Man pleads guilty in celebrity iCloud hacking case, admits to phishing scheme
A Pennsylvania man on Tuesday was charged in the hacking of iCloud and Google cloud storage accounts belonging to more than 100 individuals -- notably dozens of celebrities -- and stealing personal, sometimes compromising pictures and video.
The U.S. Attorney for the Central District of California said Ryan Collins, 36, conducted a wide-ranging phishing scheme between Nov. 2012 and Sept. 2014 to illegally procure usernames and passwords to at least 50 iCloud accounts and 72 Gmail accounts, reports NBC News. Photos and video gleaned from the operation were subsequently leaked online.
"By illegally accessing intimate details of his victims' personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity," said David Bowdich, Assistant Director in Charge of the FBI's Los Angeles office. "We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information."
Court filings show Collins sent out emails resembling legitimate correspondence from Apple and Google, duping victims into divulging account information that was later used to steal personal photos and in some cases full iCloud backups. The story gained public notoriety after a cache of nude photos stolen from celebrities like actress Jennifer Lawrence hit the Web in September 2014.
Reports at the time suggested iCloud itself had been hacked, but Apple denied those claims. It appears the company was correct in its assessment.
Collins pleaded guilty to one count of unauthorized access to a protected computer to obtain information, a charge that carries a maximum penalty of five years in prison. Prosecutors will recommend a sentence of 18 months, the report said. Charged in California, his case will be transferred to Harrisburg, Pennsylvania.
Collins is the first to be charged for the 2014 hack, but more could follow as the investigation turns to the nefarious agents behind the photo leak.
Comments
Was he involved in the hundreds or not?
I was born in 1987, in Los Angeles, and my birthday is 5/22. My dog's name is Harry.
Since I'm such a genius, I have chosen a great password for my iCloud account "Harry1987", that nobody will ever be able to guess, unless they have an internet connection, where plenty of private and personal details about myself are available all over the place.
And if any hacker out there were to guess my extremely complex and secure password, then I will obviously blame it all on Apple.
if this encryption case goes the way of the gov., I am sure you will happily blame it on Obama instead. ;-)
That is of course Obama's doing 100%. It is Obama and his thugs in the DOJ that are coming after Apple.
But of course, that doesn't make Trump a thug, right? I sometimes wonder how people like you get up in the morning, so twisted with hypocrisy and contradictions.
By using various phishing attempts... YOU give them your password!
And that's what is so scary about this stuff. The users themselves are a big flaw. I know plenty of people who wouldn't question an email from Google if it asked them to type in their password. Or an email from Facebook, Apple, Microsoft, etc. People are gullible.
Me? Not so much. I'm very careful... plus I use two-factor authentication on all my major accounts.
But the average person can be easily tricked into giving away their password with no problem. And that's the biggest hole in security.
If there is a problem with your bank... they'll call you and say "hang up... and call the number printed on your credit card" to prove that it is really the bank calling. That seems to work.
But, sadly, people will just happily type in their internet passwords into a webpage without batting an eye.
because the hypocrisy with Apple ][ is mind numbing.
Also, this shows the state of US media and journalism when all people talked about was iCloud hacking, when 1. no hack took place and 2. more gmail accounts were message with and I never even heard about the gmail part of the story until now.
This is also what the FBI vs Encryption battle is all about. I would want law enforcement to have the best tools available within the law and within human tampering. I tried to come up with a simple explanation to convey this to my mother and kids and so, using the simplest of words that even a politician could understand, here is the issue :
It is a simple technical task to create a key given to responsible good people doing a good thing for the benefit of all, we all want that, but there is no technology in the near or distant future that can or could detect if the legitimate key is actually being used by a bad person instead, or even by a good person doing a bad thing, and that’s what nobody wants.
Access to those photos was granted with a key by a human wrongdoer who appropriated the key through human failings. This is also why we can't create a master key to give to humans and expect that they will also fail to keep it in their pants.