Pennsylvania Man Behind Hacking of Celebrity iCloud Accounts Pleads Guilty

[MacRumors]

Ryan Collins, the 36-year-old Pennsylvania man behind the hacking of celebrity iCloud accounts in 2014, has signed a plea agreement and agreed to plead guilty to a violation of the Computer Fraud and Abuse Act, the Department of Justice announced (via Gawker).

Collins spent two years (November 2012 to September 2014) engaged in a phishing scheme to obtain the usernames and passwords of his victims, according to the "factual basis of the plea agreement." He sent his victims emails that appeared to be from Apple and Google, asking them to provide their usernames and passwords.

Once Collins obtained the data, he used them to illegally access accounts and extracted private information, which included nude photographs and videos. He also used a software program to download some of the victims' iCloud backups. While Collins obtained the private photos and videos, investigators have not been able to find any evidence that he leaked, shared or uploaded them to the Internet.

"By illegally accessing intimate details of his victims' personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity," said David Bowdich, the Assistant Director in Charge of the FBI's Los Angeles Field Office. "We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information."

Collins has been charged in Los Angeles, but the case will be transferred to Harrisburg, Pennsylvania so that he can enter his guilty plea. He will face a statutory maximum sentence of five years in federal prison, but the parties have agreed to recommend a prison term of 18 months. The DoJ stresses that the recommendation is not binding to the sentencing judge.

Shortly after the breach occurred in September 2014, Apple conducted an investigation that revealed the accounts were compromised by weak passwords. The company then made several changes, adding email alerts when iCloud accounts are accessed on the web, app-specific passwords for third-party apps accessing iCloud and enabling two-factor authorization on iCloud.com.

Article Link: Pennsylvania Man Behind Hacking of Celebrity iCloud Accounts Pleads Guilty

 

[dannyyankou]

A valuable lesson in phishing

 

[akfgpuppet]

You guys forgot to include:

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

 

[dannyyankou]

You guys forgot to include:

Eh, I don't think this story will create any issues here.

 

[RiddlaBronc]

Cant complain. Jennifer Lawrence's nudes were amazing to say the least

 

[B4U]

Eh, I don't think this story will create any issues here.

Soon...
As soon as someone link this with the FBI case together and BOOM!

 

[gixxerfool]

Soon...
As soon as someone link this with the FBI case together and BOOM!

I was just about to do that, but you took the wind out of my sails.

 

[B4U]

I was just about to do that, but you took the wind out of my sails.

As I said, soon...someone else would do it even if you don't do it now...
Let me go make some popcorn for everyone.
Do you prefer butter or caramel?

 

[gixxerfool]

As I said, soon...
Let me go make some popcorn for everyone.
Do you prefer butter or caramel?

Butter extra salt.

 

[nagromme]

Facts: Google AND Apple AND other users were persuaded to tell a stranger their passwords, so no hacking was needed.

Media headlines that will be remembered forever: APPLE'S SYSTEM WAS HACKED!!!!

 

[xplora]

My how times change. 15-20 years ago Apple and other companies started adding email alerts, and it got a massive blow back from users because it was "clogging their inboxes". Now come the hackers/scammers and show us why email alerts were such a good idea, as companies rush to add the feature.

 

[iMember]

Cant complain. Jennifer Lawrence's nudes were amazing to say the least

Nope they we're not! have you ever seen Amateur photos? are all porn!, JLaw's was just erotic nude photos that many others actress already done it in movies, the other photos of her were fake and was someone else. $$$$ JLaw! she one of main reason why PirateBay went down a month later
Why people are supporting her is beyond me! The whole thing was just to promote herself, if you don't agree with me than please explain how there's isn't one porn photo of her from 100 photos?

 

[MrNomNoms]

Collins spent two years (November 2012 to September 2014) engaged in a phishing scheme to obtain the usernames and passwords of his victims

So in other words it had nothing to do with iCloud security as the perennial Apple bashers love to go on about but stupid people doing stupid things. Maybe in future before people jump into bashing Apple that such individuals realise that the weakest link is the end user himself/herself rather than it necessarily being the result of lax security on the part of the service provider.

 

[iMember]

Facts: Google AND Apple AND other users were persuaded to tell a stranger their passwords, so no hacking was needed.

Media headlines that will be remembered forever: APPLE'S SYSTEM WAS HACKED!!!!

I totally agree, Apple has made some few bad decisions recently, but this is not one of them, iCloud wasn't hacked! they publically said that and they can lie about something like that
Edit: I just read the article, don't believe none of this! remember PirateBay is dead, some of this celebrities are responsible like Jennifer Lawrence, doing business under the curtain with powerful agencies

 

[sudo1996]

Ban this guy from the Internet for life.
[doublepost=1458105339][/doublepost]

So in other words it had nothing to do with iCloud security as the perennial Apple bashers love to go on about but stupid people doing stupid things. Maybe in future before people jump into bashing Apple that such individuals realise that the weakest link is the end user himself/herself rather than it necessarily being the result of lax security on the part of the service provider.

"It had nothing to do with iCloud security" is untrue. There are ways to strengthen that link. For example, Apple could've required two-factor auth, which is designed to survive this level of user stupidity and would've made this phishing scheme impossible. Apple has two-factor auth but leaves it optional. But I don't blame them for it because requiring two-factor auth is annoying and discourages people from using the service.

 

[jsmith189]

So can the I DON'T TRUST APPLE OR THEIR CLOUD SECURITY crowd finally admit defeat? For now, at least.

 

[sudo1996]

So can the I DON'T TRUST APPLE OR THEIR CLOUD SECURITY crowd finally admit defeat? For now, at least.

No, I'm unhappy because you can still get into an account just by answering security questions. Of course, I put random junk as my security questions' answers to circumvent this problem, but most won't know.

 

[kahkityoong]

Clueless people being duped into giving away their passwords is not being 'hacked'.

 

[iMember]

I just finished watch The Hunger Games part 2, excellent movie! however box office earnings was low compared with the prequels, the director said was bla bla to blame, nope..the blame is on Jennifer Lawrence, everyone who will continue to work with her..will have the same problem, because people are smart, but most of the credits goes to smart women out there
I admired Jennifer Lawrence performance in movies, after the all media scandal innocent or not I'm no longer supporting her and it's the right thing to do
Hey do you remember Demi More's or Madonna 80s photos, let's make a big fuzz about that too or even better let's send someone to jail the person who published those photos...was it the cameraman?

Why Google, Spying Governments aren't jail too? Homes Anti-Surveillance beats Privacy (hacking) and Security

 

[You are the One]

What is the problem here? If you are not a terrorist, a pedophile or a drug lord "you have nothing to hide".

Oh, Apple is not secure enough? Is that the problem?

I'm sure the victims would feel much better if it was psychopathic perverts in the government watching their nudes.

Maybe privacy is a good thing after all.

 

[MrNomNoms]

Ban this guy from the Internet for life.
[doublepost=1458105339][/doublepost]

"It had nothing to do with iCloud security" is untrue. There are ways to strengthen that link. For example, Apple could've required two-factor auth, which is designed to survive this level of user stupidity and would've made this phishing scheme impossible. Apple has two-factor auth but leaves it optional. But I don't blame them for it because requiring two-factor auth is annoying and discourages people from using the service.

In all due respects I don't see why Apple should be obliged to protect idiots from themselves - sooner or later these crackers will find a new way to phish information from the end user then you're back to square one again. At some point end users need to step up and stop expecting others to protect them from themselves just as people wear safety belts and have air bags installed but it doesn't make them immune to having to stick to the speed limit etc.

 

[mw360]

Nope they we're not! have you ever seen Amateur photos? are all porn!, JLaw's was just erotic nude photos that many others actress already done it in movies, the other photos of her were fake and was someone else. $$$$ JLaw! she one of main reason why PirateBay went down a month later
Why people are supporting her is beyond me! The whole thing was just to promote herself, if you don't agree with me than please explain how there's isn't one porn photo of her from 100 photos?

W..T...F....?

Jennifer Lawrence needed to 'promote' herself? She chose 4chan as a place do do it? It's 'suspicious' she didn't have any porn pictures in her account? Suspicious? Amateur's photos are all porn? You have a really messed up view of what women should be doing with their time. 'She was asking for it,' is not a great way to justify your invasion of her privacy.

 

[Xavier]

Facts: Google AND Apple AND other users were persuaded to tell a stranger their passwords, so no hacking was needed.

Media headlines that will be remembered forever: APPLE'S SYSTEM WAS HACKED!!!!

Yeah, this was not much of a hack, but more of a preying on the gullible that happens everyday in a multitude of services. Electric Utility, Internet service, every bank ever. But Apple was hacked!!!

 

[vvswarup]

From what I'm reading here, it doesn't seem like this was a case of someone discovering a weakness in iCloud security and exploiting it to gain access. The title of the article is therefore misleading. Phishing is not the same thing. I believe that phishing is when someone cons you into handing over sensitive information.

This incident should serve as a reminder of the fact that one should never send sensitive information like login credentials or credit card information over email. No service provider should ask you to send that kind of information by email. For example, if your bank wants to check with you about possible fraudulent activity, they would call and ask you call them back. As an another example, if there's something going on with your email account, the service provider should give you a link where you can verify that the link is real.

 

[Iconoclysm]

I totally agree, Apple has made some few bad decisions recently, but this is not one of them, iCloud wasn't hacked! they publically said that and they can lie about something like that
Edit: I just read the article, don't believe none of this! remember PirateBay is dead, some of this celebrities are responsible like Jennifer Lawrence, doing business under the curtain with powerful agencies

Piratebay is illegal, don't need celebrities for that.