Man who hacked celebrity email accounts sentenced to prison
Christopher Chaney accessed email accounts of Scarlett Johansson, Mila Kunis, more than 40 others
Computerworld - A man who admitted to illegally accessing email accounts belonging to more than four dozen celebrities to steal their private photos and confidential documents was sentenced to 10 years in federal prison by a U.S. District Court judge in Los Angeles on Monday.
Christopher Chaney, 36, of Jacksonville, Fla. was also ordered to pay a fine of more than $66,000 as restitution for his crimes.
Chaney was arrested in November 2011 and has been in custody since March, when he pleaded guilty to nine felony counts, including unauthorized access to computers and wiretapping. He faced a maximum of more than 120 years in prison.
According to the U.S. Attorney's office in Los Angeles, Chaney gained access to the email accounts of Mika Kunis, Scarlett Johansson, Renee Olstead and dozens of other celebrities by resetting their passwords using the "forgot your password" feature. Chaney apparently used publicly available information on the celebrities to correctly answer the security questions needed to reset the passwords on the Gmail, Apple and Yahoo email accounts they used.
Once he gained access, Chaney looked through the contact lists for more victims. He also changed the account settings on each email account he accessed so he would have a duplicate copy of all incoming mail forwarded to his own email account. That allowed him to receive email meant for the celebrities -- even after they regained control of their accounts.
Chaney collected numerous private photographs, business contracts, letters, scripts, driver's license information and Social Security Numbers. In several instances, he sent emails from the compromised accounts asking for more photographs, the FBI said in a statement.
Many of the photos were then forwarded to gossip sites. Nude pictures of Johansson and photos of other celebrities were later published online by some sites.
Email account hijackings are not uncommon. In 2008, Tennessee college student David Kernell broke into an email account belonging to Alaska Gov. Sarah Palin by resetting her password after guessing the answers to her security questions. He then took screen shots of the contents of several Palin emails and posted the images online. At the time, Palin was the GOP's vice presidential nominee.
As with Chaney, Kernell also used publicly available information about Palin to guess the correct answers to the questions. Kernell was sentenced to a year in prison.
Earlier this year, a hacker claimed that he had gained access to presidential contender Mitt Romney's email account using exactly the same tactic.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts