CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

“Celebgate” Attacker Charged Over iCloud Photo Hacks

A Pennsylvania man was charged on Tuesday for accessing the Apple and Google email accounts of over 100 people, including several celebrities.

A Pennsylvania man was charged on Tuesday for accessing the Apple and Google email accounts of over 100 people, including several celebrities.

The man, 36-year-old Ryan Collins of Lancaster, Pennsylvania, was charged with felony computer hacking related to a phishing scheme that provided him with illegal access to said accounts. He managed to access at least 50 iCloud accounts and 72 Gmail accounts, most of which belonged to female celebrities.

Collins signed a plea agreement to plead guilty to a felony violation of the Computer Fraud and Abuse Act, the announcement from the Department of Justice (DoJ) reads. According to the plea agreement filed on Tuesday, Collins agreed to plead guilty to one count of unauthorized access to a protected computer to obtain information.

The man admitted to have engaged in the phishing scheme from November 2012 until the beginning of September 2014, which allowed him to obtain usernames and passwords for his victims. 

When the unsuspecting victims responded to his phishing emails, Collins was able to illegally access the victims’ e-mail accounts and to obtain personal information from them. He managed to grab nude photographs and videos, and even used software that allowed him to download the entire contents of the victims’ Apple iCloud backups, the plea agreement reveals.

In September 2014, the FBI launched an investigation after numerous iCloud accounts of celebrities were hacked and photographs of numerous female celebrities leaked online, and the charge against Collins stems from that investigation.

Apple at the time revealed that its iCloud system was not breached and said that the attack targeted user names, passwords and security questions. A few days later, the consumer tech giant also announced that it would  ramp up the security of the iCloud service.

However, it appears that there was no evidence that Collins was linked to the actual leaks, nor that he uploaded the information he obtained.

Advertisement. Scroll to continue reading.

The DoJ also announced that, although the man was charged in Los Angeles, the case will be transferred to Harrisburg in the Middle District of Pennsylvania, near Collins’ home, for the entry of his guilty plea and sentencing.

Collins faces a statutory maximum sentence of five years in federal prison, but the parties have agreed to recommend a prison term of 18 months, although the recommendation will not be binding on the sentencing judge.

“By illegally accessing intimate details of his victims’ personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity. We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information,” David Bowdich, the Assistant Director in Charge of the FBI’s Los Angeles Field Office, said.

In December 2015, 23-year-old Alonzo Knowles, aka “Jeff Moxey,” was charged for using malware and phishing to gain access to the email accounts of celebrities. Last month, Andrew Helton, 29, of Portland, pleaded guilty to a felony computer hacking charge and admitted to hacking the Apple and Gmail accounts of 363 people, including several celebrities.

The criminal complaint filing can be read here

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.