Hacker sentenced to prison for role in Jennifer Lawrence nude photo theft
A hacker was sentenced to eight months in prison on Wednesday for a scheme that exposed intimate photos of the actor Jennifer Lawrence and other celebrities.
George Garofano, 26, was accused of illegally hacking the private Apple iCloud accounts of 240 people, including Hollywood stars as well as average internet users, allowing their nude photos and private information to be spread around the internet.
He was one of four people charged in the 2014 hacking scandal, in which private photos of Lawrence, Kate Upton, Kirsten Dunst and others were published online. Lawrence said at the time the invasion was equivalent to a sex crime, and called for tougher laws.
A federal judge at a US district court in Bridgeport, Connecticut, ordered Garofano to serve the prison term followed by three years of supervised release.
iCloud leaks of celebrity photos, aka "The Fappening".
Previously: Celebrity Nude Photographs - and Possibly The Flaw that Allowed Them to be Accessed
4chan Introduces DMCA Policy
Reddit Bans Page Where Celebrity Nude Photos were Shared
Related Stories
PapayaSF and AnonTechie write in with 2 stories which seem to be linked. The first is the leak of nude and personal photographs of celebrities, and the second is perhaps the flaw that allowed someone to access the photographs.
Stars Exposed in Massive Nude Photo Leak
Nude celebrities, bitcoins, and Apple: it's a story seemingly designed to stir up the entire internet. Scores of private photos of celebrities such as Jennifer Lawrence, Kate Upton, Selena Gomez, Ariana Grande, Kirsten Dunst, and Mary Elizabeth Winstead have been leaked (allegedly from Apple's iCloud), and posted on 4chan in exchange for bitcoins. A list of 100+ names has appeared, but pictures have not yet appeared for many names on the list (including Kate Bosworth, Kim Kardashian, Rihanna, and Kaley Cuoco). Victoria Justice claims the photos of her are fake. Twitter accounts are being shut down. The story is still developing, so grab your popcorn.
This could be the Apple iCloud flaw that led to celebrity photos being leaked.
An alleged breach in Apple’s iCloud service may be to blame for countless leaks of private celebrity photos this week.
On Monday, a Python script emerged on Github (which we’re not linking to as there is evidence a fix by Apple is not fully rolled out) that appears to have allowed malicious users to ‘brute force’ a target account’s password on Apple’s iCloud, thanks to a vulnerability in the Find my iPhone service. Brute force attacks are where a malicious user uses a script to repeatedly guess passwords to attempt to discover the correct one.
The vulnerability allegedly discovered in the Find my iPhone service appears to have allowed attackers to use this method to guess passwords repeatedly without any sort of lockout or alert to the target. Once the password has been eventually matched, the attacker can then use it to access other iCloud functions freely.
TorrentFreak reports:
After doing without an element needed for safe harbor protection, 4chan has just introduced an official DMCA policy. The decision comes in the wake of the celebrity photo leak known as The Fappening and 4chan users' connections to it. In the meantime, the leaked image library has clocked a million torrent downloads.
While most US-based user-generated content websites should not entertain operating without safe harbor, the way 4chan is set up provides a unique scenario in respect of infringing content being posted by its users.
“Threads expire and are pruned by 4chan’s software at a relatively high rate. Since most boards are limited to eleven or sixteen pages, content is usually available for only a few hours or days before it is removed,” the site’s FAQ explains.
Reddit has closed the board that became a hub for the leaked nude photos of Jennifer Lawrence, Kate Upton and other celebrities.
The massive celebrity photo leak originated on image-sharing site 4chan, but a Reddit page called “r/thefappening” quickly became a heavily trafficked page where users were sharing links to the stolen pictures.Reddit CEO Yishan Wong, in a post entitled “Every Man is Responsible for His Own Soul” on the Reddit blog, explained the site’s reasoning.
[…]
Reddit systems administrator Jason Harvey, also known by his Reddit username alienth, gave further explanation of the decision, along with providing a rundown of what happened after the massive leak. “The situation we had in our hands was the following: These subreddits were of course the focal point for the sharing of these stolen photos,” Harvey wrote. “The images which were DMCAd were continually being reposted constantly on the subreddit. We would takedown images (thumbnails) in response to those DMCAs, but it quickly devolved into a game of whack-a-mole. We’d execute a takedown, someone would adjust, reupload, and then repeat. This same practice was occurring with the underage photos, requiring our constant intervention.” “It became obvious that we were either going to have to watch these subreddits constantly, or shut them down. We chose the latter. It’s obviously not going to solve the problem entirely, but it will at least mitigate the constant issues we were facing. This was an extreme circumstance, and we used the best judgement we could in response.”
What do SN denizens make of all this?
(Score: 1, Insightful) by Anonymous Coward on Sunday September 02 2018, @12:46PM (8 children)
Don't upload nude photos of yourself the internet, and nude photos of yourself won't be shared with the internet.
OTOH hackers can really suck.
(Score: 2) by takyon on Sunday September 02 2018, @01:01PM (4 children)
You had it right in the first line. There's several billion people on the planet, and a lot of bots. Valuable insecure systems will be hacked eventually, especially if social engineering is all it takes. Do these four "hackers" suck, or are they just inevitable?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Touché) by Anonymous Coward on Sunday September 02 2018, @01:47PM (2 children)
They do suck, since they got caught.
(Score: 2) by takyon on Sunday September 02 2018, @01:57PM
Good point. They broke Rule #1.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Wednesday September 05 2018, @01:02PM
I don't suck. I get hair in my teeth then.
(Score: 0) by Anonymous Coward on Sunday September 02 2018, @01:58PM
They inevitable suck. Or perhaps they suckly unavoid.
(Score: 2) by Thexalon on Sunday September 02 2018, @09:09PM (2 children)
How about don't take nude photos of yourself, period. Odds are, however private you think they are, they aren't that private.
For instance, if you take them, and give them to a partner, odds are very good that they'll be in the hand of a potentially vindictive ex at some point in the future. Or if you take them, and keep them on your own computer, and you have someone about to become a vindictive ex, they'll at least consider taking them from your own computer.
Vote for Pedro
(Score: 1, Funny) by Anonymous Coward on Sunday September 02 2018, @11:14PM
I got to see every single one of my friends ex-gf's naked. He was mad when I would not reciprocate. "dude that is disrespectful". He did not understand.
Yeah, do not take naked pictures.... ever.
(Score: 0) by Anonymous Coward on Tuesday September 04 2018, @02:27PM
Given that parents can now be arrested for taking photos of their naked baby? I agree.
(Score: 0) by Anonymous Coward on Sunday September 02 2018, @01:56PM (2 children)
This clown didn't hack anything. He used a phishing scam to get usernames & passwords and later claimed he used a brute force attack but could not provide any details or proof.
I realize pop culture has hijacked the original meaning of hacker, but let's not start calling fake login-page scam artists "hackers".
(Score: 1, Insightful) by Anonymous Coward on Sunday September 02 2018, @03:47PM (1 child)
i'm sure you know this, but just for the hive mind record, they like to use "hacked" for everything because they want to create apathy and they want people to believe it's unavoidable(l337 haxxors and all). this way, they are not held accountable in the court of public opinion for their ignorance/cheapness/evilness. this jedi mind trick also makes people not ask questions about the whole situation like "should i be uploading my private data to some slaveware peddling scum's server". jennifer lawrence's response is pretty illustrative of the slaves' mindset. they think "i paid good money for this shiney slaveware ( i like funding the enemies of free humanity every chance i get b/c i'm a fuckhead that way) and now that it's exposed for what it is, but i still don't understand it, i want my other masters in the government to do something about it". sad...
(Score: 0) by Anonymous Coward on Sunday September 02 2018, @06:57PM
Rumor is the guy 'hacked' *one* phone. #metoo
(Score: 2) by srobert on Sunday September 02 2018, @06:15PM (2 children)
8 months in prison. How much money did the guy get for the pictures? It's not a rhetorical question, but a practical one. I'm trying to decide whether it would be worth 8 months in prison or not.
(Score: 1, Funny) by Anonymous Coward on Sunday September 02 2018, @08:34PM
If he can get a smuggled cell phone, he could fap to the pictures he gifted to the world. #EverydayHeroes
(Score: 1, Insightful) by Anonymous Coward on Monday September 03 2018, @01:24AM
The attorney fees for federal felony charges are astronomical. If it goes to trial they are worse by an order of magnitude.
I'm sure any guilty plea also includes surrendering proceeds from the crime, and it may also include fines.
I don't think it was worth the money, let alone the 8 months in federal prison.
(Score: 3, Interesting) by MichaelDavidCrawford on Monday September 03 2018, @10:14AM
-er.
Oh. I can't.
Well I do plan to purchase an Android phone sometimes soon, not to write Apps but to screw around with Android Platform Development [soggywizards.com]. As opposed to App Development which is mostly done in Java, Platform Development is done in C, C++, sometimes a little Assembler, with a focus mostly on drivers and the Board Support Package.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by Phoenix666 on Monday September 03 2018, @09:18PM
The Biggest Crime the guy committed was to expose the fact that celebrities are regular people like everybody else. He punctured the carefully crafted mystique they surround themselves with. They pay a lot of money to image consultants, designers, PR agents, and the like to make everything about how they look and act seem more beautiful and so much cooler than the rest of us. Then you see the pictures Jennifer Lawrence sent to her boyfriend of her new bikini and all that crumbles away. She's like that old girlfriend you had who liked to walk around the house half naked. Or you see the pics of one of the other celebrity women involved in the same hack, without her makeup, and she looks like a regular person.
So that's it. The guy spoiled the tease.
I'm grateful for it, myself. Those who have built towering heights from which to look down on the rest of humanity need to be brought back down to earth.
Washington DC delenda est.