Feeds

Naked Scarlett Johansson pic snatch 'is worth 6 years' porridge'

Prosecutors want crackdown on saucy sleb webmail plunder

The Power of One eBook: Top reasons to choose HP BladeSystem

Prosecutors have called for tough penalties and mid-level fines against the self-confessed Scarlett Johansson nude photo hacker.

Christopher Chaney, of Jacksonville, Florida, 35, pleaded guilty in March to hacking into the webmail account of numerous celebs including Mila Kunis and Scarlett Johansson and changing settings to forwards emails to accounts under his control.

The tactic allowed Chaney to gain access to personal emails and photographs sent through smartphones and linked webmail services, including images of celebs in various states of undress that were intended for viewing only by their partners. Johansson said her photos were sent to her then-husband Ryan Reynolds three years prior to their publication last year.

Risque photographs harvested by Chaney found their way onto gossip websites. Police, called in to investigate the leaks, soon traced the hacks back to Chaney, resulting in his arrest.

"In most cases, Chaney accessed the administrative settings on the victims’ accounts so that all of their emails would automatically be forwarded to a separate email account that he controlled.

"This form of wiretapping allowed Chaney to continually receive victims’ emails even after a password had been reset," explains an FBI statement issued at the time of his arrest last October.

The offences took place between November 2010 and February 2011. Chaney used the contact books of compromised accounts to draw up list of fresh victims to target. It's unclear how he obtained access to targeted accounts but guessing password reset questions would seem the most likely approach.

Prosecutors are calling for judges to jail Chaney for six years (71 months) and for him to pay more than $150,000 in restitution, celeb news site TMZ reports.

Specifically, Chaney ought to pay $66,000 to Scarlett Johansson, $77,000 to actress and singer Renee Olstead and $7,500 to Christina Aguilera for the publication of semi-nude snaps, allegedly grabbed from her personal stylist's account.

The police investigation (dubbed Operation Hackerazzi) was launched following a wave of hacking attacks against the email accounts of around 50 celebrities including Lady Gaga and Miley Cyrus as well as Johansson and Aguilera.

Chaney says his webmail photo hacking exploits were driven by compulsion. He claims to have obtained evidence using the same techniques that various male celebrities are secretly gay.

There's no evidence of extortion and little suggestion that he tried to sell the illicit content he purloined. These mitigating factors may count in his favour when he appears in a Los Angeles federal court for a sentencing hearing, scheduled for 23 July.

Commentary on the security aspects of the case, principally the need to secure and monitor webmail accounts, can be found in a blog post by Graham Cluley of Sophos here. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.