nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Second celebgate hacker pleads guilty to phishing

Phisherman's friend

By John Leyden, 5 Jul 2016

A second US man has pleaded guilty to stealing intimate pictures of celebrities using a phishing scam.

Edward Majerczyk, 28, who resides in Chicago and Orland Park, Illinois, was charged with hacking into the Apple iCloud and Gmail accounts of more than 300 people, including Hollywood celebrities. In a plea bargaining deal, Majerczyk agreed to plead guilty to one count of unauthorised access to a protected computer (i.e. computer hacking) contrary to the US Computer Fraud and Abuse Act.

In return for copping a plea, Majerczyk, can expect a lighter sentence that he might otherwise have received if he’d been found guilty at trial. Nonetheless Majerczyk still faces a maximum sentence of up to five years in federal prison.

“Hacking of online accounts to steal personal information is not merely an intrusion of an individual’s privacy but is a serious violation of federal law,” said United States Attorney Eileen M Decker. “Defendant’s conduct was a profound intrusion into the privacy of his victims and created vulnerabilities at multiple online service providers.”

Majerczyk admitted to running a phishing scheme to obtain usernames and passwords for his victims between November 2013 and August 2014. These phishing emails posed as a message from the security team of the intended mark’s service provider. Prospective marks were directed towards handing over their login credentials at a bogus site controlled by Majerczyk.

Compromised credentials were used to harvest personal information including sensitive and private photographs and videos, according to a DoJ statement of his plea bargaining agreement.

The charge against Majerczyk stems from the investigation into the leaks of photographs of numerous female celebrities in September 2014 known as “Celebgate”. Nudes pictures of more than 100 celebrities, including Oscar-winning actress Jennifer Lawrence, were leaked during through notorious image board 4Chan back in September 2014. At the time, an iCloud security breach was blamed but now we know that phishing was also in play.

Investigators failed to uncover any evidence linking Majerczyk to the actual leaks. FBI investigators who investigated the case reckon Majerczyk accessed at least 300 accounts, and at least 30 accounts belonging to celebrities.

Majerczyk is at least the second hacker to be prosecuted over Celebgate.

Ryan Collins, from Lancaster in Pennsylvania, previously admitted he had illegally accessed and downloaded images from 50 iCloud accounts and 72 Gmail accounts. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing