Second hacker pleads guilty to role in celebrity iCloud, Gmail phishing scheme
A Chicago man implicated in a phishing scheme targeting more than 300 iCloud and Google Gmail users, including the personal accounts of numerous Hollywood celebrities, faces up to five years in federal prison after signing a plea deal last week.
According to a statement from the U.S. Attorney's Office in California, Edward Majerczyk, 28, will plead guilty to violating the Computer Fraud and Abuse Act for his role in 2014's "Celebgate" phishing scheme. Majerczyk of Chicago and Orland Park, Ill., is charged with one count of unauthorized access to a protected computer, which carries a statutory maximum sentence of five years in prison.
In the phishing scheme, Majerczyk sent phony emails to victims requesting confirmation of user credentials. Appearing to be from legitimate security accounts operated by companies like Apple and Google, the messages instructed users to visit a nefarious website designed to gather logins and passwords.
Majerczyk used this information to illegally access victims' accounts, from which he harvested photographs, videos and other sensitive data, the plea agreement said. The assets circulated through the dark web before wide distribution via BitTorrent and other file sharing protocols.
"Hacking of online accounts to steal personal information is not merely an intrusion of an individual's privacy but is a serious violation of federal law," said U.S. Attorney Eileen M. Decker. "Defendant's conduct was a profound intrusion into the privacy of his victims and created vulnerabilities at multiple online service providers."
While phishing scams are a common occurrence, "Celebgate" gained notoriety for successfully targeting numerous A-list celebrities including Jennifer Lawrence and Kate Upton. When news of the leak first hit, reports incorrectly blamed the intrusion on a hack of Apple's iCloud, not clever social engineering. At the time, Apple denied those claims, saying its cloud services were safe and secure.
Majerczyk is the second person to enter a plea deal in connection with the scandal. In March, Ryan Collins, 36, pleaded guilty to illegally gaining access to at least 50 iCloud accounts and 72 Gmail accounts. Collins' crime carries an identical five-year maximum penalty, though prosecutors planned to recommend a term of 18 months.
Majerczyk's plea agreement was lodged in California District Court and will be executed when the case is transferred to the Northern District of Illinois.
According to a statement from the U.S. Attorney's Office in California, Edward Majerczyk, 28, will plead guilty to violating the Computer Fraud and Abuse Act for his role in 2014's "Celebgate" phishing scheme. Majerczyk of Chicago and Orland Park, Ill., is charged with one count of unauthorized access to a protected computer, which carries a statutory maximum sentence of five years in prison.
In the phishing scheme, Majerczyk sent phony emails to victims requesting confirmation of user credentials. Appearing to be from legitimate security accounts operated by companies like Apple and Google, the messages instructed users to visit a nefarious website designed to gather logins and passwords.
Majerczyk used this information to illegally access victims' accounts, from which he harvested photographs, videos and other sensitive data, the plea agreement said. The assets circulated through the dark web before wide distribution via BitTorrent and other file sharing protocols.
"Hacking of online accounts to steal personal information is not merely an intrusion of an individual's privacy but is a serious violation of federal law," said U.S. Attorney Eileen M. Decker. "Defendant's conduct was a profound intrusion into the privacy of his victims and created vulnerabilities at multiple online service providers."
While phishing scams are a common occurrence, "Celebgate" gained notoriety for successfully targeting numerous A-list celebrities including Jennifer Lawrence and Kate Upton. When news of the leak first hit, reports incorrectly blamed the intrusion on a hack of Apple's iCloud, not clever social engineering. At the time, Apple denied those claims, saying its cloud services were safe and secure.
Majerczyk is the second person to enter a plea deal in connection with the scandal. In March, Ryan Collins, 36, pleaded guilty to illegally gaining access to at least 50 iCloud accounts and 72 Gmail accounts. Collins' crime carries an identical five-year maximum penalty, though prosecutors planned to recommend a term of 18 months.
Majerczyk's plea agreement was lodged in California District Court and will be executed when the case is transferred to the Northern District of Illinois.
Comments
Next thing you'll be doing is claiming someone responding to nigerian scams on Iphones are somehow's Apple fault too.
In fact, most of the Icloud account that were compromised were NOT ICLOUD ACCOUNTS,
even those that were compromised through phishing were often done by compromising a second account that's even less secure (that's why you should not reuse passwords). They didn't talk about that here, but that is used very often.
The only way to mitigate it is to use two factor and that's an inconvenience to many and they STILL won't do it after this hack on Android or IOS.
Not surprising that many of them are still members here (and have recently posted), but aren't saying anything in this thread. I guess it's touch to have such a hard stance on a topic (and waste so much time on your bullshit theories) and find out you were completely and utterly wrong.
I'm in a pretty bad mood today, so I'll agree with you.
Though I am happy these guys got caught, can't the justice department pursue Wall Street criminals with the same vigor they go after doping athletes and these losers?
I said this when it happen and will say it again, you can not fix stupid. The people who got hacked deserve what they got.
It is not the job of any company or the government to protect people from themselves. I am not sure why people think people are not suppose to be responsible for their own actions, If they were not taking naked picture of themselves there would have been nothing to find. You know ignorance of law is not defense of breaking a law ignorance the technology you use does not relive someone of their own responsibilities to protect their own privacy.
Notice how DA pleaded these two people out, they really did not want others to see what these two people actually did to get the information. I suspect it was probably pretty easy, and the reason they caught these two so quickly.
I was actually in a good mood yesterday, when I wrote my post.
I must have a few hundred of this one:
And even aside from emails designed to steal your identity, has anyone ever calculated how much SPAM costs everyone in storage space and time wasted deleting them? At just 10 minutes a day, that's over 60 hours per year, per person. I bet the productivity cost alone is in the $ billions.
And I really hate the phrase, "social engineering", because it sounds like something positive or something harmless instead of a con that can ruin one's life.
And for the record, most of what happens on Wall Street is legal. It shouldn't be, but it is. So there's little the Justice Department can do to go after Wall Street execs who we might consider to be criminals, like those who brought down the economy in 2008. The laws need to be changed and that's not going to happen: many Republican politicians feel that even the current laws are too restrictive on what banks and Wall Street firms can do. Wall Street is like gambling in a casino, except there's fewer rules: the odds are in favor of the house, they charge you to get in, but the small guy can still occasionally win something. I've done pretty well with my investments, but that's not to say that the playing field is fair and that I'm not getting screwed. And of course, the house can come tumbling down again at any time. Brexit was a perfect example of how panic-stricken and irrational Wall Street is: big tumble for a few days and then quickly back up to near-peaks. None of that makes any sense - U.S. companies aren't worth more or less this week than they were last week, unless they happened to put out an earnings report, with the possible exception of those who sell largely to the UK.
Oh, that's okay. The Federal Reserve is illegal and yet it exists. It all balances out.
The only course of action is education. People have to be told what's going on so that when it crashes next they don't immediately buy in to what the people who crashed it want (fully digital fiat currency).