Nude Celebrity Photo Hacker Jailed

Whether you chose to call it “Celebgate” or refer to it by the rather crude moniker of “The Fappening”, there’s no doubt that the leaking on the Internet of private nude photographs of dozens of Hollywood stars was one of the biggest stories of 2014.

At least 50 celebrity Apple iCloud accounts and 72 Gmail inboxes were broken into by 36-year old Ryan Collins, from Lancaster, Pennsylvania, whose victims included Jennifer Lawrence, Kirsten Dunst, Avril Lavigne, Kate Hudson, and Rihanna.

So how did Collins do it? Well, he simply tricked celebrities and their acquaintances and staff into coughing up their email passwords, by sending them emails that appeared to come from Apple or Google.

Collins was also able, in some instances, to use custom software to download the entire iCloud backups of his victims in his quest for nude photographs.

This meant that even if celebrities had not shared their private intimate snaps via email, Collins was able to extract it from their iPhone’s online backup. And, of course, unlocking the email account of one celebrity inevitably reveals the contact details of other celebrities, opening opportunities for further attacks.

In a statement issued earlier this year, FBI assistant director David Bowdlich described some of the distress that Collins’ victims must have felt:

“By illegally accessing intimate details of his victims’ personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity. We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information.”

Interestingly, there is no evidence to suggest that Collins was the person who actually leaked the photographs onto the Internet, causing such a commotion. Instead, it appears that Collins was quite content phishing celebrities, and adding to his personal collection of nude photos from November 2012 until September 2014 when “The Fappening” occurred.

One of the victims, Hollywood star Jennifer Lawrence, was blunt in her opinions of the sites which chose to share the stolen photographs with their visitors:

“It is not a scandal. It is a sex crime. It is a sexual violation. It’s disgusting. The law needs to be changed, and we need to change. That’s why these Web sites are responsible. Just the fact that somebody can be sexually exploited and violated, and the first thought that crosses somebody’s mind is to make a profit from it. It’s so beyond me. I just can’t imagine being that detached from humanity.”

And now, Collins has been sent to prison for 18 months, leaving a wife and two young children without their father. Things could have been much worse for Collins and his family, if he had not agreed to a plea bargain with the authorities, it’s possible that he could have been sentenced to the maximum of five years in prison.

In all, the authorities identified over 600 victims of Ryan Collins including many members of the entertainment industry.

And it would be a brave person who bet money that a similar attack couldn’t happen in future, as we all know how easy it can be to trick people into unwittingly revealing their password through a carefully constructed phishing email.

Let’s hope that all of the stars exposed by “Celebgate” have learnt the valuable lesson of enabling multi-factor authentication to provide an additional layer of protection on their online accounts, and that regular civilians have also wised up that you should be protecting your online accounts with more than just a password.

The advice all Internet users to enable two step verification or two factor authentication on their accounts whenever available to increase their security.

The great thing about two-step verification and two-factor authentication is that it can help protect your data, even if your password is stolen by a criminal.

WeLiveSecurity

 

« Cybercrime in Canada
Inside Anonymous - ‘Civil War’ Over Its Fight With ISIS »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

CERT-SE

CERT-SE

CERT-SE is the national and governmental Computer Security Incident Response Team of Sweden.

Ekran System

Ekran System

Ekran System is an advanced insider threat detection solution for companies of any size.

Aspen Insurance

Aspen Insurance

Aspen is a leading diversified specialty insurance and reinsurance company. Products offered include cyber insurance.

PhishX

PhishX

PhishX is a SaaS platform for security awareness that simulates Cyberthreats, train people, while measure and analysis results, reducing Cybersecurity risks for People and Companies.

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute at Northern Michigan University offers non-degree and industry credentials relevant to emerging careers in cybersecurity.

Templar Shield

Templar Shield

Templar Shield is a premier information security, risk and compliance technology professional services firm serving North America.

IDX

IDX

IDX is the leading consumer privacy platform built for agility in the digital age.

VikingCloud

VikingCloud

VikingCloud (formerly Sysnet Global Solutions) offers organizations an integrated cybersecurity and compliance solution to make informed, predictive, and cost-effective risk mitigation and prevention

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.

Inetum

Inetum

Inetum (formerly Gfi Informatique) is an agile IT services providing digital services and solutions, and a global group that helps companies and institutions to get the most out of digital flow.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

Stronger International

Stronger International

Stronger International provides expert cyber services and training to organizations and individuals to enhance IT and security knowledge.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

Metmox

Metmox

Metmox mission is to be trusted advisor and partner to protect our customer’s evolving Cloud, Network, Application, IT infrastructure and cybersecurity needs.

Verinext

Verinext

Verinext delivers transformative business technology, from intelligently automating time-consuming tasks and protecting data assets to securing infrastructure and improving customer experiences.