Man who hacked celebrity email accounts sentenced to prison
Christopher Chaney accessed email accounts of Scarlett Johansson, Mila Kunis, more than 40 others
Computerworld - A man who admitted to illegally accessing email accounts belonging to more than four dozen celebrities to steal their private photos and confidential documents was sentenced to 10 years in federal prison by a U.S. District Court judge in Los Angeles on Monday.
Christopher Chaney, 36, of Jacksonville, Fla. was also ordered to pay a fine of more than $66,000 as restitution for his crimes.
Chaney was arrested in November 2011 and has been in custody since March, when he pleaded guilty to nine felony counts, including unauthorized access to computers and wiretapping. He faced a maximum of more than 120 years in prison.
According to the U.S. Attorney's office in Los Angeles, Chaney gained access to the email accounts of Mika Kunis, Scarlett Johansson, Renee Olstead and dozens of other celebrities by resetting their passwords using the "forgot your password" feature. Chaney apparently used publicly available information on the celebrities to correctly answer the security questions needed to reset the passwords on the Gmail, Apple and Yahoo email accounts they used.
Once he gained access, Chaney looked through the contact lists for more victims. He also changed the account settings on each email account he accessed so he would have a duplicate copy of all incoming mail forwarded to his own email account. That allowed him to receive email meant for the celebrities -- even after they regained control of their accounts.
Chaney collected numerous private photographs, business contracts, letters, scripts, driver's license information and Social Security Numbers. In several instances, he sent emails from the compromised accounts asking for more photographs, the FBI said in a statement.
Many of the photos were then forwarded to gossip sites. Nude pictures of Johansson and photos of other celebrities were later published online by some sites.
Email account hijackings are not uncommon. In 2008, Tennessee college student David Kernell broke into an email account belonging to Alaska Gov. Sarah Palin by resetting her password after guessing the answers to her security questions. He then took screen shots of the contents of several Palin emails and posted the images online. At the time, Palin was the GOP's vice presidential nominee.
As with Chaney, Kernell also used publicly available information about Palin to guess the correct answers to the questions. Kernell was sentenced to a year in prison.
Earlier this year, a hacker claimed that he had gained access to presidential contender Mitt Romney's email account using exactly the same tactic.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts