Third Man Pleads Guilty to 'Celebgate' iCloud Attacks

A third man has pleaded guilty to charges relating to the 2014 'Celebgate' iCloud attacks in which explicit private photos of around 100 celebrities were stolen and leaked online.

Emilio Herrera, 32, of Chicago, admitted violating the Computer Fraud and Abuse Act by launching phishing attacks to access 550 Gmail and iCloud accounts, 40 of which belonged to male and female celebrities, according to Variety.

From April 2013 to August 2014, Herrera reportedly sent phishing emails spoofed to appear as if sent from official Apple, Gmail, Hotmail and other providers.

Once harvested, he’d use the log-ins to access his victims’ accounts, also employing software from Russian company Elcomsoft to download iCloud photos and videos at high speed in case log-ins were changed.

The plea entered by Herrera apparently maintains that he intended to keep the content himself, with no evidence to suggest he disseminated the material to the wider internet.

The two other men charged and jailed for similar crimes are said to have used the same phishing techniques to obtain the photos.

Pennsylvania man Ryan Collins was given 18 months behind bars after pleading guilty in March 2016 to hacking 50 iCloud accounts and 72 Gmail accounts, while Edward Majerczyk of Chicago was handed down just nine months despite breaking into the accounts of more than 300 people.

It should be added that not only celebrities were targeted by these attacks. Herrera, for example, reportedly accessed a neighbor’s Gmail account 495 times.

Law enforcers have yet to catch the perp who disseminated the hacked material to the internet.

The material first appeared at the end of August 2014 when a trove known as “the fappening” appeared online. 

Phishing has become an increasingly popular tactic not just to target consumers but also corporate users, as the first stage in covert info-stealing raids.

Verizon claimed in its most recent Data Breach Investigations Report that the tactic played a part in 21% of breach-related attacks in 2016, up from only 8% the year previous.  

What’s Hot on Infosecurity Magazine?