didn’t actually exist.
Kramer ultimately leaked the victim’s personal medical and financial records online, and did the same with some of Disney’s files. The breach convinced Disney to move away from Slack for its internal communications. Slack is owned by SalesForce.
It wasn’t clear from the DOJ’s press release how much prison time, if any, Kramer could receive as part of his plea agreement. Prosecutors said Kramer admitted that two other victims also used his program, and the FBI is investigating those cases separately.
