California Man Pleads Guilty to Hacking Disney Employee Using Fake AI Software

In a rare and alarming case of cybercrime involving artificial intelligence, a 25-year-old man from California has pleaded guilty to hacking a Walt Disney Company employee by using a fake version of a popular AI tool.

According to a press release from the U.S. Attorney’s Office for the Central District of California, the accused, Ryan Mitchell Kramer, admitted to uploading a malware-infected copy of an open-source image generator called ComfyUI. He falsely named it ComfyUI_LLMVISION and presented it as an upgrade to improve AI-generated artwork.

The malicious software, once downloaded, allowed Kramer to steal passwords, payment details, sensitive files, and other personal information from victims’ computers. He used the online alias "NullBulge" and hosted the fake software on GitHub. The stolen data was secretly sent to a Discord server controlled by Kramer.

To hide his actions, Kramer used misleading file names that referenced trusted AI companies like OpenAI and Anthropic. The attack came to light in April 2024, when a Disney employee unknowingly downloaded the malware. Kramer then gained access to Disney’s private Slack channels and stole approximately 1.1 terabytes of sensitive data. This included internal company files, creative projects, and personal employee information.

In July 2024, Kramer reportedly pretended to be a member of a hacktivist group and contacted the Disney employee, possibly in an attempt to threaten or manipulate them. When he received no response, he leaked the stolen data online. Some of the information released included the victim’s financial and medical records.

Kramer pleaded guilty to two federal crimes: unauthorized access to a protected computer and threatening to damage a protected computer. These charges carry serious penalties under U.S. law. The FBI is continuing its investigation and has identified at least two more victims who downloaded the infected software.

Cybersecurity experts have urged users to be cautious when downloading tools from public platforms like GitHub. They recommend checking the authenticity of the software and reviewing its code, especially when it appears to be linked to popular programs like ComfyUI.

Kramer is expected to appear in court in the coming weeks. If convicted, he could face a lengthy prison sentence, significant fines, and restrictions on his future use of computers.