Hacker who targeted celebrity Apple and Google accounts sentenced six months in prison

Posted:
in General Discussion edited July 2016
An Oregon man who earlier this year pleaded guilty to hacking into Apple and Google email accounts, including a number owned by unnamed celebrities, was sentenced to six months in prison this week.




In February, Andrew Helton pleaded guilty to stealing some 161 personal photos from 13 people after waging a two-year phishing campaign for user credentials, reports Los Angeles Times. U.S. District Judge John A. Kronstadt handed down the sentence on Thursday.

Details of Helton's technique were not disclosed, though prosecutors said victims received account verification emails they believed were from Apple and Google. The messages included a link to a malicious webpage posing as a legitimate account login portal. From 2011 until his arrest in 2013, Helton used the scheme to gain login and password information for 363 email accounts, including prominent individuals in the entertainment industry.

In a court filing seen by ABC News, U.S. Attorney Stephanie S. Christensen said the hacker "targeted, baited, and hooked" strangers, acquaintances and celebrities, with an endgame of gleaning nude and intimate images "for personal use." The pictures never made their way into the public realm, court documents said.

Helton said he regrets his actions, explaining that a bipolar disorder triggered the phishing attack. Court documents show Helton has been in treatment for the mental disorder since his arrest.

Helton's case predates the high-profile iCloud and Google account hack dubbed "Celebgate," so named for the resulting leak of nude photos stolen from celebrities like Jennifer Lawrence and Kate Upton. Two men who pleaded guilty to perpetrating the wide-ranging phishing scheme said they also used phony emails to trick targets into providing login credentials, but for cloud storage services run by Apple and Google.
«1

Comments

  • Reply 1 of 23
    Celebgate... Nobody really called it that except media prudes that couldn't bear to get their heads around calling it "The Fappening"...
    Deelronstevehdysamoria
  • Reply 2 of 23
    jfc1138jfc1138 Posts: 3,090member
    Social engineering is close to impossible to stop unless TouchID is the only gateway to anything. . 
    nostrathomas
  • Reply 3 of 23
    mac fanmac fan Posts: 87member
    The guy's lucky the judge cut him some slack- six months instead of five years. He should have at least done a year and three years probation.
    ronnDeelronmac_dogdysamoriajony0
  • Reply 4 of 23
    glynhglynh Posts: 130member
    "Helton said he regrets his actions, explaining that a bipolar disorder triggered the phishing attack. Court documents show Helton has been in treatment for the mental disorder since his arrest."

    Like that doesn't sound 'convenient'?

    Let's blame a medical condition that you only start treatment for after you have been caught.

    He should have got a stronger sentence IMHO. Not much of a disincentive to others is it really...
    radarthekatlkruppronnanantksundaramjony0
  • Reply 5 of 23
    Rayz2016Rayz2016 Posts: 4,556member
    glynh said:
    "Helton said he regrets his actions, explaining that a bipolar disorder triggered the phishing attack. Court documents show Helton has been in treatment for the mental disorder since his arrest."

    Like that doesn't sound 'convenient'?

    Let's blame a medical condition that you only start treatment for after you have been caught.

    He should have got a stronger sentence IMHO. Not much of a disincentive to others is it really...
    That sounds like a rather specific symptom for a bipolar disorder. A bit like me saying I have an eating disorder which only pertains to key lime cheesecake. 
    robertwalterDeelronanantksundaram
  • Reply 6 of 23
    VisualSeedVisualSeed Posts: 217member
    That's how you take one for the team....
  • Reply 7 of 23
    mac fanmac fan Posts: 87member
    Rayz2016 said
    That sounds like a rather specific symptom for a bipolar disorder. A bit like me saying I have an eating disorder which only pertains to key lime cheesecake. 
    That's not a disorder. That's a feature!


    He had a bi-polar episode that lasted two years, forcing him to engage in phishing attacks? Maybe the judge should have a psych-eval. It's not clear to me if he was convicted of a felony or just charged with one. He should have been sentenced to a year and a day.
  • Reply 8 of 23
    SoliSoli Posts: 8,549member
    jfc1138 said:
    Social engineering is close to impossible to stop unless TouchID is the only gateway to anything. . 
    2FA greatly reduces the ability for someone to hack into an account with a weak or compromised password.
  • Reply 9 of 23
    Rayz2016 said:
    glynh said:
    "Helton said he regrets his actions, explaining that a bipolar disorder triggered the phishing attack. Court documents show Helton has been in treatment for the mental disorder since his arrest."

    Like that doesn't sound 'convenient'?

    Let's blame a medical condition that you only start treatment for after you have been caught.

    He should have got a stronger sentence IMHO. Not much of a disincentive to others is it really...
    That sounds like a rather specific symptom for a bipolar disorder. A bit like me saying I have an eating disorder which only pertains to key lime cheesecake. 
    Key lime cheesecake is both a delicious and terribly insidious thing. 
    edited July 2016 ronn
  • Reply 10 of 23
    maestro64maestro64 Posts: 4,453member
    At least this nut case took to stealing pictures verse picking up a gun and shooting people. When is the government going start protecting people from the people with mental issues. 
  • Reply 11 of 23
    focherfocher Posts: 638member
    glynh said:
    "Helton said he regrets his actions, explaining that a bipolar disorder triggered the phishing attack. Court documents show Helton has been in treatment for the mental disorder since his arrest."

    Like that doesn't sound 'convenient'?

    Let's blame a medical condition that you only start treatment for after you have been caught.

    He should have got a stronger sentence IMHO. Not much of a disincentive to others is it really...
    Well, there's an increasing amount of evidence showing that prison doesn't act as a deterrent anyway.  It's mostly effective purely as a tool that makes it impossible for that individual to commit crimes while locked up.  The idea of a rational actor in regards to committing crime is pretty much known as untrue.
    baconstangdysamoriadrunkzombie
  • Reply 12 of 23
    VisualSeedVisualSeed Posts: 217member
    jfc1138 said:
    Social engineering is close to impossible to stop unless TouchID is the only gateway to anything. . 
    Apple's latest implementation of 2 factor authentication is pretty solid. I'm sure there is probably some obscure way to circumvent it but if it were made mandatory, 99.9% of the phishing campaigns would be ineffective. The best way is to not give users a convenient (or any) way to opt out. Making security easier to use makes it more prevalent. I imagine Touch ID alone being so easy to implement and user-friendly actually got people to lock their phones who otherwise would have not even set a pin code. It's probably saved more relationships than people realize. The next step is to make 2 factor the norm and the default authentication method. That way everyone uses it and they don't feel the stigma of being thought to being paranoid of having something to hide.
    dysamoria
  • Reply 13 of 23
    mac_dogmac_dog Posts: 649member
    maestro64 said:
    At least this nut case took to stealing pictures verse picking up a gun and shooting people. When is the government going start protecting people from the people with mental issues. 
    The government? Are you kidding? They're too busy praying.

    The inmates are running the asylum.
  • Reply 14 of 23
    dysamoriadysamoria Posts: 1,958member
    maestro64 said:
    At least this nut case took to stealing pictures verse picking up a gun and shooting people. When is the government going start protecting people from the people with mental issues. 
    If only the first part of your comment didn't also include the second part...
  • Reply 15 of 23
    dysamoriadysamoria Posts: 1,958member
    So everyone here is an expert in bipolar disorder, eh?

    why does getting treatment after he's caught seem "convenient" to you? Getting caught probably incentivized him to accept that his behavior was a serious enough problem that it had to be addressed. People don't change unless they see personal benefit to it. Self worth, or more control over their experiences and their consequences... Whatever the motivator, has to come from inside and be based on self-benefit.

    Overall, I'm surprised that he got as lenient a sentence as six months. It's almost reasonable, and I'm not used to seeing reasonable sentencing in news stories. Especially when people like to throw the word "terrorist" on every security violation. I almost wonder if it's a bit too lenient. Is he going to be barred from having access to networked computers or anything like that as a parole condition?
  • Reply 16 of 23
    dysamoria said:
    So everyone here is an expert in bipolar disorder, eh?

    why does getting treatment after he's caught seem "convenient" to you? Getting caught probably incentivized him to accept that his behavior was a serious enough problem that it had to be addressed. People don't change unless they see personal benefit to it. Self worth, or more control over their experiences and their consequences... Whatever the motivator, has to come from inside and be based on self-benefit.

    Overall, I'm surprised that he got as lenient a sentence as six months. It's almost reasonable, and I'm not used to seeing reasonable sentencing in news stories. Especially when people like to throw the word "terrorist" on every security violation. I almost wonder if it's a bit too lenient. Is he going to be barred from having access to networked computers or anything like that as a parole condition?
    Why is the DA not creaming from the rafters about the length of the sentence? After all their usual words are 'We will press for the maximim sentence' even for a minor crime. I get the feeling that they'd want every crime to have a Life without Parole as the max and leand that down in order to avoid trials.
    Either that or the DA is not standing for re-election in November.
    IMHO, Politicans should not be lawyers.
  • Reply 17 of 23
    MacProMacPro Posts: 17,998member
    I wish the tech media wouldn't use the term 'hacker' for people simply phishing, so they should be called phishers.  Calling them hackers gives them a status they don't deserve, genuine hacking requires some brains, phishing not so much.  Plus it adds to click bait crap stating 'Apple iCloud was hacked.'  It wasn't.  Asking someone with a fake web page to enter their user name and password is phishing not hacking.  I'd also add:  People who fill them in are morons not victims.
    edited July 2016
  • Reply 18 of 23
    I wish the tech media wouldn't use the term 'hacker' for people simply phishing, so they should be called phishers.  Calling them hackers gives them a status they don't deserve, genuine hacking requires some brains, phishing not so much.  Plus it adds to click bait crap stating 'Apple iCloud was hacked.'  It wasn't.  Asking someone with a fake web page to enter their user name and password is phishing not hacking.  I'd also add:  People who fill them in are morons not victims.
    I requires skilss, just different kind of skills.
  • Reply 19 of 23
    MacProMacPro Posts: 17,998member
    I wish the tech media wouldn't use the term 'hacker' for people simply phishing, so they should be called phishers.  Calling them hackers gives them a status they don't deserve, genuine hacking requires some brains, phishing not so much.  Plus it adds to click bait crap stating 'Apple iCloud was hacked.'  It wasn't.  Asking someone with a fake web page to enter their user name and password is phishing not hacking.  I'd also add:  People who fill them in are morons not victims.
    I requires skilss, just different kind of skills.
    Phishing requires very low level skills.  All it requires is extremely dumb recipients.
  • Reply 20 of 23
    mac fan said:
    Rayz2016 said
    That sounds like a rather specific symptom for a bipolar disorder. A bit like me saying I have an eating disorder which only pertains to key lime cheesecake. 
    That's not a disorder. That's a feature!


    He had a bi-polar episode that lasted two years, forcing him to engage in phishing attacks? Maybe the judge should have a psych-eval. It's not clear to me if he was convicted of a felony or just charged with one. He should have been sentenced to a year and a day.

    A Psych reval? "I know you know that I'm not telling the truth"!
Sign In or Register to comment.