Second Man Behind Phishing of Celebrity iCloud Accounts Pleads Guilty

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Jul 4, 2016.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Edward Majerczyk, a 28-year-old Chicago man who played a role in the phishing of celebrity iCloud accounts in 2014, has signed a plea agreement and agreed to plead guilty to a violation of the Computer Fraud and Abuse Act, according to court documents made public on Friday.

    Majerczyk was charged in a Los Angeles, California district court, but will enter his guilty plea in the Northern District of Illinois. He faces a statutory maximum sentence of five years in prison. Ryan Collins, a 36-year-old Pennsylvania man who was also involved in the iCloud attack known as "Celebgate," likewise entered into a plea agreement in March with a recommended sentence of 18 months in prison.

    Between November 2013 and September 2014, Majerczyk and Collins engaged in a phishing scheme to obtain the iCloud and Gmail usernames and passwords of over 300 victims, including female celebrities, according to court documents. The perpetrators sent their victims emails that appeared to be from Apple and Google, asking them to provide their usernames and passwords.

    Majerczyk and Collins used the credentials to illegally access accounts and extract private information, which included nude photographs and videos. In September 2014, hundreds of nude photos of celebrities were then leaked on online image board 4chan before spreading to multiple internet sites, but investigators have not yet been able to find any evidence that either of the men were directly behind the leak.

    Shortly after the breach occurred, Apple conducted an investigation that revealed the accounts were compromised by weak passwords -- a Find My iPhone flaw may have also played a role. Apple then strengthened security by adding email alerts when iCloud accounts are accessed on the web, allowing app-specific passwords for third-party apps accessing iCloud, and enabling two-factor authentication on iCloud.com.

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: Second Man Behind Phishing of Celebrity iCloud Accounts Pleads Guilty
     
  2. HowEver macrumors 6502a

    HowEver

    Joined:
    May 10, 2005
    Location:
    Toronto
    #2
    The accounts were not "hacked." They were either phished or they guessed at their secondary information and got access. Not an "iCloud hack" at all. Update the headline.
     
  3. thekeyring macrumors 68040

    Joined:
    Jan 5, 2012
    Location:
    London
    #3
    They weren't hacked... 9to5Mac reported this correctly.
     
  4. vertsix macrumors 65816

    vertsix

    Joined:
    Aug 12, 2015
    #4
    "Hacked".

    Clickbaity title yet again from MacRumors. Lovely.
     
  5. LordQ macrumors 68040

    LordQ

    Joined:
    Sep 22, 2012
    #5
    Fixed the scandal name for you.
     
  6. dannyyankou macrumors 603

    dannyyankou

    Joined:
    Mar 2, 2012
    #6
    Don't click on emails claiming to be from Apple to reset your password.
     
  7. Oblivious.Robot macrumors 6502a

    Oblivious.Robot

    Joined:
    Sep 15, 2014
    #7
    As bad as that was, I do feel the silver lining was that we got a beefed up security update to iCloud.
     
  8. Tech198 macrumors G4

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #8
    so did MR :) one lead just follows another here.

    Too many instants of services getting "hacked" with weak passwords.. I would understand a "hack" only that would relate if these accounts had strong passwords only, but not weak. I guess most of it it centered around Find my iPhone issue?

    Don't click on HTML links in email period...

    Instead use "Plain text" to view... While it looks ugly, as least u can see everything for how it is, not how it's not.
     
  9. Joe Rossignol Editor

    Joe Rossignol

    Staff Member

    Joined:
    May 12, 2012
    Location:
    Toronto
    #9
    Fair enough. Headline has been updated.
     
  10. thermodynamic Suspended

    thermodynamic

    Joined:
    May 3, 2009
    Location:
    USA
    #10
    Or other media sources that use the same baiting - which is just about all of them or is it stereotyping to suggest that?

    Most people know that. All do not. Why not? Are there better ways the message can get sent across? Like at a cash register or payment slip in big letters? /freeR&D
     
  11. dannyyankou macrumors 603

    dannyyankou

    Joined:
    Mar 2, 2012
    #11
    It does technically fit the definition of hacking though.
    It's just not Apple's fault.
     
  12. JonneyGee macrumors 6502

    JonneyGee

    Joined:
    Jun 8, 2011
    Location:
    Nashville, TN
    #12
    Definitely check URLs before you click any email link, especially related to passwords. Some services do use email to reset passwords, but it's not too hard to verify the legitimacy of such emails — check the URL, check the sender's email address, etc.
     
  13. EricTheHalfBee Suspended

    Joined:
    Mar 10, 2013
    #13
    Can't upvote this enough. When this first came out, that loser wannabe hacker uploaded his kiddie script to Github with the claim that it brute forced iCloud passwords. Everyone (well, not everyone - only the Apple haters/trolls who know nothing about security believed this guy) linked this fool and his tool to iCloud and claimed it was what hackers used to brute force iCloud.

    Then a bunch of security researchers and tech blogs downloaded this tool and ran it and promptly found out it didn't work. The guy responds by saying "well it used to work, Apple must have fixed it". And with that simple lie, suddenly people actually thought his script worked and that Apple actually issued a fix. Never mind that he couldn't provide any proof. He pulls off one of the biggest hacks ever, and doesn't even bother to document anything to prove it worked. We're supposed to just take his word.

    And to this day you still have a legion of idiots believing iCloud was hacked/brute forced when in reality it was just plain old phishing and password resets.
     
  14. maxsix Suspended

    maxsix

    Joined:
    Jun 28, 2015
    Location:
    Western Hemisphere
    #14
    You can thank the sensational liberal media for that. They'll write anything to grab attention. Facts are a nuisance in their world.
     
  15. LIVEFRMNYC macrumors 603

    Joined:
    Oct 27, 2009
    #15
    Well you can call it "people hacking".
     
  16. aaronvan Suspended

    aaronvan

    Joined:
    Dec 21, 2011
    Location:
    República Cascadia
    #16
    Of course they were hacked. I'm sure Lindsey Lohan and Taylor Swift double salt hash their passwords and enable two-factor authentication.
     
  17. ncbetz macrumors 6502

    ncbetz

    Joined:
    Jan 9, 2016
    Location:
    Texas, USA
    #17
    Why does this matter?
     
  18. Tech198 macrumors G4

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #18
    so the definition is more fun than the article ? ok ,,duly noted.
     
  19. EricTheHalfBee Suspended

    Joined:
    Mar 10, 2013
    #19
    We can also thank them for mentioning iCloud at every turn while leaving out the fact that Gmail accounts were also phished (at least MR did point out that this individual was sentenced for both iCloud and Gmail accounts). But most people think this was an "iCloud ONLY" thing.
     
  20. SpiderDude macrumors regular

    SpiderDude

    Joined:
    Jan 29, 2008
    Location:
    Portugal, Europe
    #20
  21. dontwalkhand macrumors 601

    dontwalkhand

    Joined:
    Jul 5, 2007
    Location:
    Phoenix, AZ
    #21
    While I know some celebrities are tech savvy, I doubt Kim kardashian would know how to put her iPhone in plain text view and look at the html code to see if it's a legitimate email from Apple.

    Most of these celebs probably saw the email from Apple, and clicked it.
    --- Post Merged, Jul 4, 2016 ---
    Taylor Swift actually is pretty tech savvy, watching some documentaries.

    Lindsey Lohan on the other hand, her password was probably "puppies"! With no Touch ID setup on her phone! LOL!
     
  22. Zirel Suspended

    Zirel

    Joined:
    Jul 24, 2015
    #22
    Taylor Swift and Lindsay Lohan aren't, as far as I know, backend developers to salt the hash of their passwords.

    And double salting is just useless.
     
  23. macs4nw macrumors 601

    macs4nw

    #23
    Perhaps as opposed to "male celebrities", whose accounts were not phished? Juicing the story up a bit, granted.....
     
  24. Gasu E. macrumors 68040

    Gasu E.

    Joined:
    Mar 20, 2004
    Location:
    Not far from Boston, MA.
    #24

    Hollywood stars make a good target, because they are very busy, and get zillions of messages and emails. While exhibiting click discipline may seem trivial to us normal people, try imagining what it would be like if you were, quite literally, 10,000 times as popular as you are now.
     
  25. fourthtunz macrumors 6502a

    fourthtunz

    Joined:
    Jul 23, 2002
    Location:
    Maine
    #25
    wow 5 years in prison for this?
    This country loves to throw people in prison!
    Lots of money in the prison system, too much tax money being spent!
     

Share This Page