Nude Celebrity Photo Hacker Jailed

Whether you chose to call it “Celebgate” or refer to it by the rather crude moniker of “The Fappening”, there’s no doubt that the leaking on the Internet of private nude photographs of dozens of Hollywood stars was one of the biggest stories of 2014.

At least 50 celebrity Apple iCloud accounts and 72 Gmail inboxes were broken into by 36-year old Ryan Collins, from Lancaster, Pennsylvania, whose victims included Jennifer Lawrence, Kirsten Dunst, Avril Lavigne, Kate Hudson, and Rihanna.

So how did Collins do it? Well, he simply tricked celebrities and their acquaintances and staff into coughing up their email passwords, by sending them emails that appeared to come from Apple or Google.

Collins was also able, in some instances, to use custom software to download the entire iCloud backups of his victims in his quest for nude photographs.

This meant that even if celebrities had not shared their private intimate snaps via email, Collins was able to extract it from their iPhone’s online backup. And, of course, unlocking the email account of one celebrity inevitably reveals the contact details of other celebrities, opening opportunities for further attacks.

In a statement issued earlier this year, FBI assistant director David Bowdlich described some of the distress that Collins’ victims must have felt:

“By illegally accessing intimate details of his victims’ personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity. We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information.”

Interestingly, there is no evidence to suggest that Collins was the person who actually leaked the photographs onto the Internet, causing such a commotion. Instead, it appears that Collins was quite content phishing celebrities, and adding to his personal collection of nude photos from November 2012 until September 2014 when “The Fappening” occurred.

One of the victims, Hollywood star Jennifer Lawrence, was blunt in her opinions of the sites which chose to share the stolen photographs with their visitors:

“It is not a scandal. It is a sex crime. It is a sexual violation. It’s disgusting. The law needs to be changed, and we need to change. That’s why these Web sites are responsible. Just the fact that somebody can be sexually exploited and violated, and the first thought that crosses somebody’s mind is to make a profit from it. It’s so beyond me. I just can’t imagine being that detached from humanity.”

And now, Collins has been sent to prison for 18 months, leaving a wife and two young children without their father. Things could have been much worse for Collins and his family, if he had not agreed to a plea bargain with the authorities, it’s possible that he could have been sentenced to the maximum of five years in prison.

In all, the authorities identified over 600 victims of Ryan Collins including many members of the entertainment industry.

And it would be a brave person who bet money that a similar attack couldn’t happen in future, as we all know how easy it can be to trick people into unwittingly revealing their password through a carefully constructed phishing email.

Let’s hope that all of the stars exposed by “Celebgate” have learnt the valuable lesson of enabling multi-factor authentication to provide an additional layer of protection on their online accounts, and that regular civilians have also wised up that you should be protecting your online accounts with more than just a password.

The advice all Internet users to enable two step verification or two factor authentication on their accounts whenever available to increase their security.

The great thing about two-step verification and two-factor authentication is that it can help protect your data, even if your password is stolen by a criminal.

WeLiveSecurity

 

« Cybercrime in Canada
Inside Anonymous - ‘Civil War’ Over Its Fight With ISIS »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Firebrand

Firebrand

Firebrand is the leader in Accelerated Learning in the field of IT and project management.

Applicure Technologies

Applicure Technologies

Applicure Technologies develops the leading multi-platform web application security software products to protect web sites and web applications from external and internal attacks.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

7 Elements

7 Elements

7 Elements is an independent IT security testing company providing expertise in technical information assurance through security testing, incident response and consultancy.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

EU Joint Research Centre

EU Joint Research Centre

JRC is the European Commission's science and knowledge service which employs scientists to carry out research in order to provide independent scientific advice and support to EU policy.

Cyber NYC

Cyber NYC

Cyber NYC is a suite of strategic investments to grow New York City’s cybersecurity workforce, help companies drive innovation, and build networks and community spaces.

GV

GV

GV provides venture capital funding to bold new companies in the fields of life science, healthcare, artificial intelligence, robotics, transportation, cyber security and agriculture.

OnSecurity

OnSecurity

OnSecurity replaces the overhead of traditional penetration testing firms with a simple online interface, making it easy to book tests as and when needed.

AdvIntel

AdvIntel

AdvIntel is a next-generation threat prevention and loss prevention company launched by a team of certified investigators, reverse engineers, and security experts.

Bugv

Bugv

Bugv is a crowdsourcing cybersecurity platform powered by human intelligence where we connect businesses with cyber security experts, ethical hackers, bug bounty hunters from all around the world.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

Zerify

Zerify

Zerify offers the industry’s only video conferencing platform built with a zero-trust architecture to keep your meetings secure, private and business compliant.

Xobee Networks

Xobee Networks

Xobee Networks is a Managed Service Provider of innovative, cost-effective, and cutting-edge technology solutions in California.

ArmorPoint

ArmorPoint

ArmorPoint redefines the traditional approach to cybersecurity by combining network operations, security operations, and SIEM technology in one platform.