Feeds

Naked Scarlett Johansson pic snatch 'is worth 6 years' porridge'

Prosecutors want crackdown on saucy sleb webmail plunder

Beginner's guide to SSL certificates

Prosecutors have called for tough penalties and mid-level fines against the self-confessed Scarlett Johansson nude photo hacker.

Christopher Chaney, of Jacksonville, Florida, 35, pleaded guilty in March to hacking into the webmail account of numerous celebs including Mila Kunis and Scarlett Johansson and changing settings to forwards emails to accounts under his control.

The tactic allowed Chaney to gain access to personal emails and photographs sent through smartphones and linked webmail services, including images of celebs in various states of undress that were intended for viewing only by their partners. Johansson said her photos were sent to her then-husband Ryan Reynolds three years prior to their publication last year.

Risque photographs harvested by Chaney found their way onto gossip websites. Police, called in to investigate the leaks, soon traced the hacks back to Chaney, resulting in his arrest.

"In most cases, Chaney accessed the administrative settings on the victims’ accounts so that all of their emails would automatically be forwarded to a separate email account that he controlled.

"This form of wiretapping allowed Chaney to continually receive victims’ emails even after a password had been reset," explains an FBI statement issued at the time of his arrest last October.

The offences took place between November 2010 and February 2011. Chaney used the contact books of compromised accounts to draw up list of fresh victims to target. It's unclear how he obtained access to targeted accounts but guessing password reset questions would seem the most likely approach.

Prosecutors are calling for judges to jail Chaney for six years (71 months) and for him to pay more than $150,000 in restitution, celeb news site TMZ reports.

Specifically, Chaney ought to pay $66,000 to Scarlett Johansson, $77,000 to actress and singer Renee Olstead and $7,500 to Christina Aguilera for the publication of semi-nude snaps, allegedly grabbed from her personal stylist's account.

The police investigation (dubbed Operation Hackerazzi) was launched following a wave of hacking attacks against the email accounts of around 50 celebrities including Lady Gaga and Miley Cyrus as well as Johansson and Aguilera.

Chaney says his webmail photo hacking exploits were driven by compulsion. He claims to have obtained evidence using the same techniques that various male celebrities are secretly gay.

There's no evidence of extortion and little suggestion that he tried to sell the illicit content he purloined. These mitigating factors may count in his favour when he appears in a Los Angeles federal court for a sentencing hearing, scheduled for 23 July.

Commentary on the security aspects of the case, principally the need to secure and monitor webmail accounts, can be found in a blog post by Graham Cluley of Sophos here. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.