/article-new/2014/05/icloud_icon_blue.jpg?lossy){kind=icon}
Ryan Collins, the 36-year-old Pennsylvania man behind the hacking of celebrity iCloud accounts in 2014, has signed a plea agreement and agreed to plead guilty to a violation of the Computer Fraud and Abuse Act, the Department of Justice announced (via Gawker).
Collins spent two years (November 2012 to September 2014) engaged in a phishing scheme to obtain the usernames and passwords of his victims, according to the "factual basis of the plea agreement." He sent his victims emails that appeared to be from Apple and Google, asking them to provide their usernames and passwords.
Once Collins obtained the data, he used them to illegally access accounts and extracted private information, which included nude photographs and videos. He also used a software program to download some of the victims' iCloud backups. While Collins obtained the private photos and videos, investigators have not been able to find any evidence that he leaked, shared or uploaded them to the Internet.
“By illegally accessing intimate details of his victims' personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity,” said David Bowdich, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information.”
Collins has been charged in Los Angeles, but the case will be transferred to Harrisburg, Pennsylvania so that he can enter his guilty plea. He will face a statutory maximum sentence of five years in federal prison, but the parties have agreed to recommend a prison term of 18 months. The DoJ stresses that the recommendation is not binding to the sentencing judge.
Shortly after the breach occurred in September 2014, Apple conducted an investigation that revealed the accounts were compromised by weak passwords. The company then made several changes, adding email alerts when iCloud accounts are accessed on the web, app-specific passwords for third-party apps accessing iCloud and enabling two-factor authorization on iCloud.com.
Top Rated Comments
(View all)Media headlines that will be remembered forever: APPLE'S SYSTEM WAS HACKED!!!!
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues ('https://forums.macrumors.com/forums/politics-religion-social-issues.47/') forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Nope they we're not! have you ever seen Amateur photos? are all porn!, JLaw's was just erotic nude photos that many others actress already done it in movies, the other photos of her were fake and was someone else. $$$$ JLaw! she one of main reason why PirateBay went down a month later
W..T...F....?Why people are supporting her is beyond me! The whole thing was just to promote herself, if you don't agree with me than please explain how there's isn't one porn photo of her from 100 photos?
Jennifer Lawrence needed to 'promote' herself? She chose 4chan as a place do do it? It's 'suspicious' she didn't have any porn pictures in her account? Suspicious? Amateur's photos are all porn? You have a really messed up view of what women should be doing with their time. 'She was asking for it,' is not a great way to justify your invasion of her privacy.
Collins spent two years (November 2012 to September 2014) engaged in a phishing scheme to obtain the usernames and passwords of his victims
So in other words it had nothing to do with iCloud security as the perennial Apple bashers love to go on about but stupid people doing stupid things. Maybe in future before people jump into bashing Apple that such individuals realise that the weakest link is the end user himself/herself rather than it necessarily being the result of lax security on the part of the service provider.