The now-infamous celebrity nude photo leak of September 2014 was the unfortunate product of a fairly simple hacking technique, court filings have shown.
Pennsylvania man Ryan Collins, 36, is the first person to be charged for the hack, which saw nude photos of celebrities like Jennifer Lawrence and Kate Upton widely circulated online.
According to court documents, Mr Collins conducted a phishing scheme between November 2012 and September 2014, gaining access to the passwords of at least 72 Gmail accounts and 50 iCloud accounts.
To do so, Mr Collins created fake email accounts posing as Apple and Google to get the celebrities involved to unknowingly hand over their email addresses and passwords.
Once Mr Collins had access to these accounts he was able to locate personal photos and, in some cases, download entire back-ups from the iCloud.
At the time of leak, there was speculation the iCloud itself had been hacked, allegations Apple vehemently denied. Based on Mr Collins’ method for accessing the images, Apple appears to have been correct in its appraisal.
Charged in California with violating the Computer Fraud and Abuse Act, Mr Collins has agreed to plead guilty to one count of unauthorised access to a computer to obtain information. He faces up to five years in prison.
“We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information,” David Bowdich, Assistant Director in Charge of the FBI’s Los Angeles office, said in a statement.
Australian Federal Police hit with scam email
Turns out J-Law and her peers aren’t the only ones at risk of classic email scams – even law enforcers are susceptible.
On Wednesday, the Australian Federal Police was forced to issue a statement regarding a scam email claiming to be from the AFP serving a subpoena on its recipients.
“There are several links in the email which may be malicious. Don’t click on the links – Delete the email from your inbox and deleted items folder immediately,” the AFP said in a statement.
“Remember, the AFP does not issue subpoenas via email.”
Australia Post ransomware
Another scam email that has recently besieged Australian inboxes poses as an official Australia Post email.
Recipients of the email are told they have a package waiting for them at a local Australia Post outlet.
They are then instructed to download and print attached shipping information, which in turn downloads ransomware known as ‘Locky’.
According to consumer advocate CHOICE, “once the ransomware is downloaded, users are prevented from accessing their files until a ransom fee has been paid”.