A 36-year-old US man has admitted hacking into the iCloud and Gmail accounts of celebrities through a long-running phishing attack.
Ryan Collins, from Lancaster in Pennsylvania, admitted he had illegally accessed and downloaded images from 50 iCloud accounts and 72 Gmail accounts that he had managed to compromise through phishing attacks that ran between November 2012 until the beginning of September 2014.
According to the DoJ:
He sent e-mails to victims that appeared to be from Apple or Google and asked victims to provider their usernames and passwords. When the victims responded, Collins then had access to the victims’ e-mail accounts.
Collins agreed to plead guilty to one count of unauthorised access to a protected computer to obtain information as part of a plea bargaining deal that means he is likely to face 18 months imprisonment, said the California US Attorney’s Office.
Collins collected personal information including nude photographs and video of celebrities. In some cases, the Feds say, he used a "software program to download the entire contents of the victims’ Apple iCloud backups".
The charges against Collins arose from an investigation into the leaks of photographs of numerous female celebrities including Jennifer Lawrence in September 2014. However, investigators say they have not uncovered any evidence linking Collins to the actual leaks showing he shared the information with third parties.
The hack, which became known as "Celebgate" followed the leak of celebrity nude pics to notorious image board 4chan back in September 2014. At the time, an iCloud security breach was blamed but now we know that phishing was also in play.
The FBI investigation into Celebgate is ongoing, as the DoJ statement on Collins’ guilty plea explains.
Court papers related to the prosecution of Collins can be found here. ®