Feeds

Naked Scarlett Johansson pic snatch 'is worth 6 years' porridge'

Prosecutors want crackdown on saucy sleb webmail plunder

5 things you didn’t know about cloud backup

Prosecutors have called for tough penalties and mid-level fines against the self-confessed Scarlett Johansson nude photo hacker.

Christopher Chaney, of Jacksonville, Florida, 35, pleaded guilty in March to hacking into the webmail account of numerous celebs including Mila Kunis and Scarlett Johansson and changing settings to forwards emails to accounts under his control.

The tactic allowed Chaney to gain access to personal emails and photographs sent through smartphones and linked webmail services, including images of celebs in various states of undress that were intended for viewing only by their partners. Johansson said her photos were sent to her then-husband Ryan Reynolds three years prior to their publication last year.

Risque photographs harvested by Chaney found their way onto gossip websites. Police, called in to investigate the leaks, soon traced the hacks back to Chaney, resulting in his arrest.

"In most cases, Chaney accessed the administrative settings on the victims’ accounts so that all of their emails would automatically be forwarded to a separate email account that he controlled.

"This form of wiretapping allowed Chaney to continually receive victims’ emails even after a password had been reset," explains an FBI statement issued at the time of his arrest last October.

The offences took place between November 2010 and February 2011. Chaney used the contact books of compromised accounts to draw up list of fresh victims to target. It's unclear how he obtained access to targeted accounts but guessing password reset questions would seem the most likely approach.

Prosecutors are calling for judges to jail Chaney for six years (71 months) and for him to pay more than $150,000 in restitution, celeb news site TMZ reports.

Specifically, Chaney ought to pay $66,000 to Scarlett Johansson, $77,000 to actress and singer Renee Olstead and $7,500 to Christina Aguilera for the publication of semi-nude snaps, allegedly grabbed from her personal stylist's account.

The police investigation (dubbed Operation Hackerazzi) was launched following a wave of hacking attacks against the email accounts of around 50 celebrities including Lady Gaga and Miley Cyrus as well as Johansson and Aguilera.

Chaney says his webmail photo hacking exploits were driven by compulsion. He claims to have obtained evidence using the same techniques that various male celebrities are secretly gay.

There's no evidence of extortion and little suggestion that he tried to sell the illicit content he purloined. These mitigating factors may count in his favour when he appears in a Los Angeles federal court for a sentencing hearing, scheduled for 23 July.

Commentary on the security aspects of the case, principally the need to secure and monitor webmail accounts, can be found in a blog post by Graham Cluley of Sophos here. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.