Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Behind Leaked Nude Celebrity Photos Gets 10 Years

Posted by timothy on from the what-would-justice-be? dept.

wiredmikey writes "A U.S. judge sentenced a computer hacker to 10 years in prison on Monday for breaking into the email accounts of celebrities and stealing private photos. The hacker accessed the personal email accounts and devices of stars including Scarlett Johansson, Christina Aguilera and Renee Olstead, among dozens of other people he hacked. The hackers arrest in October 2011 stemmed from an 11-month investigation into the hacking of over 50 entertainment industry names, many of them young female stars. Hacked pictures of Johansson showed her in a state of undress in a domestic setting. Aguilera's computer was hacked in December 2010, when racy photos of her also hit the Internet. Mila Kunis' cell phone was hacked in September that year with photos of her, including one in a bathtub, spread online. According to the FBI, the hacker used open-source, public information to try to guess a celebrity's email password, and then would breach the account."

33 of 346 comments (clear)

  1. Open Source information? by suso · · Score: 4, Informative

    What is Open Source information? The OSI foundation doesn't seem to be doing a good job of enforcing the trademark of the term Open Source. I hear and see it used in many ways in which it should not be and the term has been grossly eroded in meaning over the past decade.

    1. Re:Open Source information? by Anonymous Coward · · Score: 5, Informative

      Pretty standard term.

      http://en.wikipedia.org/wiki/Open-source_intelligence

    2. Re:Open Source information? by bsDaemon · · Score: 5, Informative

      Trademarks are domain-specific, like how actual windows can still be called windows and Microsoft can't sue over Windows. The use of the term "open source" for intelligence information (OSINT) is as old as dirt and is used to differentiate between sources such as news papers/party organs/etc and information attained through clandestine means, either human intelligence (HUMINT) or signals intelligence (SIGINT). Nothing to get upset about. It's not like the article said he used "the well known, open-source hacker tool Linux..."

    3. Re:Open Source information? by ShanghaiBill · · Score: 4, Interesting

      What is Open Source information? The OSI foundation doesn't seem to be doing a good job of enforcing the trademark of the term Open Source

      "Open source" simply means something that was openly published and available to the public. The term has been in use for at least a century. The OSI foundation has no trademark on the term.

      That fact that this guy got the info from open sources doesn't make it okay. If I find your key under your doormat, that was stupid of you, but it doesn't make it okay for me to rob you. This jerk got what he deserves.

    4. Re:Open Source information? by bsDaemon · · Score: 5, Informative

      Davis W. Moore, "Open Sources on Soviet Military Affairs," Studies in Intelligence (Summer 1963-declassified article)

      Herman L. Croom, "The Exploitation of Foreign Open Sources," Studies in Intelligence (Summer 1969-declassified article)

      So, the term as applied goes back at least to the 60s. It has just become more common in the last 10-15 years or so.

    5. Re:Open Source information? by disambiguated · · Score: 4, Interesting

      They didnt. they define "Open Source". Caps have a purpose, you know.

      There are a handful of case-sensitive words in English. "Open Source" isn't one of them.

  2. Really? by Anonymous Coward · · Score: 5, Funny

    Pics or it didn't happen.

    1. Re:Really? by TWX · · Score: 4, Insightful

      Sure. Let's joke about posting personal pictures of a non-consenting party.

      I don't have a problem with the jokes. And honestly while I don't agree with the illegal methods of obtaining the data that the hacker used, I also do not consider his data breach any worse than any other random data breach. Fact is, those who take naked pictures of themselves or allow naked pictures to be taken of them must accept that it's possible that others will see them. That held true for the girl who sent cheesecake-style pinup photos of herself to her soldier-boyfriend who would probably show the picture to his buddies, held true for the Polaroid revolution, held true for the 8mm camera era, held true for the videotape era, and holds true for the digital camera era.

      Simply, if one doesn't want naked pictures of one's self to be seen, one should not take or allow taken, naked pictures of one's self. Literally that's it. Don't do it if you don't want them seen. The only reason for a picture to exist is for it to be seen, and the large number of prurient people in this world will be happy to look. If one never takes or allows these kinds of pictures to be taken then there will never be a chance of them being shared, leaked, or stolen.

      This comment wouldn't even come up if it was a man whose pictures were taken.

      You've never been around women gossiping that don't know that a man can hear them, have you?

      --
      Do not look into laser with remaining eye.
    2. Re:Really? by Americano · · Score: 4, Insightful

      If they didn't want these pictures out there then they shouldn't have had them taken.

      "Why would you protest the Patriot Act or warrantless wiretapping? If you've done nothing wrong, then you have nothing to fear, citizen!" Or, for that matter... "Why would you protest Facebook & Instagram's use of your photos in any way they deem financially useful? Its your own fault if you don't keep the photos under strict lock and key in an electromagnetically-shielded, hermetically sealed lockbox!"

      Say what you really mean:

      "But I liked seeing Scarlett Johannson's boobies, and don't think anybody should be punished for having helped me achieve that dream!"

  3. Wake up call by davydagger · · Score: 3, Insightful

    "According to the FBI, the hacker used open-source, public information to try to guess a celebrity's email password, and then would breach the account."

    Further proof celebs are fucking dumb. This guy wasn't a "real hacker".

    I don't know what is more disgusting, celebrities themselves, or psycho brand of psychonphants they attract.

    1. Re:Wake up call by dav1dc · · Score: 3, Insightful

      I agree - is it still considered a "hack" when all the attacker did was guess the password from common (public domain) knowledge??

      I don't think it changes the degree of wrong in his actions - but in this light we shouldn't revel in the miraculous technical innovations used to snipe some celeb p0Rn.

    2. Re:Wake up call by seepho · · Score: 5, Funny

      is it still considered a "hack" when all the attacker did was guess the password from common (public domain) knowledge??

      Yes, much like a golf cart is still considered a vehicle.

    3. Re:Wake up call by SternisheFan · · Score: 5, Interesting

      Further proof celebs are fucking dumb. This guy wasn't a "real hacker".

      Well, he'll be going to a real prison with real criminals -- Slashdot's whinging about what is a hacker, a cracker, or a script kiddie is irrelevant.

      He's hardly a criminal mastermind, but what he did was still illegal.

      As illegal as breaking and entering into someone's home and stealing photos from a bedroom safe. Good to hear that the court system sees hacking for the serious crime it really is. Someone with a talent for computing shouldn't be given free license to break into someone elses devices and steal, and then provide some lame 'War Games' "it was just some innocent hacking" defense. 10 years will give him time to wonder if maybe he shouldn't play like some kind of untouchable omnipotent God at a keyboard. I look forward to hearing of more tough sentences in the future.

    4. Re:Wake up call by WD · · Score: 3, Insightful

      I don't think the quote is right. The technique used to gain access is not to guess the password, but to guess the answers to the password recovery questions. The password itself can be strong, but when you've got a site that provides recovery questions like "Where were you born?", what are we to do? The clever approach would be to have an answer scheme that isn't guessable via public knowledge, but also something you can remember if you need to use it. There's a difference between "fucking dumb" and not being aware of weaknesses in web service authentication schemes.

    5. Re:Wake up call by pclminion · · Score: 5, Interesting

      Further proof celebs are fucking dumb. This guy wasn't a "real hacker".

      On the contrary, guessing a password is a truly classic hack. What is more of a "real hack" from your perspective? Downloading and running a cracking script? To guess a person's password from information publicly available about them is a prime example of security-oriented thinking.

      The best hacks are tailored precisely to the circumstances.

    6. Re:Wake up call by stdarg · · Score: 5, Insightful

      As illegal as breaking and entering into someone's home and stealing photos from a bedroom safe

      I don't think it's as illegal as that. If someone breaks into your home and goes into your bedroom, that's scary not just because they stole your photos or money, but they could have easily run into someone and had to decide -- do I attack this person, do I turn this burglary into a rape, do I leave witnesses, etc.

      I just looked up common sentences for burglary, and found an article that discusses burglary laws in New York (http://criminal.findlaw.com/criminal-charges/burglary-penalties-and-sentencing.html ). As I suspected, the main differences between degrees of burglary are whether it was a dwelling where someone lives and whether a weapon was involved. Both combined is first degree. One or the other is second degree. Neither (breaking into a store for instance) is third degree with a maximum sentence of 7 years. Hacking a phone should be the LEAST serious of any of those, really a fourth degree.

      The reality is that hacking isn't that bad.

    7. Re:Wake up call by rk · · Score: 3, Interesting

      I have a made-up narrative for an alter ego where I know all the answers to those questions (e.g., what's your mother's maiden name?) and I use those answers instead of the real ones. So you can do all the research you want on me, and you'll get wrong answers for those questions. But I'm weird that way... :-)

    8. Re:Wake up call by DrgnDancer · · Score: 4, Informative

      You are correct. The article states that he could have gotten 121 years if he'd been convicted on all 26 counts he was indited for. Real world third degree burglary adds up too when you've broken into a couple dozen stores. If the information in the article is correct, it looks like the average maximum sentence for each indictment is around 4.5 years, so 2.5 years less than you say for third degree burglary. It's just that he did it lots and lots of times. Sounds like he got off pretty easy, about 3 months per count.

      --
      I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
    9. Re:Wake up call by bill_mcgonigle · · Score: 3, Insightful

      I admire your creativity, but for normal mortals:

      Q: What's your mother's maiden name?
      A: qU$%3HHr28k4

      OK, that makes me somewhat dependant on LastPass, but that's a somewhat smaller risk than outlined in TFS.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    10. Re:Wake up call by TheCarp · · Score: 3, Insightful

      Yes but.... if he broke into her home, stole physical photos, and released them.... most people would easily consider it as much, if not more, of a violation.... but would he ever face nearly the jail time for that as he did for this? I doubt it strongly.

      Now, that isn't condoning what he did, clearly he was wrong, hell, I even called into question whether that FBI dad who tracked down the pedophile principal had overstepped ethical bounds by reading the reports in the first place. However, the punishment, if there is to be one, should not be out of proportion with the crime....

      This puts him away not just longer than someone who commited a nearly identical crime by different means, it puts him away longer than many violent criminals who actually physically harmed people.

      Hell, he will likely do more time than Whitey.

      --
      "I opened my eyes, and everything went dark again"
    11. Re:Wake up call by Tsingi · · Score: 5, Insightful

      Yes but.... if he broke into her home, stole physical photos, and released them.... most people would easily consider it as much, if not more, of a violation.... but would he ever face nearly the jail time for that as he did for this? I doubt it strongly.

      10 years is a fucking joke. Bankers destroyed the world economy and no one, except Iceland, charged any of them. There is no justice.

    12. Re:Wake up call by Alphadecay27 · · Score: 3, Informative

      The article states that he stalked two non-celebrities for more than 10 years. It's a lot more creepy than just some guy wanting to see celebrity boobies.

    13. Re:Wake up call by SternisheFan · · Score: 4, Insightful

      If you can break into my car and make exact copies of the stuff inside without depriving me of those things, and then put the window back exactly as you found it - have at it.

      Thanks, where do you park?

      I would still be committing the crime of b&e, breaking and entering, for which you would have the legal right to prosecute me for. First I'd need to obtain a notarized statement from you saying you allow me to do these things. Without that statement from you, it'd still be illegal.

      And the pics and videos of you and your wife/girlfriend in various stages of undress (performing certain acts) that I copied from your car and posted them on the internet, that's okay with you too, right? Just asking.

  4. how many years in prison by Anonymous Coward · · Score: 5, Insightful

    did Rupert Murdoch and his son get?

  5. 10 years does not fit the crime by jdastrup · · Score: 5, Insightful

    10 years is a ridiculous amount of time to be in prison for something like this. Child molesters and murderers get less time.

    1. Re:10 years does not fit the crime by Sperbels · · Score: 4, Funny

      Well, you see, Scarlett Johansson's ass is copyrighted. So the MPAA is probably setting the sentence.

  6. HSBC laundered money, execs lose/reduce bonuses by RichMan · · Score: 5, Insightful

    Why does it seem there is one set of rules for the little people and another set for big business?

    "HSBC executives brushed off complaints from other bank employees, so that the problems persisted for eight years, the report says.

    In addition, some HSBC bank affiliates skirted U.S. government bans against financial transactions with Iran and other countries, according to the report. And HSBC’s U.S. division provided money and banking services to some banks in Saudi Arabia and Bangladesh believed to have helped fund Al Qaeda and other terrorist groups, the report said."

    http://www.thestar.com/business/article/1227431--hsbc-laundered-billions-of-dollars-for-mexican-drug-cartels-senate-investigation-finds

    "The penalty includes a five-year agreement with the US department of justice under which the bank will install an independent monitor to assess reformed internal controls. The bank's top executives will defer part of their bonuses for the whole of the five-year period, while bonuses have been clawed back from a number of former and current executives, including those in the US directly involved at the time."

    1. Re:HSBC laundered money, execs lose/reduce bonuses by DickBreath · · Score: 4, Insightful

      I think that this article about High Court versus Low Court justice will explain it for you.

      --

      I'll see your senator, and I'll raise you two judges.
  7. information wants to be free! by larry+bagina · · Score: 5, Funny

    These celebrities should open source their privates and make money by selling support contracts.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  8. U.S. is crazy by fredprado · · Score: 5, Insightful

    Seriously. The guy did deserve to go to jail, but 121 years?!!! And he pleaded guilty to get "just" 10 years? It is no surprise U.S. prisons are full and U.S. has the highest number of prisoners per capita in the World...

  9. Like they didnt want it to happen by JustNiz · · Score: 5, Insightful

    I consider the real sickness here is the wierdness that is the mind of apparently most Hollywood stars.
    I mean why do they apparently all carry nude pictures of themselves on their phones? Especially even knowing that phones can be hacked.
    I can smell the Paris Hilton effect in action.... There is no such thing as bad publicity.

  10. Scarlet grainy pics uncensored by Cito · · Score: 5, Informative

    most sites have these watermarked or censored with black bars

    - REDACTED
  11. Quit blaming the victim by SirGarlon · · Score: 5, Insightful

    Stop blaming the victim. I've heard this so often, I'm finally going to snap. (Nothing personal.)

    Make up your mind whether IT administration is easy or hard.

    If it's easy, then the IT profession is perpetrating a massive scam and collecting fat paychecks for what is basically an easy job. I don't believe that, and I do not think you will find many people on Slashdot who support that position.

    On the other hand, if IT is hard, then it's not fair to condemn non-professionals from being unable to do it. Rather than calling people "stupid" for not knowing things that we take for granted, we could actually try to promote public awareness and give people constructive advice.

    --
    [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.