Man pleads guilty to hacking celebrity Apple accounts for spending spree

Posted:
in iCloud
A man has pleaded guilty to U.S. Justice Department charges of hacking into the Apple accounts of famous athletes and musicians, using them to embark on a spending spree.

iCloud Drive


Victims included "rappers" as well as "college and professional athletes," including people in the NBA and NFL, the Justice Department said while declining to name specific people. The hacker, Kwamaine Jerell Ford of Georgia, began targeting accounts in March 2015 with a phishing scheme, pretending to be an Apple support representative needing logins, passwords, and/or the answers to security questions.

Ford convinced people this was necessary to reset an account or access videos people were sending, the Department elaborated. In reality he set about hijacking accounts by resetting passwords, changing email contacts, and editing security questions. Apple is said to have recorded "hundreds" of unauthorized logins.

This in turn gave Ford access to the credit cards of several people, which were used to rack up "thousands of dollars" in furniture, travel expenses, and direct money transfers.

Ford was originally indicted on six counts in April 2018, including charges of wire fraud, computer fraud, access device fraud, and aggravated identity theft. In the end he pleaded guilty to just one count of computer fraud and one of identity theft. A sentencing hearing is scheduled for June.

Phishing is a recurring problem with Apple and other platform holders. The best-known Apple-related incident was "Celebgate," which targeted over 200 iCloud, Yahoo, and Facebook accounts owned by celebrities and others. With some celebrities, nude photos were stolen and spread rapidly online.

The best defenses against phishing are enabling two-factor authentication and maintaining a skeptical attitude, since Apple support representatives don't contact people out of the blue or demand login information.

Comments

  • Reply 1 of 13

    Victims included "rappers" as well as "college and professional athletes," including people in the NBA and NFL, the Justice Department said while declining to name specific people. The hacker, Kwamaine Jerell Ford of Georgia, began targeting accounts in March 2015 with a phishing scheme, pretending to be an Apple support representative needing logins, passwords, and/or the answers to security questions.
    .
    I guess I shouldn’t be surprised, but strange how this phishing scheme still works. Remember years back using that dialup app called AOL, and there would be an eyesore text warning in messenger warning them an AOL rep would never contact them for their password through email or IM? But no, people still fell for it.
    chiacornchipstompywatto_cobra
  • Reply 2 of 13
    lkrupplkrupp Posts: 6,950member

    Ford was originally indicted on six counts in April 2018, including charges of wire fraud, computer fraud, access device fraud, and aggravated identity theft. In the end he pleaded guilty to just one count of computer fraud and one of identity theft. A sentencing hearing is scheduled for June.
    Why the plea bargain? If they had him they had him. He’ll probably get off with a short time in prison. What about restitution to his victims? I think we need to make the penalties for this kind of thing much harsher for deterrence. Hackers like him are no different from the street thugs and muggers.
    watto_cobrajony0
  • Reply 3 of 13
    lkrupplkrupp Posts: 6,950member

    the monk said:

    Victims included "rappers" as well as "college and professional athletes," including people in the NBA and NFL, the Justice Department said while declining to name specific people. The hacker, Kwamaine Jerell Ford of Georgia, began targeting accounts in March 2015 with a phishing scheme, pretending to be an Apple support representative needing logins, passwords, and/or the answers to security questions.
    .
    I guess I shouldn’t be surprised, but strange how this phishing scheme still works. Remember years back using that dialup app called AOL, and there would be an eyesore text warning in messenger warning them an AOL rep would never contact them for their password through email or IM? But no, people still fell for it.
    I still get regular calls from "Microsoft Support” saying they have detected a virus and need to access my computer. When I tell them I’m using a Mac they hang up.
    cornchipchiamuthuk_vanalingamwatto_cobrajony0
  • Reply 4 of 13
    entropysentropys Posts: 1,647member
    A man has pleaded guilty to U.S. Justice Department charges of hacking into the Apple accounts of famous athletes and musicians, using them to embark on a spending spree.

    Kwamaine Jerell Ford of Georgia, began targeting accounts in March 2015 with a phishing scheme, pretending to be an Apple support representative needing logins, passwords, and/or the answers to security questions

    so which is it? Hacking, or a Phishing attack? Because one exploits a weakness of Apple, while the other exploits the weakness of celebrities. A very important difference.

    cornchipMacProchiamuthuk_vanalingamwatto_cobrajony0
  • Reply 5 of 13
    mac_dogmac_dog Posts: 674member
    lkrupp said:

    Why the plea bargain? If they had him they had him. He’ll probably get off with a short time in prison. What about restitution to his victims? I think we need to make the penalties for this kind of thing much harsher for deterrence. Hackers like him are no different from the street thugs and muggers.
    Why restitution? More important is accountability. Something that will...say...leave a lasting impression so it doesn’t happen again. There is no accountability in this country anymore. 
    edited March 29 watto_cobra
  • Reply 6 of 13
    MacProMacPro Posts: 18,165member
    entropys said:
    A man has pleaded guilty to U.S. Justice Department charges of hacking into the Apple accounts of famous athletes and musicians, using them to embark on a spending spree.

    Kwamaine Jerell Ford of Georgia, began targeting accounts in March 2015 with a phishing scheme, pretending to be an Apple support representative needing logins, passwords, and/or the answers to security questions

    so which is it? Hacking, or a Phishing attack? Because one exploits a weakness of Apple, while the other exploits the weakness of celebrities. A very important difference.

    Totally agree and of course, it was phishing.  I find it ridiculous Apple Insider perpetuate this misleading working. Is it better click bait to pretend phishing is hacking I wonder?
    Carnagewatto_cobrajony0
  • Reply 7 of 13
    jbdragonjbdragon Posts: 2,074member
    Hacking is not the same thing as phishing.  Mixing them up confuses people.  Turn on 2 factor and you should be protected from phishing even if you happen to fall for their phishing scam.   Turn on 2 factor for every site that you can and that includes iCloud!!!

    muthuk_vanalingamwatto_cobrajony0
  • Reply 8 of 13
    macguimacgui Posts: 1,178member
    lkrupp said:

    Ford was originally indicted on six counts in April 2018, including charges of wire fraud, computer fraud, access device fraud, and aggravated identity theft. In the end he pleaded guilty to just one count of computer fraud and one of identity theft. A sentencing hearing is scheduled for June.
    Why the plea bargain? If they had him they had him. He’ll probably get off with a short time in prison. What about restitution to his victims? I think we need to make the penalties for this kind of thing much harsher for deterrence. Hackers like him are no different from the street thugs and muggers.
    Probably only to save the expense of a trial. Regardless of how much overwhelming evidence the prosecution may have a plea bargain saves money. Were this a crime of violence and the evidence was overwhelming, a trial would more likely be considered. 


    mac_dog said:
    lkrupp said:
    Why restitution? More important is accountability. Something that will...say...leave a lasting impression so it doesn’t happen again. There is no accountability in this country anymore. 
    Retitution is very often a part of any sentence involving financial loss, especially plea bargains. Accountability is good, but for the people bilked, it can be small consequence.

    That said, it's disconcerting that lack of accountability changes Crime doesn't pay to Crime pays. It all goes back to avoiding the expense of a court trial.


    muthuk_vanalingam
  • Reply 9 of 13
    blah64blah64 Posts: 919member
    jbdragon said:
    Hacking is not the same thing as phishing.  Mixing them up confuses people.  Turn on 2 factor and you should be protected from phishing even if you happen to fall for their phishing scam.   Turn on 2 factor for every site that you can and that includes iCloud!!!

    Two-factor is great, as long as the 2nd factor isn't SMS.  Texting is not secure or protected in any way, shape, or form, and if your important accounts are password-resettable via SMS authentication then you are playing a dangerous game depending on 2FA. 

    Of course you're also playing a dangerous game if you don't use anything, but the rise of SMS-based 2FA is appalling because it has fooled people into thinking it's safe instead of moving toward solutions that actually are safe.  Why have so many organizations implemented texting-based "protections"?  Simply because it's easy for them, not because it's safe.  Most people text all day without giving a single thought to the fact that it's completely insecure, and businesses take advantage of the fact.  Be smarter.
    watto_cobra
  • Reply 10 of 13
    analogjackanalogjack Posts: 1,066member
    If someone asks me for my debit card and pin and I give it to them and then they rob me, have I been 'hacked'?
    chiawatto_cobra
  • Reply 11 of 13
    gatorguygatorguy Posts: 20,445member
    If someone asks me for my debit card and pin and I give it to them and then they rob me, have I been 'hacked'?
    No you've been robbed. That's even worse in many cases, and happens too often with some of these scams on LetGo and such. 

    People used to trust each other until proven they shouldn't, left doors unlocked when they were away and had neighbors check check the house once in awhile if they were away for awhile. Now we're supposed to distrust everyone? 
    edited March 31
  • Reply 12 of 13
    MacProMacPro Posts: 18,165member
    gatorguy said:
    If someone asks me for my debit card and pin and I give it to them and then they rob me, have I been 'hacked'?
    No you've been robbed. That's even worse in many cases, and happens too often with some of these scams on LetGo and such. 

    People used to trust each other until proven they shouldn't, left doors unlocked when they were away and had neighbors check check the house once in awhile if they were away for awhile. Now we're supposed to distrust everyone? 
    'Everyone' in this discussion is more about how people (thieves) use technology rather than people in general but I get your drift. You may be shocked to know but even products one buys from seemingly reputable companies can spy on us and use that information for profit which in my mind is a form of theft.  Other than Apple I trust no computer technology or person using it, especially anything sent via email.  Sadly scammers are realizing Apple users have grown to know they can trust Apple so they all to often fall prey to 'from Apple' scams.
    stompy
  • Reply 13 of 13
    the monkthe monk Posts: 37member
    gatorguy said:
    People used to trust each other until proven they shouldn't, left doors unlocked when they were away and had neighbors check check the house once in awhile if they were away for awhile. Now we're supposed to distrust everyone? 
    Are you sure this isn’t an imaginary time period you’re talking about? “Good old days?”
Sign In or Register to comment.