Tech

'Celebgate' iCloud hacker pleads guilty to explicit photo theft

The cyberattacker who accessed iCloud and Gmail accounts belonging to celebrities has admitted to the crime.

Written by Charlie Osborne, Contributing Writer March 16, 2016 at 4:25 a.m. PT

The cyberattacker behind the infamous "Celebgate" scandal which resulted in explicit photos and videos belonging to celebrities being leaked online has pleaded guilty in court.

Ryan Collins, a 36-year-old from Pennsylvania, admitted to prosecutors in a Los Angeles courtroom that he was guilty of hacking into both iCloud and Gmail accounts belonging to well-known household names and celebrities.

Collins was accused of conducting a phishing scheme in order to dupe his targets into handing over their credentials. The phishing campaign, which involved fraudulent emails being sent to over 100 victims, were reportedly crafted to appear from Apple and Google employees.

Security

The cyberattacker posed as staff members from these companies and requested their login details. Once armed with this information, Collins then accessed at least 50 accounts belonging to the iCloud storage service and 72 Gmail email accounts between November 2012 and September 2014.

Once he gained entry, Collins then scanned the accounts for interesting content and stole explicit and nude photos and videos. A cache of images later appeared online, exposing celebrities including Jennifer Lawrence and Kate Upton. However, Collins has not been charged with uploading the content for the titillation of the Internet.

As reported by the BBC, the court filings read:

"[The] defendant used numerous fraudulent email addresses designed to look like legitimate security accounts from various internet service providers, including, for example, email.protection318@icloud.com, noreply_helpdesk0118@outlook.com and secure.helpdesk0119@gmail.com."

The cyberattacker could face up to five years in prison for his crimes.

Cybersecurity expert Mike Zozaya weighed in on the case, telling CBS Local that "Celebgate" should teach us all an important lesson.

"It always comes down to the user and you being smart with your information and data," Zozaya said.

"If you are encrypting information that's on your own personal drive and it requires either a password from you but also maybe a token or a key of some sort, if someone else gets access to that data, it's useless to them because it is completely encrypted."

In other words, be more careful. If you do take sensitive and personal images and video, that content could end up online -- whether you are a celebrity or victim of revenge porn (.PDF). It's probably best to keep anything you wouldn't want your grandmother to see offline, but if you insist, you run the risk of consequences later -- and so taking responsibility for your personal security should be a priority.