In what Jennifer Lawrence, and the other victims of the so-called “Fappening”, will see as a victory, one of the hackers responsible has received an eight-month prison term for his part in the hack. In 2014 George Garofano, 26-years-old, of North Branford in Connecticut, covertly gained access to approximately 240 private iCloud accounts, many of which belonged to celebrities as well as other individuals. The access was gained in a period spanning from 2013 to 2014 and access was gained via an email phishing campaign. Garofano used the access gained to steal private images and video from the accounts and disseminate the material on the internet. One of the reasons for the uproar was that many of the images disseminated showed the victims nude.
Garofano, who is currently released on a $50,000 bond, was ordered to report to prison on October 10. Added to this he will also serve a three year supervised release once his prison term is complete. Garafano was one of four people charged in the 2014 hacking scandal and was the last to be prosecuted. Prosecutors argued for a sentence of 10 to 16 months in prison, in line with federal guidelines. Garofano asked for leniency, requesting no more than five months in prison and another five months of home confinement on the basis that he believed he had already suffered serious consequences and had apparently behaved in an appropriate manner since he was charged.
Prosecutors argued that,
“Mr. Garofano’s offense was a serious one. He illegally hacked into his victims’ online accounts, invaded their privacy, and stole their personal information, including private and intimate photos. He did not engage in this conduct on just one occasion. He engaged in this conduct 240 times over the course of 18 months. Not only did Mr. Garofano keep for himself the photographs he stole, he disseminated them to other individuals. He may have also sold them to others to earn ‘extra income’.”
Prosecutor’s further argued that Garofano acted in complete disregard for the impact his actions would have on his victims. While the prosecution, as would be expected, argued for a stiffer sentence, Garofano’s defense attorney argued the court should be lenient as, “There is nothing to suggest that he would ever engage in this or any other criminal conduct in the future.”
What of the other three hackers?
As was mentioned above Garofano was the last of the four charged to be prosecuted. The other three hackers all served were given prison terms of between nine and eighteen months. One of the charged hackers, Ryan Collins, a 36-year-old from Lancaster, Pennsylvania, pleaded guilty to federal hacking charges and admitted to a two-year phishing scam to gain passwords of more than 100 people, including Jennifer Lawrence, Aubrey Plaza, Rihanna, and Avril Lavigne. In essence, Collin’s tricked celebrities into handing him their usernames and passwords by sending his targets fake emails that appeared to be from Apple and Google. He then stole personal information, including nude photos, from his targets, most of whom work in the entertainment industry. Collin’s was initially charged in Los Angeles but the case was transferred closer to his home in Pennsylvania, where a judge sentenced him on Wednesday. He had faced up to five years in jail and a 250,000 USD fine. During his sentencing, the Judge sentenced him to 18 months in a federal prison.
In January 2017, another of the hackers was sentenced. This time Edward Majerczyk, a 29-year-old, of Chicago was sentenced to 9 months in prison. Further, he was ordered 5,700 USD in restitution damages to the victims. The damages were said to include counseling services for one undisclosed celebrity victim whose photos were disseminated online. According to his plea deal, Majerczyk sent emails to his victims that appeared to have come from internet service providers seeking usernames and passwords. Majerczyk illegally accessed the accounts of those people who provided that information. Towards the end of 2017 and beginning of 2018 32-year-old Emilio Herrera, also of Chicago, was sentenced to 16 months in prison.
iCloud Hacking a Common Occurrence
While the hacking and subsequent publishing online of nude pictures stole international headlines the hacking of private iCloud accounts is not a rare occurrence. In 2016 CSO reported that up to 40 million iCloud accounts were targeted by Russian hackers as part of a ransom scheme that shut down Apple devices if payment was not delivered. While that many were targeted no one is sure exactly how many were breached given that many of those affected would choose not to report the crime.
Hackers who have gained access to a private account can, as we have seen, steal private and potentially embarrassing files or demand a ransom not to leak the potentially damaging files. This is often done by exploiting the “find my iPhone” feature to lock a victim out of their device. What is more, if the hacker cannot find any material that may be considered blackmail worthy they could threaten to wipe all the data unless the ransom is paid.
That been said Tripwire has provided some helpful measures to help protect your accounts. These include:
- Having a strong password and security questions
- Setting up two-factor authentication is a must
- Do not reuse the same password for multiple sites and accounts
- Make sure you back up data often
At first read, these measures may seem trivial or a pain, however, they are not onerous and could prevent prying eyes stealing information or attempting to blackmail you and your family.