Hacker Behind Leaked Nude Celebrity Photos Gets 10 Years 346
wiredmikey writes "A U.S. judge sentenced a computer hacker to 10 years in prison on Monday for breaking into the email accounts of celebrities and stealing private photos. The hacker accessed the personal email accounts and devices of stars including Scarlett Johansson, Christina Aguilera and Renee Olstead, among dozens of other people he hacked. The hackers arrest in October 2011 stemmed from an 11-month investigation into the hacking of over 50 entertainment industry names, many of them young female stars. Hacked pictures of Johansson showed her in a state of undress in a domestic setting. Aguilera's computer was hacked in December 2010, when racy photos of her also hit the Internet. Mila Kunis' cell phone was hacked in September that year with photos of her, including one in a bathtub, spread online. According to the FBI, the hacker used open-source, public information to try to guess a celebrity's email password, and then would breach the account."
Open Source information? (Score:5, Informative)
What is Open Source information? The OSI foundation doesn't seem to be doing a good job of enforcing the trademark of the term Open Source. I hear and see it used in many ways in which it should not be and the term has been grossly eroded in meaning over the past decade.
Re:Open Source information? (Score:5, Informative)
Pretty standard term.
http://en.wikipedia.org/wiki/Open-source_intelligence
Re: (Score:3)
One thing I can't seem to wrap my head around is how did he figure out passwords from the public domain? So say I'm known by syn, but I set my password to syn24, OSI has nothin
Re:Open Source information? (Score:5, Informative)
Trademarks are domain-specific, like how actual windows can still be called windows and Microsoft can't sue over Windows. The use of the term "open source" for intelligence information (OSINT) is as old as dirt and is used to differentiate between sources such as news papers/party organs/etc and information attained through clandestine means, either human intelligence (HUMINT) or signals intelligence (SIGINT). Nothing to get upset about. It's not like the article said he used "the well known, open-source hacker tool Linux..."
Re: (Score:3)
Ok, thanks for the explanation and wasn't aware that the term open source information had such a long history. Still, the term open source gets used in ways that it probably shouldn't be in relation to software.
Re: (Score:3)
I'm sure you'd still be in court for calling your new deodorant "Mountain Dew"
Re: (Score:2)
Yeah, there's a separate set of doctrines around "famous marks" [inta.org], which may have protection in all domains. So you can't call your new operating system Coca-Cola OS unless it's actually approved/licensed by Coke, despite that company not currently having any interest in the OS market.
Re: (Score:2)
It's open-source, not Open Source.
Which is a good argument to capitalize it if you want to own a piece of that phase.
Re:Open Source information? (Score:5, Informative)
Davis W. Moore, "Open Sources on Soviet Military Affairs," Studies in Intelligence (Summer 1963-declassified article)
Herman L. Croom, "The Exploitation of Foreign Open Sources," Studies in Intelligence (Summer 1969-declassified article)
So, the term as applied goes back at least to the 60s. It has just become more common in the last 10-15 years or so.
Re: (Score:2)
There is occasional usage from the '60s, yes, but as a common term it seems to be mainly based on "open source" becoming a common cultural thing in the tech world in the '90s. At least, that seems to be the case in public sources [google.com] (or should I say, "open" sources?) using the term, where widespread usage dates to around 1995.
Re:Open Source information? (Score:5, Interesting)
What is Open Source information? The OSI foundation doesn't seem to be doing a good job of enforcing the trademark of the term Open Source
"Open source" simply means something that was openly published and available to the public. The term has been in use for at least a century. The OSI foundation has no trademark on the term.
That fact that this guy got the info from open sources doesn't make it okay. If I find your key under your doormat, that was stupid of you, but it doesn't make it okay for me to rob you. This jerk got what he deserves.
Re:What is Open Source information? (Score:2)
Re: (Score:2)
It means public information, don't pretend you didn't know.
I didn't, because I've only heard it refered to as public information before. I've heard the term sources refering to where you get your sources from, but not open-source information. It turns out Bruce Perens acknowledged this special use of the term open source in the intelligence community when he announced open source software: http://www.catb.org/~esr/open-source.html [catb.org]
The intelligence community probably hates it when this happens. *rolls eyes*
Re:Open Source information? (Score:5, Interesting)
They didnt. they define "Open Source". Caps have a purpose, you know.
There are a handful of case-sensitive words [wikipedia.org] in English. "Open Source" isn't one of them.
Really? (Score:5, Funny)
Pics or it didn't happen.
Re: (Score:2)
If there ever was a story where the pictures are worth more than any amount of words, this would be it. I'd go as far as to say that this would otherwise be a non-story if there are no pictures.
for bonus LULZ... (Score:3)
Re: (Score:2)
I thought those pic were leaked on purpose by the VIP public relations, to keep the names floating around in the media.
But maybe this is part of the game :)
PIC HERE (Score:2)
617 [xkcd.com], frame 2.
That's because no one wants to see (Score:3, Funny)
Re:Really? (Score:5, Insightful)
I don't have a problem with the jokes. And honestly while I don't agree with the illegal methods of obtaining the data that the hacker used, I also do not consider his data breach any worse than any other random data breach. Fact is, those who take naked pictures of themselves or allow naked pictures to be taken of them must accept that it's possible that others will see them. That held true for the girl who sent cheesecake-style pinup photos of herself to her soldier-boyfriend who would probably show the picture to his buddies, held true for the Polaroid revolution, held true for the 8mm camera era, held true for the videotape era, and holds true for the digital camera era.
Simply, if one doesn't want naked pictures of one's self to be seen, one should not take or allow taken, naked pictures of one's self. Literally that's it. Don't do it if you don't want them seen. The only reason for a picture to exist is for it to be seen, and the large number of prurient people in this world will be happy to look. If one never takes or allows these kinds of pictures to be taken then there will never be a chance of them being shared, leaked, or stolen.
You've never been around women gossiping that don't know that a man can hear them, have you?
Re:Really? (Score:5, Insightful)
"Why would you protest the Patriot Act or warrantless wiretapping? If you've done nothing wrong, then you have nothing to fear, citizen!" Or, for that matter... "Why would you protest Facebook & Instagram's use of your photos in any way they deem financially useful? Its your own fault if you don't keep the photos under strict lock and key in an electromagnetically-shielded, hermetically sealed lockbox!"
Say what you really mean:
"But I liked seeing Scarlett Johannson's boobies, and don't think anybody should be punished for having helped me achieve that dream!"
Re: (Score:3)
If they didn't want these pictures out there then they shouldn't have had them taken. They shouldn't have kept them in an electronic form or on any item connected to the internet. It is their own fault.
You probably believe its the women's fault when she is raped?
If I take a private picture of me or my girlfriend. I expect it to remain private. Period. It might be a different matter if I let someone else (such as a professional photographer) take pictures. But if I take pictures, and leave them on my phone, or personal computer. I have every right to expect them to remain private. Even if I am a public figure.Claiming it is their fault that they let these even exist is moronic. Thats almost like saying "
Re: (Score:3)
this was time used to find someone who was breaking into other peoples account and services. So, money well spent.
time spent investigating this is time not spent investigating other things.
when's the last time you've had to interact with the police concerning a crime against you? for pretty much everything, they take your name and do nothing. there's no investigation at all. but they spend 11 month tracking down this guy? let christina aguilera hire a private investigator.
Wake up call (Score:4, Insightful)
Further proof celebs are fucking dumb. This guy wasn't a "real hacker".
I don't know what is more disgusting, celebrities themselves, or psycho brand of psychonphants they attract.
Re: (Score:3, Insightful)
I agree - is it still considered a "hack" when all the attacker did was guess the password from common (public domain) knowledge??
I don't think it changes the degree of wrong in his actions - but in this light we shouldn't revel in the miraculous technical innovations used to snipe some celeb p0Rn.
Re:Wake up call (Score:5, Funny)
is it still considered a "hack" when all the attacker did was guess the password from common (public domain) knowledge??
Yes, much like a golf cart is still considered a vehicle.
Re: (Score:2)
Yes.
It's still breaking and entering even if the door is wide open.
Re:Wake up call (Score:4, Insightful)
Yes but.... if he broke into her home, stole physical photos, and released them.... most people would easily consider it as much, if not more, of a violation.... but would he ever face nearly the jail time for that as he did for this? I doubt it strongly.
Now, that isn't condoning what he did, clearly he was wrong, hell, I even called into question whether that FBI dad who tracked down the pedophile principal had overstepped ethical bounds by reading the reports in the first place. However, the punishment, if there is to be one, should not be out of proportion with the crime....
This puts him away not just longer than someone who commited a nearly identical crime by different means, it puts him away longer than many violent criminals who actually physically harmed people.
Hell, he will likely do more time than Whitey.
Re:Wake up call (Score:5, Insightful)
Yes but.... if he broke into her home, stole physical photos, and released them.... most people would easily consider it as much, if not more, of a violation.... but would he ever face nearly the jail time for that as he did for this? I doubt it strongly.
10 years is a fucking joke. Bankers destroyed the world economy and no one, except Iceland, charged any of them. There is no justice.
Re: (Score:2)
Well, he'll be going to a real prison with real criminals -- Slashdot's whinging about what is a hacker, a cracker, or a script kiddie is irrelevant.
He's hardly a criminal mastermind, but what he did was still illegal.
Comment removed (Score:5, Interesting)
Re:Wake up call (Score:5, Insightful)
As illegal as breaking and entering into someone's home and stealing photos from a bedroom safe
I don't think it's as illegal as that. If someone breaks into your home and goes into your bedroom, that's scary not just because they stole your photos or money, but they could have easily run into someone and had to decide -- do I attack this person, do I turn this burglary into a rape, do I leave witnesses, etc.
I just looked up common sentences for burglary, and found an article that discusses burglary laws in New York (http://criminal.findlaw.com/criminal-charges/burglary-penalties-and-sentencing.html ). As I suspected, the main differences between degrees of burglary are whether it was a dwelling where someone lives and whether a weapon was involved. Both combined is first degree. One or the other is second degree. Neither (breaking into a store for instance) is third degree with a maximum sentence of 7 years. Hacking a phone should be the LEAST serious of any of those, really a fourth degree.
The reality is that hacking isn't that bad.
Re:Wake up call (Score:5, Informative)
You are correct. The article states that he could have gotten 121 years if he'd been convicted on all 26 counts he was indited for. Real world third degree burglary adds up too when you've broken into a couple dozen stores. If the information in the article is correct, it looks like the average maximum sentence for each indictment is around 4.5 years, so 2.5 years less than you say for third degree burglary. It's just that he did it lots and lots of times. Sounds like he got off pretty easy, about 3 months per count.
Re: (Score:3)
The reality is that hacking isn't that bad.
Hacking isn't bad. Malevolent hacking is bad. When I was growing up my grandmother, bless her saint-like soul, taught me about right and wrong. She used to take me and my sister for walks and point out the various caterpillars and other insects, show us how to tell time by the position of the sun, how to make butter, all that crap. On one walk we happened to see a beautiful custom '71 Camero with the key in the ignition, and no one else around. I said "Geeze g'ma, some one could just drive off with that bea
Comment removed (Score:5, Insightful)
Re: (Score:3)
Re: (Score:2)
Re: (Score:3, Informative)
Re: (Score:3)
Re:Wake up call (Score:4, Insightful)
Re:Wake up call (Score:4, Interesting)
I have a made-up narrative for an alter ego where I know all the answers to those questions (e.g., what's your mother's maiden name?) and I use those answers instead of the real ones. So you can do all the research you want on me, and you'll get wrong answers for those questions. But I'm weird that way... :-)
Re:Wake up call (Score:4, Insightful)
I admire your creativity, but for normal mortals:
Q: What's your mother's maiden name?
A: qU$%3HHr28k4
OK, that makes me somewhat dependant on LastPass, but that's a somewhat smaller risk than outlined in TFS.
Re: (Score:2)
Re:Wake up call (Score:5, Interesting)
Further proof celebs are fucking dumb. This guy wasn't a "real hacker".
On the contrary, guessing a password is a truly classic hack. What is more of a "real hack" from your perspective? Downloading and running a cracking script? To guess a person's password from information publicly available about them is a prime example of security-oriented thinking.
The best hacks are tailored precisely to the circumstances.
Re: (Score:2, Insightful)
"Illegal wiretapping gave Mr. Chaney access to every email sent to more than four dozen victims, and allowed him to view their most personal information," said US Attorney Andre Birotte Jr.
Gosh that sounds a lot like, "Illegal wiretapping gave the federal government access to every email sent to more than forty million victims, and allowed them to view their most personal information." Nobody went down for that one, though.
Re: (Score:2)
Further proof celebs are fucking dumb.
Oh for real Sherlock? You mean high-social-value individuals were fucking idiots for taking nudes and racy images of themselves when they know there are literally millions of people that want them... I think they should of given the guy a slap on the wrist as a warning against being a fucking moron.
how many years in prison (Score:5, Insightful)
did Rupert Murdoch and his son get?
Re: (Score:2)
It makes a bit of sense that if you pay the police to give you access to the accounts that you probably will not be arrested for it.
So yes, if Rupert Mudoch was sitting at his PC guessing, passwords instead of paying the police to, he could very well be in jail.
Don't put things online you want to keep private (Score:3, Interesting)
I'm not quite clear why anyone thinks that putting things online in any capacity is safe from prying eyes, particularly if they're a celebrity. I don't defend the actions of these "hackers" (pfft), but the photo owners should be smart enough to take some precautions or find someone that can help them do it.
Re: (Score:3)
Quit blaming the victim (Score:5, Insightful)
Stop blaming the victim. I've heard this so often, I'm finally going to snap. (Nothing personal.)
Make up your mind whether IT administration is easy or hard.
If it's easy, then the IT profession is perpetrating a massive scam and collecting fat paychecks for what is basically an easy job. I don't believe that, and I do not think you will find many people on Slashdot who support that position.
On the other hand, if IT is hard, then it's not fair to condemn non-professionals from being unable to do it. Rather than calling people "stupid" for not knowing things that we take for granted, we could actually try to promote public awareness and give people constructive advice.
Re: (Score:2)
Re: (Score:3)
10 years does not fit the crime (Score:5, Insightful)
Re: (Score:2)
he got additional years for being stupid. He should've known that in this society (and just about every society), crimes committed against the rich and famous are punished far more severely than crimes committed against the riffraff.
Even the gangbangers know this, they prey on lowly people in their own ghettos most of the time.
Re: (Score:3)
Re: (Score:2)
10 years is a ridiculous amount of time to be in prison for something like this. Child molesters and murderers get less time.
Child molesters and murders get less time because their sentences are reduced on appeal, they get time off for good behavior, or they are released early by parole boards or to reduce overcrowding. The same will happen to this guy. It is unlikely that he will be in the slammer for more than two or three years, and likely even less than that.
This is actually a good system, because the headlines show the initial (phoney) sentence, which has a deterrent value by scaring other potential perps, but we don't act
Re: (Score:3)
> This is actually a good system, because the headlines show the
> initial (phoney) sentence, which has a deterrent value by scaring
> other potential perps, but we don't actually incur the expense of
> imprisoning them for anywhere near that long.
Hmmm in theory anyway. In practice, there is evidence that harsh sentances do not actually translate into significant deterrance.
A much stronger effect is seen by increasing the percieved likelyhood of gettin caught.
An excellent book that talked of this w
Re: (Score:3)
Re: (Score:2)
121 years if he was found guilty of every count and sentenced to serve consecutively. chances are the sentence would be concurrently for all counts and it would be a lot less
Re: (Score:2)
U.S. almost never does concurrent sentences.
Re: (Score:2)
Re:10 years does not fit the crime (Score:5, Funny)
Re: (Score:2)
He should have burgled the houses, and raped the nannies while he was at it, to steal physical photos... He would have got less time. He could have even murdered a couple of guards and got less than 10 years.
Re: (Score:2)
Well, he would have had to burgle many houses and probably killed/raped many nannies to get all the celebrity photos so I think as a serial rapist/murderer he might have seen more time.
Re: (Score:2)
Well, he could have been facing a lot worse.
It's a steep sentence, but I have no sympathy for him -- nor more than I would for spammers, con-artists, or crooked politicians.
It's not like he could be under any illusion what he was doing was ever legal.
Not in my state (Score:2)
I don't know about your state but here it is pretty lengthy. Second degree murder has sentences that range from 10-20 years provided it is an isolated offence. If you already have convictions of certain types, it can be 25 years, or more. First degree murder is a life sentence or the death penalty. In cases of life, sometimes parole can be allowed, but not before 25 years and then it is still discretionary.
Something else you seem to forget is that he is charged of multiple crimes. You don't get to lump cri
Re: (Score:2)
It looks like the multiple charges (26 specifically) totaled up to 121 years of prison time.
That would require 5x 1st degree murders in your state to bring the minimum 25 years up to that amount, or 6-12x 2nd degree murders for the same.
He plead guilty to avoid getting the entire 121 years total, in exchange for serving only 10 years for all counts combined.
So if you use the time sentenced on a per-charge basis then that comes to a little over 4.5 years of prison per charge, which is in fact less than what
Re: (Score:3)
Child molesters and murderers will get more time if their victims are famous or rich.
If the victims are not connected or wealthy, then Child molesters and murderers get a slap or are ignored.
Re: (Score:2)
OTOH its a nice way to remind other people to stay the fuck out of systems which do NOT BELONG TO THEM.
Re: (Score:2)
Re: (Score:2)
I thought so too until I read this:
http://www.vancouversun.com/entertainment/Hollywood+hacker+that+posted+nude+photos+Scarlett+Johansson+sentenced+Monday/7708693/story.html [vancouversun.com]
Chaney also targeted two women he knew, sending nude pictures of one former co-worker to her father.
The women, who both knew Chaney, said their lives have been irreparably damaged by his actions. One has anxiety and panic attacks; the other is depressed and paranoid. Both say Chaney was calculated, cruel and creepy.
When I hear movie and modeling celebrities giving these long stories about how their lives have been destroyed by having nude photos made public on the internet, I wonder whether that's what the district attorney told them they'd have to say to get a conviction. After all, how many of those celebrities would pose nude for Playboy or Vogue at a time when it would be good for their career?
However, distributing nude pictures of co-workers, who are private persons, is somethin
Re: (Score:2)
10 years is a ridiculous amount of time to be in prison for something like this. Child molesters and murderers get less time.
The geek's white collar crimes are likely to land him in a federal criminal court, This is never good news, because white collar crimes are a federal criminal court's bread and butter and the judge will have heard every lame excuse for mercy the geek has to make.
Punishment for Murder - Federal - Mandatory Sentencing
Second degree murder
Imprisonment for life or any term
Second degree murder by an inmate, even escaped, serving a life sentence
Life imprisonment
First degree murder
Death or life imprisonment
Military - Mandatory Sentencing
Murder under UCMJ Article 118 Clause (2) or (3)
Any legal punishment (other than death) as directed by the court-martial
Murder under UCMJ Article 118 Clause (1) or (4)
Death or life imprisonment
Murder (United States law) [wikipedia.org]
Re: (Score:2)
Upset someone important though and all of a sudden resources materialize and harsh sentences are 'appropriate'.
Re: (Score:2)
If someone did what this guy did to you and/or your girlfriend/wife and/or your daughter(s), what sentence would fit the crime?
You are counting on an emotional answer so your argument is flawed.
Pics (Score:2, Funny)
or it didn't happen...
Defense rests your honor.
Re: (Score:2)
If you're too stupid to know how to find the pics online, you don't deserve to see them.
Have you heard of a search engine? Took me more time to type this than it took to view all of the pictures.
Re: (Score:2)
I am not surprised she was pissed off, they are really bad pics...
http://1.bp.blogspot.com/--YQnbGWJdps/TpfO7UrWrGI/AAAAAAAAHWE/-Zu5cw_6Sw4/s1600/ScarlettJohanssonNudeLeak2.jpg [blogspot.com]
HSBC laundered money, execs lose/reduce bonuses (Score:5, Insightful)
Why does it seem there is one set of rules for the little people and another set for big business?
"HSBC executives brushed off complaints from other bank employees, so that the problems persisted for eight years, the report says.
In addition, some HSBC bank affiliates skirted U.S. government bans against financial transactions with Iran and other countries, according to the report. And HSBC’s U.S. division provided money and banking services to some banks in Saudi Arabia and Bangladesh believed to have helped fund Al Qaeda and other terrorist groups, the report said."
http://www.thestar.com/business/article/1227431--hsbc-laundered-billions-of-dollars-for-mexican-drug-cartels-senate-investigation-finds [thestar.com]
"The penalty includes a five-year agreement with the US department of justice under which the bank will install an independent monitor to assess reformed internal controls. The bank's top executives will defer part of their bonuses for the whole of the five-year period, while bonuses have been clawed back from a number of former and current executives, including those in the US directly involved at the time."
Re:HSBC laundered money, execs lose/reduce bonuses (Score:5, Insightful)
Re: (Score:2)
Why does it seem there is one set of rules for the little people and another set for big business?
Here you go: With Liberty and Justice for Some [salon.com]. Aside from the book, Glenn Greenwald has a lot of interesting insights at Salon [salon.com], and now writes for The Guardian [guardian.co.uk].
information wants to be free! (Score:5, Funny)
U.S. is crazy (Score:5, Insightful)
Re: (Score:2)
Our justice system only works (for certain definitions of "works") because we threaten insane sentences to force less-insane plea bargains.
We can't afford to have more than a tiny number of cases go to trial, or the system would break down. Not enough money, not enough judges, not enough lawyers.
Re: (Score:2)
Re: (Score:3)
Each hack is a different crime. Each crime has a minimum sentence. The rest is math. Most countries are no different.
Re: (Score:3)
Let's take a closer look... (Score:2, Flamebait)
Seriously. The guy did deserve to go to jail, but 121 years?!!! And he pleaded guilty to get "just" 10 years? It is no surprise U.S. prisons are full and U.S. has the highest number of prisoners per capita in the World...
Maybe he shouldn't have been doing things that are clearly illegal, without much question creepy, and doing these things to "high profile" people to boot?
Perhaps society should be protected from creeps this fucking stupid?
Also, keep in mind:
The indictments against him included accessing and damaging computers, wire tapping and identify theft.
...So we're not talking about just a few celebrity nudes.
He then allegedly communicated directly with contacts found in the hacked email account's address list and searched the account for photos, information and other data.
To control the account, Chaney is alleged to have altered the email's account settings to go to a separate, unrelated e-mail address that he controlled.
After gaining complete access to the hacked account, Chaney then used the contact list to "harvest" new targets, according to the FBI.
Just a little "innocent" hacking of "rich people" who should have known better?
And, keep in mind that if he wasn't already doing credit card theft, it was probably in his "script kiddie" queue.
Re: (Score:2)
Re: (Score:2)
Idiot (Score:2)
Have we completed the road to serfdom yet? (Score:2)
Re: (Score:3)
Not really true. I know normal people that his sort of thing has happened to and the perpetrators went to jail. Maybe not for ten years, but remember that this guy was charged with 26 counts. He did this to *a lot* of people. Surprisingly enough you go to jail for a longer time when you rob four stores than when you rob one store.
Like they didnt want it to happen (Score:5, Insightful)
I consider the real sickness here is the wierdness that is the mind of apparently most Hollywood stars.
I mean why do they apparently all carry nude pictures of themselves on their phones? Especially even knowing that phones can be hacked.
I can smell the Paris Hilton effect in action.... There is no such thing as bad publicity.
Re: (Score:2)
Re: (Score:2)
Because they hope the phone will be "hacked" and the pictures posted online, thereby generating a great deal of publicity for them.
Scarlet grainy pics uncensored (Score:5, Informative)
most sites have these watermarked or censored with black bars
- REDACTEDRe: (Score:2)
Those are not particularly embarrassing pictures for a professional model.
Do you e-mail around naked photos of yourself? (Score:3)
Is it just me, or is it somewhat strange that these celebrities would have naked photos of themselves in their e-mail in the first place? I know I don't have any naked photos of myself in my gmail account, and I'm not even someone everyone wants to see naked. If you were a young, female celebrity who knew everyone wanted to see you naked, wouldn't you think twice before a) taking a naked picture of yourself and b) e-mailing it to anyone.
Or maybe I'm just a prude who doesn't know how to put his cell phone camera to good use.