FacebookTwitterLinkedIn

Hacker receives 8 Month Prison Term for “The Fappening”

Karolis Liucveikis Written by on

In what Jennifer Lawrence, and the other victims of the so-called “Fappening”, will see as a victory, one of the hackers responsible has received an eight-month prison term for his part in the hack. In 2014 George Garofano, 26-years-old, of North Branford in Connecticut, covertly gained access to approximately 240 private iCloud accounts, many of which belonged to celebrities as well as other individuals. The access was gained in a period spanning from 2013 to 2014 and access was gained via an email phishing campaign. Garofano used the access gained to steal private images and video from the accounts and disseminate the material on the internet. One of the reasons for the uproar was that many of the images disseminated showed the victims nude.

Garofano, who is currently released on a $50,000 bond, was ordered to report to prison on October 10. Added to this he will also serve a three year supervised release once his prison term is complete. Garafano was one of four people charged in the 2014 hacking scandal and was the last to be prosecuted. Prosecutors argued for a sentence of 10 to 16 months in prison, in line with federal guidelines. Garofano asked for leniency, requesting no more than five months in prison and another five months of home confinement on the basis that he believed he had already suffered serious consequences and had apparently behaved in an appropriate manner since he was charged.

Prosecutors argued that,

“Mr. Garofano’s offense was a serious one. He illegally hacked into his victims’ online accounts, invaded their privacy, and stole their personal information, including private and intimate photos. He did not engage in this conduct on just one occasion. He engaged in this conduct 240 times over the course of 18 months. Not only did Mr. Garofano keep for himself the photographs he stole, he disseminated them to other individuals. He may have also sold them to others to earn ‘extra income’.”

Prosecutor’s further argued that Garofano acted in complete disregard for the impact his actions would have on his victims. While the prosecution, as would be expected, argued for a stiffer sentence, Garofano’s defense attorney argued the court should be lenient as, “There is nothing to suggest that he would ever engage in this or any other criminal conduct in the future.”

What of the other three hackers?

As was mentioned above Garofano was the last of the four charged to be prosecuted. The other three hackers all served were given prison terms of between nine and eighteen months. One of the charged hackers, Ryan Collins, a 36-year-old from Lancaster, Pennsylvania, pleaded guilty to federal hacking charges and admitted to a two-year phishing scam to gain passwords of more than 100 people, including Jennifer Lawrence, Aubrey Plaza, Rihanna, and Avril Lavigne. In essence, Collin’s tricked celebrities into handing him their usernames and passwords by sending his targets fake emails that appeared to be from Apple and Google. He then stole personal information, including nude photos, from his targets, most of whom work in the entertainment industry. Collin’s was initially charged in Los Angeles but the case was transferred closer to his home in Pennsylvania, where a judge sentenced him on Wednesday. He had faced up to five years in jail and a 250,000 USD fine. During his sentencing, the Judge sentenced him to 18 months in a federal prison.

the fappening hacker jailed

In January 2017, another of the hackers was sentenced. This time Edward Majerczyk, a 29-year-old, of Chicago was sentenced to 9 months in prison. Further, he was ordered 5,700 USD in restitution damages to the victims. The damages were said to include counseling services for one undisclosed celebrity victim whose photos were disseminated online. According to his plea deal, Majerczyk sent emails to his victims that appeared to have come from internet service providers seeking usernames and passwords. Majerczyk illegally accessed the accounts of those people who provided that information. Towards the end of 2017 and beginning of 2018 32-year-old Emilio Herrera, also of Chicago, was sentenced to 16 months in prison.

iCloud Hacking a Common Occurrence

While the hacking and subsequent publishing online of nude pictures stole international headlines the hacking of private iCloud accounts is not a rare occurrence. In 2016 CSO reported that up to 40 million iCloud accounts were targeted by Russian hackers as part of a ransom scheme that shut down Apple devices if payment was not delivered. While that many were targeted no one is sure exactly how many were breached given that many of those affected would choose not to report the crime.

Hackers who have gained access to a private account can, as we have seen, steal private and potentially embarrassing files or demand a ransom not to leak the potentially damaging files. This is often done by exploiting the “find my iPhone” feature to lock a victim out of their device. What is more, if the hacker cannot find any material that may be considered blackmail worthy they could threaten to wipe all the data unless the ransom is paid.

That been said Tripwire has provided some helpful measures to help protect your accounts. These include:

  • Having a strong password and security questions
  • Setting up two-factor authentication is a must
  • Do not reuse the same password for multiple sites and accounts
  • Make sure you back up data often

At first read, these measures may seem trivial or a pain, however, they are not onerous and could prevent prying eyes stealing information or attempting to blackmail you and your family.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal

Top Removal Guides
Latest News
Blog