One of the Celebgate hackers pleads guilty to phishing iCloud and Google logins
March 18, 2016
Shah Sheikh (1294 articles)

One of the Celebgate hackers pleads guilty to phishing iCloud and Google logins

A cyber-intruder who infiltrated celebrities’ iCloud accounts during the Celebgate nude-photo-theft scandal of 2014 has pleaded guilty to felony charges of computer hacking.

According to a statement from the US Attorney’s Office for the Central District of California, Ryan Collins, 36, of Lancaster, Pennsylvania, signed a plea agreement on Tuesday and agreed to plead guilty to a felony violation of the Computer Fraud and Abuse Act (CFAA).

He also agreed to plead guilty to one count of unauthorized access to a protected computer to obtain information.

As the government describes it, Collins snagged the celebrities with a phishing scheme that gave him illegal access to over 100 Apple and Gmail email accounts.

The statement didn’t specify the affected celebrities, but we know that the massive leak of nude photos included Jennifer Lawrence, Kate Upton, Gabrielle Union, Kim Kardashian, and Kirsten Dunst, among dozens of other female celebrities.

The US Attorney’s Office said that according to the plea agreement, from November 2012 until the beginning of September 2014, Collins sent phishing emails that looked like they were from Apple or Google.

The emails asked victims to provide usernames and passwords.

When his victims complied, Collins used their login credentials to access their email accounts, from which he stole nude photos and videos. He also used an unspecified application to download the entire contents of their Apple iCloud backups.

The Feds said that the charges against Collins stem from an investigation into the Celebgate leak.

That investigation is ongoing, but so far, investigators haven’t uncovered any evidence linking Collins to the actual leaks. Specifically, they haven’t found evidence of Collins having shared or uploaded the stolen images.

He illegally accessed at least 50 iCloud accounts and 72 Gmail accounts.

Celebgate victims went on the record to describe that they were violated not only by the theft, but by the jeering that followed.

Union had this to say in an essay she wrote for Cosmopolitan in late 2014:

I didn’t like the public perception of this scandal – that we were just a bunch of narcissistic, sexually deviant celebrities who got what we deserved for being dumb. No one deserves to have a private moment stolen, whether it’s a photo, text, or email. Everyone has intimate parts of their life they don’t want the public to see.

In the aftermath of the photo theft, everything felt “tainted,” she said:

On Instagram, people tell me they’ve seen me naked. Walking into my favorite pizza place, I wonder who has seen the photos and what they are thinking. It’s part of daily life now.

Lawrence told Vanity Fair in a November 2014 article that the invasion of privacy wasn’t just a scandal.

It’s a sex crime, she said, and the sites where the stolen images were swapped – 4Chan and Reddit – should be held legally accountable.

David Bowdich, the Assistant Director in Charge of the FBI’s Los Angeles Field Office, talked about the impact on victims in the statement from the US Attorney’s Office:

By illegally accessing intimate details of his victims’ personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity.

We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information.

Collins isn’t the first to attract investigators’ attention in their ongoing work to uncover the culprits behind Celebgate.

Last June, the FBI raided the Chicago home of Emilio Herrera, alleging that he had breached thousands of private iCloud accounts.

In January, Gawker reported that the feds had raided yet another Chicago home in October 2014: that of Ed Majerczyk.

Court documents fingered Majerczyk, another Chicago man with a similar laundry list of cloud-based invasions, as its top suspect in the Celebgate investigation.

Charges haven’t been filed against either of the Chicago men.

Prosecutors and Collins’ defense team agreed to recommend that he face a prison term of 18 months. The maximum sentence for his crimes is five years in federal prison.

Source | NakedSecurity