MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,020
14,757



icloud_icon_blue.jpg
Ryan Collins, the 36-year-old Pennsylvania man behind the hacking of celebrity iCloud accounts in 2014, has signed a plea agreement and agreed to plead guilty to a violation of the Computer Fraud and Abuse Act, the Department of Justice announced (via Gawker).

Collins spent two years (November 2012 to September 2014) engaged in a phishing scheme to obtain the usernames and passwords of his victims, according to the "factual basis of the plea agreement." He sent his victims emails that appeared to be from Apple and Google, asking them to provide their usernames and passwords.

Once Collins obtained the data, he used them to illegally access accounts and extracted private information, which included nude photographs and videos. He also used a software program to download some of the victims' iCloud backups. While Collins obtained the private photos and videos, investigators have not been able to find any evidence that he leaked, shared or uploaded them to the Internet.
"By illegally accessing intimate details of his victims' personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity," said David Bowdich, the Assistant Director in Charge of the FBI's Los Angeles Field Office. "We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information."
Collins has been charged in Los Angeles, but the case will be transferred to Harrisburg, Pennsylvania so that he can enter his guilty plea. He will face a statutory maximum sentence of five years in federal prison, but the parties have agreed to recommend a prison term of 18 months. The DoJ stresses that the recommendation is not binding to the sentencing judge.

Shortly after the breach occurred in September 2014, Apple conducted an investigation that revealed the accounts were compromised by weak passwords. The company then made several changes, adding email alerts when iCloud accounts are accessed on the web, app-specific passwords for third-party apps accessing iCloud and enabling two-factor authorization on iCloud.com.

Article Link: Pennsylvania Man Behind Hacking of Celebrity iCloud Accounts Pleads Guilty
 

xplora

Contributor
Sep 23, 2010
76
51
Hamilton, New Zealand
My how times change. 15-20 years ago Apple and other companies started adding email alerts, and it got a massive blow back from users because it was "clogging their inboxes". Now come the hackers/scammers and show us why email alerts were such a good idea, as companies rush to add the feature.
 
Comment

iMember

macrumors 6502
Mar 19, 2014
280
107
Cant complain. Jennifer Lawrence's nudes were amazing to say the least
Nope they we're not! have you ever seen Amateur photos? are all porn!, JLaw's was just erotic nude photos that many others actress already done it in movies, the other photos of her were fake and was someone else. $$$$ JLaw! she one of main reason why PirateBay went down a month later
Why people are supporting her is beyond me! The whole thing was just to promote herself, if you don't agree with me than please explain how there's isn't one porn photo of her from 100 photos?
 
Last edited:
Comment

MrNomNoms

macrumors 65816
Jan 25, 2011
1,130
249
Wellington, New Zealand
Collins spent two years (November 2012 to September 2014) engaged in a phishing scheme to obtain the usernames and passwords of his victims

So in other words it had nothing to do with iCloud security as the perennial Apple bashers love to go on about but stupid people doing stupid things. Maybe in future before people jump into bashing Apple that such individuals realise that the weakest link is the end user himself/herself rather than it necessarily being the result of lax security on the part of the service provider.
 
Comment

iMember

macrumors 6502
Mar 19, 2014
280
107
Facts: Google AND Apple AND other users were persuaded to tell a stranger their passwords, so no hacking was needed.

Media headlines that will be remembered forever: APPLE'S SYSTEM WAS HACKED!!!!
I totally agree, Apple has made some few bad decisions recently, but this is not one of them, iCloud wasn't hacked! they publically said that and they can lie about something like that
Edit: I just read the article, don't believe none of this! remember PirateBay is dead, some of this celebrities are responsible like Jennifer Lawrence, doing business under the curtain with powerful agencies
 
Last edited:
Comment

sudo1996

Suspended
Aug 21, 2015
1,496
1,182
Berkeley, CA, USA
Ban this guy from the Internet for life. :D
[doublepost=1458105339][/doublepost]
So in other words it had nothing to do with iCloud security as the perennial Apple bashers love to go on about but stupid people doing stupid things. Maybe in future before people jump into bashing Apple that such individuals realise that the weakest link is the end user himself/herself rather than it necessarily being the result of lax security on the part of the service provider.
"It had nothing to do with iCloud security" is untrue. There are ways to strengthen that link. For example, Apple could've required two-factor auth, which is designed to survive this level of user stupidity and would've made this phishing scheme impossible. Apple has two-factor auth but leaves it optional. But I don't blame them for it because requiring two-factor auth is annoying and discourages people from using the service.
 
Last edited:
  • Like
Reactions: rjohnstone
Comment

sudo1996

Suspended
Aug 21, 2015
1,496
1,182
Berkeley, CA, USA
So can the I DON'T TRUST APPLE OR THEIR CLOUD SECURITY crowd finally admit defeat? For now, at least.
No, I'm unhappy because you can still get into an account just by answering security questions. Of course, I put random junk as my security questions' answers to circumvent this problem, but most won't know.
 
Comment

iMember

macrumors 6502
Mar 19, 2014
280
107
I just finished watch The Hunger Games part 2, excellent movie! however box office earnings was low compared with the prequels, the director said was bla bla to blame, nope..the blame is on Jennifer Lawrence, everyone who will continue to work with her..will have the same problem, because people are smart, but most of the credits goes to smart women out there
I admired Jennifer Lawrence performance in movies, after the all media scandal innocent or not I'm no longer supporting her and it's the right thing to do
Hey do you remember Demi More's or Madonna 80s photos, let's make a big fuzz about that too or even better let's send someone to jail:) the person who published those photos...was it the cameraman? o_O

Why Google, Spying Governments aren't jail too? Homes Anti-Surveillance beats Privacy (hacking) and Security
 
Last edited:
Comment

You are the One

macrumors 6502a
Dec 25, 2014
594
751
In the present
What is the problem here? If you are not a terrorist, a pedophile or a drug lord "you have nothing to hide".

Oh, Apple is not secure enough? Is that the problem?

I'm sure the victims would feel much better if it was psychopathic perverts in the government watching their nudes.

Maybe privacy is a good thing after all.
 
  • Like
Reactions: iMember
Comment

MrNomNoms

macrumors 65816
Jan 25, 2011
1,130
249
Wellington, New Zealand
Ban this guy from the Internet for life. :D
[doublepost=1458105339][/doublepost]

"It had nothing to do with iCloud security" is untrue. There are ways to strengthen that link. For example, Apple could've required two-factor auth, which is designed to survive this level of user stupidity and would've made this phishing scheme impossible. Apple has two-factor auth but leaves it optional. But I don't blame them for it because requiring two-factor auth is annoying and discourages people from using the service.

In all due respects I don't see why Apple should be obliged to protect idiots from themselves - sooner or later these crackers will find a new way to phish information from the end user then you're back to square one again. At some point end users need to step up and stop expecting others to protect them from themselves just as people wear safety belts and have air bags installed but it doesn't make them immune to having to stick to the speed limit etc.
 
  • Like
Reactions: You are the One
Comment

mw360

macrumors 68000
Aug 15, 2010
1,777
1,921
Nope they we're not! have you ever seen Amateur photos? are all porn!, JLaw's was just erotic nude photos that many others actress already done it in movies, the other photos of her were fake and was someone else. $$$$ JLaw! she one of main reason why PirateBay went down a month later
Why people are supporting her is beyond me! The whole thing was just to promote herself, if you don't agree with me than please explain how there's isn't one porn photo of her from 100 photos?

W..T...F....?

Jennifer Lawrence needed to 'promote' herself? She chose 4chan as a place do do it? It's 'suspicious' she didn't have any porn pictures in her account? Suspicious? Amateur's photos are all porn? You have a really messed up view of what women should be doing with their time. 'She was asking for it,' is not a great way to justify your invasion of her privacy.
 
Comment

Xavier

Contributor
Mar 23, 2006
2,637
1,239
Columbus
Facts: Google AND Apple AND other users were persuaded to tell a stranger their passwords, so no hacking was needed.

Media headlines that will be remembered forever: APPLE'S SYSTEM WAS HACKED!!!!

Yeah, this was not much of a hack, but more of a preying on the gullible that happens everyday in a multitude of services. Electric Utility, Internet service, every bank ever. But Apple was hacked!!!
 
Comment

vvswarup

macrumors 6502a
Jul 21, 2010
543
219
From what I'm reading here, it doesn't seem like this was a case of someone discovering a weakness in iCloud security and exploiting it to gain access. The title of the article is therefore misleading. Phishing is not the same thing. I believe that phishing is when someone cons you into handing over sensitive information.

This incident should serve as a reminder of the fact that one should never send sensitive information like login credentials or credit card information over email. No service provider should ask you to send that kind of information by email. For example, if your bank wants to check with you about possible fraudulent activity, they would call and ask you call them back. As an another example, if there's something going on with your email account, the service provider should give you a link where you can verify that the link is real.
 
Comment

Iconoclysm

macrumors 68030
May 13, 2010
2,528
1,772
Washington, DC
I totally agree, Apple has made some few bad decisions recently, but this is not one of them, iCloud wasn't hacked! they publically said that and they can lie about something like that
Edit: I just read the article, don't believe none of this! remember PirateBay is dead, some of this celebrities are responsible like Jennifer Lawrence, doing business under the curtain with powerful agencies

Piratebay is illegal, don't need celebrities for that.
 
  • Like
Reactions: mw360
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.