'Celebgate' attack leaks nude photos of celebrities

George Garofano — one of the four hackers who stole and leaked celebrity nudes in the 2014 event that came to be known as Celebgate (and on 4chan as “The Fappening”) — has been sentenced to eight months of prison time. Variety reports, he’ll also face three years of supervised release and 60 hours of community service after he gets out. In total, Garofano hacked more than 250 people, including Kate Upton, Jennifer Lawrence, and Kirsten Dunst.

Three other hackers had already been sentenced for their roles in hacking the material that became Celebgate: Ryan Collins, 36, was sentenced to 18 months in prison after pleading guilty to felony hacking and violating the Computer Fraud and Abuse Act; Edward Majerczyk, 28, pled guilty to the same and was sentenced to nine months in prison. Emilio Herrera, 32, also pled guilty and is still awaiting his sentencing. While the US Attorney’s Office says there’s no evidence that Collins, Majerczyk, or Herrera shared or posted the stolen images online, Variety reports that prosecutors in the case allege that Garofano traded usernames, passwords, and the images themselves with other people.

Ryan Collins, one of the people behind the 2014 "Celebgate" photo leak, has been sentenced to 18 months in prison. Earlier this year, Collins pled guilty to carrying out a long-running phishing campaign that gave him access to dozens of private email and iCloud accounts, including those of many female celebrities, some of whom had nude photos leaked as a result of the breach.

Collins was convicted of violating the Computer Fraud and Abuse Act and faced up to five years in prison, although prosecutors recommended 18 months as part of a plea bargain. According to the Justice Department, he sent his targets emails purporting to come from Apple or Google, asking them to give up their passwords. Over the course of two years, from 2012 to 2014, he got access to at least 50 iCloud accounts and 72 Gmail accounts, "many of which belonged to female celebrities." The statement also says that Collins ran a fake modeling scam to trick victims into sending nude photos. Notably, the Justice Department has found no evidence that Collins is behind the mass release of these photos, which appeared on the forum 4chan in August of 2014.

"This defendant not only hacked into e-mail accounts — he hacked into his victims’ private lives, causing embarrassment and lasting harm," said FBI assistant director Deirdre Fike in a press statement. "As most of us use devices containing private information, cases like this remind us to protect our data."

Ryan Collins, a 36-year-old Pennsylvania man accused of playing a key role in the "Celebgate" breach in 2014, will plead guilty to violating the Computer Fraud and Abuse Act, which will mark the first conviction related to the high-profile hack. Collins spent roughly two years tricking victims online, some of which worked in Hollywood, into handing over sensitive data like email addresses and passwords by pretending to work for Apple and Google, according to federal prosecutors. Once inside the accounts, Collins was able to access full iCloud backups containing nude photos and videos. Photos from Jennifer Lawrence and Kate Upton were included in the eventual leak.

In total, Collins broke into as many as 50 iCloud accounts and 72 Gmail accounts. He was charged with one count of felony computer hacking and one count of unauthorized access to a protected computer. Although the charges contain a maximum prison sentence of five years, prosecutors recommended Collins serve 18 months after reaching a plea deal. "By illegally accessing intimate details of his victims' personal lives, Mr. Collins violated their privacy and left many to contend with lasting emotional distress, embarrassment and feelings of insecurity," David Bowdich, the assistant director in charge of the FBI's Los Angeles office, said in a statement.

Anonymous users of infamous web forum 4chan leaked stolen nude pictures of Jennifer Lawrence, Kate Upton, Kirsten Dunst, and scores of other women on September 1st. Three weeks later, anonymous 4chan users threatened to do it again. Their new target would be Emma Watson, the actress best known for portraying teenage schoolgirl Hermione Granger in the Harry Potter movies.

This time, the anonymous figures appeared more organized. Shortly after the threats appeared online, someone set up a dedicated site — emmawatsonyouarenext.com — and started a countdown to the time and date that they would release the images. The countdown first pointed to this coming Saturday, before jumping forward, to 12AM ET on Wednesday the 24th of September.

Last week LA-based artist XVALA — real name Jeff Hamilton — announced he would display recently leaked naked pictures of celebrities including Jennifer Lawrence and Kate Upton as part of an upcoming art show he titled "No Delete." But now the artist has backtracked on his original decision, removing the pictures from his planned exhibit, and replacing them with life-size nude pictures of himself.

Hamilton said the public reaction to the leaked photos made him change his mind. "People were identifying with Jennifer Lawrence‘s and Kate Upton‘s victimization, much more than I had anticipated, which is powerfully persuasive." Hamilton's scheduled exhibit was to be part of his long-running "Fear Google" series, and was to be run at the Cory Allen Contemporary Art gallery. The gallery said the decision to cancel came because of a mixed public reaction and a number of "persuasive online petitions."

TheFappening, a new subreddit that became the unofficial hub for the cache of nude celebrity photos revealed last week, has been banned and shut down by Reddit. In a statement published on its official blog, a representative for the company said that "we deplore the theft of these images and we do not condone their widespread distribution." Visitors to the subreddit are now greeted with the warning image above.

After the initial leak of hundreds of nude celebrity photos online through 4Chan, TheFappening emerged as a distribution center for the stolen photos. Reddit has been silent on the matter for over a week, but now a lengthy post by a Reddit employee explains what has been going on inside the company. At first, Reddit did not decide to ban the subreddit; instead the company responded to DMCA requests and took down private photos hosted on its servers as required by law.

On Wednesday, following a flood of commentary on the theft of celebrities’ nude photos, some corners of the web announced they’d had enough. John Herrman, writing in The Awl, ridiculed the surge in punditry as a cynical grab for page views. "A phenomenon like this generates an enormous surplus of attention, much more than news can meet," he wrote. "This throws the ᴄᴏɴᴛᴇɴᴛ industry into a frantic generative mode, initiating a full-spectrum stress test on par with a natural disaster or a war." Alex Pareene, following up on Andrew Sullivan’s site, suggested most of these Celebgate "takes" were "produced solely in the hopes that the post will, through luck and a bit of dark magic, win the Facebook algorithm lottery," and "are the most depressing pieces of writing on the web, for the reader and the writer."

It’s true that generally we suffer from too much commentary chasing too little journalism. But Celebgate strikes me as precisely the wrong test case for this notion, because the leaked photos are the rare bit of celebrity news that has real consequences for the rest of us. The theft of the photos has several dimensions, all of them awful. There are the victims themselves, who have been subject to ridicule and abuse in the short term and could see damage to their careers in the long term. There are the criminals who stole and traded their targets’ information, drawing attention to apparently vast networks of disgruntled ex-boyfriends working to unearth the nudes of their own non-famous partners. There are the Redditors who collected all the nudes, which appear to have included child pornography, onto a forum called The Fappening, where they could be consumed and commented upon in a spirit of callous bonhomie.

Apple CEO Tim Cook told The Wall Street Journal today that his company is soon to introduce measures to protect iPad, iPhone, and Mac users' information and keep hackers out of their accounts. In two weeks time, Cook said users would start to receive emails and push notifications on mobile devices when iCloud data was restored, passwords changed, or when a new device logs into an account for the first time.

Cook's comments come after hundreds of photos of nude celebrities, including Jennifer Lawrence and Ariana Grande, were leaked online. The pictures were reportedly obtained through Apple's iCloud service. The company has denied that private accounts were accessible through security flaws in the cloud storage system, but said that the stars were the target of hackers that attempted to compromise their usernames, passwords, and security questions. It's been speculated that the photos released were only a small portion of the number owned by a shadowy ring of individuals who trade private images of the world's most famous people.

When nude photos of more than 100 prominent celebrities began appearing on the internet over Labor Day weekend, people assumed that the leak was intentional: there was a hacker, or hackers, who were posting these images for fun or profit, and they had used recently discovered security flaws in Apple’s iCloud system to break into accounts and make off with these pictures.

Celebgate is probably the biggest privacy breach of the most famous people ever to come to public attention all at once. If you didn’t feel vulnerable after the massive Target breach or after Mat Honan’s epic hacking, surely you should feel exposed now that dozens of rich and famous celebrities have had their private photos stolen.

The breach itself wasn’t that interesting to me — it seemed inevitable. What was interesting was how quickly some celebrities admitted the photos were real, even though they could have easily argued otherwise.

By now, you’ve probably heard that a massive cyberattack dubbed "TheFappening" or "Celebgate" resulted in the publication of nude and semi-nude photos of dozens of A-listers over the Labor Day weekend. Pop princess Ariana Grande, Glee star Lea Michele, soccer player Hope Solo, and our beloved Hunger Games actress Jennifer Lawrence were just a few of the more than 100 celebrities who were allegedly hit.

It’s unclear who exactly broke into these stars’ accounts, how they did it, and how long the plan was in the works. Apple has said at least some of the photos came from individual iCloud accounts that attackers broke into one by one, and not from a system-wide breach. The company and the FBI are still investigating.

What we're apparently calling "celebgate" has probably caused you to worry that your own data in the cloud isn't secure. It certainly has me worried, but I do have one small trick that helps reduce the stress a little. The attack vectors we're seeing most often involve figuring out some public piece of data about you and then parlaying that into some social engineering (or clever password recovery) to get to your data. Getting a hold of an email address is probably the easiest step in that chain, and if you can make it more difficult, you're theoretically safer.

So I try to use a different email address for every single service that I sign up for. That sounds like a nightmare (and it kind of is), but the clever bit is that all these emails only look different to the services I use, but they're actually all the same email address.

Reddit users raised more than $5,000 for the Prostate Cancer Foundation earlier today, but the organization doesn't want a dime. The reasoning? The money was raised on r/TheFappening, the now-infamous section of Reddit where more than 100 celebrity nude photos, the result of an iCloud hack electronic break-in (or maybe many iCloud electronic break-ins), were widely distributed.

Here's the joke: masturbation may reduce the risk of prostate cancer. If you downloaded or circulated the photos, you can atone by donating to this relevant charity. Soon, "Reddit The Fappening" was the top donor on PCF's leaderboard.

Apple says that the mass theft of nude celebrity photos that were released over the weekend did not occur because of a breach in any Apple systems, including iCloud. Apple says, however, that certain celebrities were the subject of targeted hacking attempts that focused on compromising their usernames, passwords, and security questions — a common and well-tread technique across the web. Though Apple's statement doesn't make it entirely clear, it sounds as though iCloud may still have been involved in the thefts in some capacity: that is, Apple's customers may have had their iCloud usernames and passwords stolen, giving another party access to their account.

Apple also says that Find my iPhone was not involved in the photo thefts. There had been some speculation that this service was at fault, as someone had recently discovered and published a flaw in it that allowed a malicious party to continually guess passwords without any recourse. Apple appeared to have patched the issue shortly thereafter, and its statement implies that this Find my iPhone flaw was not used here. That said, Apple's statement also does not make it perfectly clear that this flaw was not put to use. Apple did not immediately respond to a request for clarification on the matter.

Apple says it is "actively investigating" an alleged exploit to its iCloud service that allowed hackers to post dozens of private celebrity photos to public message boards this weekend. "We take user privacy very seriously and are actively investigating this report," said an Apple spokesperson to Recode. Among the pictures posted to the Reddit and 4chan message boards were nude photos of celebrities Jennifer Lawrence, Kate Upton, Kirsten Dunst, and numerous other models, actresses, and athletes.

Meanwhile, as Hollywood Reporter notes, the FBI is also paying attention, releasing the following statement that promises that it is "addressing the matter." What precisely "addressing" means is as yet unclear: "The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter. ... Any further comment would be inappropriate at this time."

Hundreds of nude and revealing photos of female celebrities were released onto the internet last night by a hacker. Authorities have yet to identify the culprit and its also not clear exactly how he or she got access to these women's accounts, with iCloud the most widely reported service suspected of being breached. As the world digests the shocking breach of privacy, one common sentiment seems to be that anyone careless enough to take naked photos in digital form should be prepared for the embarrassment of having them leak.

Over the weekend someone released hundreds of revealing photos of celebrities that appear to have been stolen from private storage. In response to this, a bunch of anonymous guys on the internet copied them and posted them all over the town square, because the internet is written in ink and if you are ever a victim once in your life the internet will remind you of it forever.

These men are the detritus of human society for whom the internet provides a warm blanket, so let's remove the warm blanket for a minute.