'Celebgate' iCloud hack perpetrator sentenced to 34 months in prison

Posted:
in iCloud edited March 1
A hacker who pleaded guilty for his part in the 'Celebgate' hack, involving phishing for credentials and attempting to access more than 200 iCloud, Yahoo, and Facebook accounts controlled by celebrities and other users, has been sentenced to almost three years in prison.




The U.S Attorney's Office for the Eastern District of Virginia advises Christopher Brannan, 31, of Richmond was sentenced on Friday for participating in the social media and cloud storage hacking event known as "Celebgate." Branna, a former high school teacher, pleaded guilty in October to charges of unauthorized access to a protected computer and aggravated identity theft.

While the crimes were punishable by a maximum of seven years in prison, a plea agreement with Brannan led to the United States making a non-binding recommendation to the court that he be sentenced to 34 months in prison, a decision agreed upon by Senior U.S. District Judge Henry E. Hudson at sentencing.

Court filings advise Brannan accessed online accounts for Apple's iCloud, Yahoo, and Facebook, allowing him to acquire complete iCloud backups, photographs, and other private information from more than 200 victims. The "Celebgate" name refers to the fact that some of the people targeted in the campaign were famous.

Brannan acquired access in a variety of ways, including simply answering security questions in forgotten password systems that could be easily answered by reviewing the victim's other public social media accounts. He also used phishing to acquire credentials, using email addresses that looked as if they were legitimate security accounts from Apple.

The teacher is not the only person to receive punishment for "Celebgate," as last year George Garofano was sentenced to eight months in prison followed by three years of supervised release for accessing more than 200 iCloud accounts. In 2017, Edward Majerczyk received nine months in prison and paid $5,700 to one victim for hacking into more than 300 iCloud and Gmail accounts.

The first person sentenced for the attack in 2016, Ryan Collins, received 18 months for accessing 50 iCloud accounts and 72 Gmail accounts.

The Celebgate ordeal surfaced in 2014, with the discovery of a cache of nude photographs and video belonging to prominent figures in the entertainment business, likely shared via the dark web before surfacing on the more public BitTorrent and other file-sharing services.

Apple investigated the event, which was initially and incorrectly blamed on an iCloud security breach that Apple strongly denied. Further investigation determined the attacks were accessed via social engineering, not by security flaws.

Comments

  • Reply 1 of 8
    rob53rob53 Posts: 2,011member
    He gets 3 years in prison while Facebook, Google and others steal personal information and get away for free. 
    AppleExposedMacProwatto_cobra
  • Reply 2 of 8
    It’s interesting to me that “unauthorized access to a protected computer” is a crime but at the same time some branches of the government want to make unauthorized access easier. 
    watto_cobra
  • Reply 3 of 8
    I think what he did with the information should be taken into account. And what he did he ought to have known would be incredibly hurtful for those involved. I honestly think three years is a low figure. I get that it was a "non violent crime" but it hurt the people involved on a really massive scale.
    watto_cobra
  • Reply 4 of 8
    AppleExposedAppleExposed Posts: 701unconfirmed, member

    iCloud was not hacked. My goodness, every media outlet is using this crap to sh** on Apple while conveniently leaving out Google/Microsofts cloud services which were equally as "hacked".


    In before some idiot links this "hack" to Apples privacy/security stance.

    MacProwatto_cobra
  • Reply 5 of 8
    entropysentropys Posts: 1,647member
    It’s interesting to me that “unauthorized access to a protected computer” is a crime but at the same time some branches of the government want to make unauthorized access easier. 
    We are letting government become big brother.
  • Reply 6 of 8
    kimberlykimberly Posts: 210member
    rob53 said:
    He gets 3 years in prison while Facebook, Google and others steal personal information and get away for free. 
    You know, there is an element of truth in that ;)
    watto_cobra
  • Reply 7 of 8
    MacProMacPro Posts: 18,166member

    iCloud was not hacked. My goodness, every media outlet is using this crap to sh** on Apple while conveniently leaving out Google/Microsofts cloud services which were equally as "hacked".


    In before some idiot links this "hack" to Apples privacy/security stance.

    Exactly.  Phishing is not hacking it's duping, conning, fooling ... but not hacking.  LIke bokeh isn't blurring, it's specular highlight artifacts caused by shutter blade diffraction.  Technical journalists really need to get their act together on definitions and terms.
    edited March 2 watto_cobra
  • Reply 8 of 8
    lkrupplkrupp Posts: 6,956member
    If we want to get serious about privacy then perhaps we should raise the stakes for hackers/phishers/conmen. How a minimum 10 year sentence with no plea deals? I’d also like to see interviews with these types to find out what their motives are. “Because I can...” seems vacuous. Do they have superiority complexes? Dod they make money selling the data and images to sleaze-bag websites like the Fappening?
    edited March 2 watto_cobra
Sign In or Register to comment.