Connecticut Man Sent to Prison for 2014 Celebrity iCloud Hack

[MacRumors]

Connecticut man George Garafano has been sentenced to eight months in prison for his role in the 2014 iCloud hacks that saw many celebrity photos illicitly shared on the internet.

Garafano was accused of hacking the iCloud accounts of more than 200 people over the course of 18 months, including multiple celebrities.

According to the Hartford Courant, a federal judge in Connecticut ordered the eight month prison term, which will be followed by three years of supervision after release.

Garafano in April pleaded guilty to sending phishing emails to his victims posing as a member of Apple's online security team to obtain usernames and passwords. During the case, prosecutors said he traded the photos that he stole with other hackers and may have sold some of them to earn extra income.

Prosecutors had argued that Garafano should serve 10 to 16 months in prison, while Garafano asked for a more lenient sentence of five months in prison followed by five months in home confinement.

Garafano, who was in college at the time, says he has already suffered for his role in the 2014 hacking event and has "cleaned up his act" since the hacking occurred.

There were a total of four people charged with breaking into the iCloud accounts of celebrities, including Ryan Collins, Edward Majerczyk, and Emilio Herrera, along with Garafano. The other hackers have already been sentenced to prison terms ranging from nine months to 18 months.

When hundreds of nude celebrity photos began leaking online in 2014, there was initial speculation that iCloud had been hacked, but following an investigation, Apple determined that the accounts had been compromised by weak passwords.

Apple has since made improvements to its iCloud security by adding two-factor authentication to iCloud.com, introducing email alerts when an iCloud account is accessed on the web, and requiring app-specific passwords for third-party apps that access iCloud.

Article Link: Connecticut Man Sent to Prison for 2014 Celebrity iCloud Hack

 

[Hitrate]

Weak sentence.

 

[genovelle]

Why is this called a hack when these people gave them their password. This is why anti-Apple people still try to blame Apple saying they were hacked and leaked the pictures.

 

[ikir]

anyway the title says “hack” but it was phishing

When hundreds of nude celebrity photos began leaking online in 2014, there was initial speculation that iCloud had been hacked, but following an investigation, Apple determined that the accounts had been compromised by weak passwords.

 

[FFR]

They never mention google or gmail.
Don’t know what’s up with that.

“Prosecutors said in court documents that between November 2012 and September 2014, Collins "knowingly, intentionally, and in furtherance of criminal and tortious acts" accessed at least 50 Apple iCloud accounts and about 72 Google Gmail accounts belonging to more than 100 people. “

 

[nwcs]

Phishing and social engineering attacks will always succeed in some measure because people are always the weakest links in security.

 

[69Mustang]

Why is this called a hack when these people gave them their password. This is why anti-Apple people still try to blame Apple saying they were hacked and leaked the pictures.

I came to this thread...

anyway the title says “hack” but it was phishing

When hundreds of nude celebrity photos began leaking online in 2014, there was initial speculation that iCloud had been hacked, but following an investigation, Apple determined that the accounts had been compromised by weak passwords.

... for these and am thankful I will not leave...

They never mention google or gmail.
Don’t know what’s up with that.

“Prosecutors said in court documents that between November 2012 and September 2014, Collins "knowingly, intentionally, and in furtherance of criminal and tortious acts" accessed at least 50 Apple iCloud accounts and about 72 Google Gmail accounts belonging to more than 100 people. “

disappointed. You guys have to know that your protestations fall on deaf ears every time. Always have, always will. This little saga in internet history will forever more be known as the celebrity iCloud hack. No amount of hand waving, or wringing for that matter, is going to change that. That windmill ain't gonna tumble.

 

[keysofanxiety]

MR, please, this isn’t a hack. I know the title will get more visits, but if you use the same password for every account and answer every applelegit@maybenot.com email with your personal details, that’s phishing.

Hack implies Apple’s servers were compromised. There’s a big difference between that and people getting scammed.

 

[Sodium Chloride]

Question: if someone know your Apple ID and password but do not have access to your trusted devices, can they still access your iCloud files?

 

[keysofanxiety]

Question: if someone know your Apple ID and password but do not have access to your trusted devices, can they still access your iCloud files?

Not if you have two factor authentication enabled. Unless they also have full access to your phone and/or trusted device. In which case it’s just negligence.

 

[Tech198]

Why is this called a hack when these people gave them their password. This is why anti-Apple people still try to blame Apple saying they were hacked and leaked the pictures.

Ya. seems like that, that is why Apple now enforces strong passwords. On hand hand its a hack, nut on the other hand, its an 'invitation' as well by users.

The trouble with any company, they only learn this stuff t be more secure *after* the damage is done, never before. Also its difficult, there is no evidence Apple could prove not enforcing these measures in the first place. If that was done, this would never have happened.

Not if you have two factor authentication enabled. Unless they also have full access to your phone and/or trusted device. In which case it’s just negligence.

I don't have 2-factor.... overkill to me undermines. The fact users can now share their otherwise, secure passwords because we have a trusted device which protects us"further" is just stating that "yes,, but you are sharing it anyway" and that has always been the main goal..

All of the other security you lay on top to cover the main goal up,is just icing on the cake. If people really cared about security there would be no "cover up"

 

[Scottsoapbox]

I feel like 8 months in prison is kind of harsh for getting dumb people to hand over a password.

And PSA for celebrities: don't store your naked pictures in the cloud.

 

[snortpig]

MR, please, this isn’t a hack. I know the title will get more visits, but if you use the same password for every account and answer every applelegit@maybenot.com email with your personal details, that’s phishing.

Hack implies Apple’s servers were compromised. There’s a big difference between that and people getting scammed.

Wonder where he got all those celebs email addresses

 

[341328]

"compromised by weak passwords. "... haha. Celebrities aren't that smart then.

 

[exodiusprime]

Send phishing email to over 200 celebrities, violating their privacy and likely making tons of cash in the process: 8 months prison

Get caught with several grams of dab oil: 2 to 10 years prison

</boggle>

 

[kstotlani]

Send phishing email to over 200 celebrities, violating their privacy and likely making tons of cash in the process: 8 months prison

Get caught with several grams of dab oil: 2 to 10 years prison

</boggle>

Loot billions of people off their investments: more bonus, private aircraft etc.

 

[omihek]

According to this post, I "hack" my phone every time I use my thumb to unlock it.

 

[Solomani]

I feel like 8 months in prison is kind of harsh for getting dumb people to hand over a password.

And PSA for celebrities: don't store your naked pictures in the cloud.

They should store it in a USB thumb drive, and have little brother hide it for safekeeping.

 

[DeepIn2U]

Phishing and social engineering attacks will always succeed in some measure because people are always the weakest links in security.

Spoken just like Mr Robot

 

[miniyou64]

Weak sentence.

For a non violent crime? Get out

 

[Solomani]

For a non violent crime? Get a life

He destroyed the lives disrupted and tarnished the reputations of our glorious 21st century celebrities and idols. For that he must get lethal injection.

 

[SashJ]

I hope he accidentally drops the soap in the shower.

 

[apolloa]

I feel like 8 months in prison is kind of harsh for getting dumb people to hand over a password.

And PSA for celebrities: don't store your naked pictures in the cloud.

Does he only deserve a light slap in the wrist right? For ‘hacking’ into their iclouds and stealing their personal private photos and videos and leaking them all over the internet for millions and millions to see never to be deleted.. having the potential to ruin their personal and professional life’s for ever.

I do hope you don’t have any private things you don’t want the entire planet to see?

This crime could be classed as cyber bullying, a crime that has lead to children killing themselves, so I think 8 months isn’t enough, it should have been 8 years. But hey MR readers seem to love and be sympathetic to hackers.

 

[CarlJ]

I feel like 8 months in prison is kind of harsh for getting dumb people to hand over a password.

It wasn't so much for tricking someone into giving them their password, it was for what they then did with those passwords - accessing an account that didn't belong to them, downloading someone else's clearly very private files, then widely distributing those files on the internet, and screwing over a bunch of people's lives (at least for a while). I don't see some prison time as being especially harsh.

 

[FFR]

I came to this thread...

... for these and am thankful I will not leave...


disappointed. You guys have to know that your protestations fall on deaf ears every time. Always have, always will. This little saga in internet history will forever more be known as the celebrity iCloud hack. No amount of hand waving, or wringing for that matter, is going to change that. That windmill ain't gonna tumble.

Meh... at least they didn’t put out the note 7.