Middle-aged US bloke pleads guilty to iCloud celeb nude photo hack A 36-year-old US man has admitted hacking into the iCloud and Gmail accounts of celebrities through a long-running phishing attack. Ryan Collins, from Lancaster in Pennsylvania, admitted he had illegally accessed and downloaded images from 50 iCloud accounts and 72 Gmail accounts that he had managed to compromise through …
Surely that means it's not unauthorised?
I think recently car Insurance companies have been arguing that leaving your keys inside a locked house but in view still doesn't count as you paying due care to the security of your vehicle.
So why's it different if you provide someone with a username and password to your email account? You authorised them to use your credentials and provided them with those credentials.
What he did was wrong, it was a breach of privacy, but the victims are equally to blame for giving out their usernames/passwords.
Equally to blame? Presumably in the way in which rape victims are equally to blame on account of wearing a short skirt? Or in the way in which a carjacking victim is for not locking their doors when in the car? Or that I would be if I got burgled because I didn't brick up my windows?
FFS.
They didn't give permission, therefore it was still a crime. Likewise if I ask someone to keep an eye on my pint for a minute I don't give them permission to drink it.
That said, you should be able to tell people to keep their passwords secret without being accused of victim blaming. Otherwise there is no security.
Presumably the difference is the element of fraud. The alleged "hacker" in this case misrepresented himself as an employee of Apple and/or Google. If he'd emailled his targets and said "Hi I'm Ryan Collins, a complete randomer from Lancaster PA - can I have your passwords please?" then he might be in the clear rather than the clink.
He pled guilty to one count of unauthorised access to a computer system.
That doesn't mean that was one of the 122 accounts he accessed (which will be 122 separate counts of phishing or fraud or whatever that actually is in legal terms when you trick the victim into granting you access). It's an entirely different and charge.
But the evidence on that one unauthorised access was probably the best evidence they had of securing a conviction without going to court, the threat to him being a court might find him guilty of the 122 counts of fraud and a substantially larger sentence.
Not really - the person who steals your house keys from the car, breaks into your house and nicks your stuff is still breaking the law - whether your insurance company will give you the money back is a completely different thing. Same here. Whilst you may be a bit dim in giving out your details to a phisher, that doesn't make it lawful for the phisher to use them. As with an unlocked house, just because you CAN access a computer system doesn't mean that it is lawful for you to do so.
I would agree if he actually said, "Hi, I'd like your username and password so I can rifle through your files." But he claimed to be from, Apple or Google and almost certainly said it was to "verify their identity" or something of the sort, so I don't think that really counts as giving him permission to do what he did.
>the victims are equally to blame for giving out their usernames/passwords>
Unfortunately, the wording here gives a leg-up to those who are inclined to invoke 'victim-blaming' at every pass. It's the word "equally"; it's inclusion puts the celebs affected in the same class (or fix) as the perpetrator. Yes, it's acknowledged that what he did deserved at least a fingering, but they shouldn't (and didn't) share his punishment. They should, though, be recognised as bearing some of the responsibility for the breach for having opened the kimono so wide and so readily.
*cough*
I find it depends on two things:
1) How many times you need to wee in the night after a jolly good session- once you can no longer hard core it and power piss in the morning then you are middle aged. Once you need to go more than once in the night then you are getting on. When you live on the khazi then you are old.
2) how many times you say "blimey, when I was a kid it wasn't that bad". Maybe once is ok but repeating yourself then you are getting on.
Well according to this piece on philly.com the average male life expectancy in Lancaster, PA is a tick under 78 so half of that would be 39. If we're dividing it into three bands then anything between 26 and 52 falls in the middle. Didn't think it started so low, did you?
well... according to your average Teenager anything over 20 is "old"...
Perspective is everything.. Personally I'm on final approach to 50, but I will apply Interesting Times to anyone who calls me/treats me as Old. I am, however, slowly starting to entertain the option that "middle aged" may or may be applicable in the near future. Say.. the next decade or so..
It's a stretch to call 36 "middle aged", there's no dictionary definition which would make 36 middle aged, and dictionaries usually reflect the popular zeitgeist, so I think the El Reg is using it in a way which does not match common understanding.
https://en.wikipedia.org/wiki/Middle_age
"Celebrity nude photos stolen from hacked cloud" seems to be a story that recurs every few weeks. newspapers could keep the page as a template and just change the names. What I can't understand is the back-story:
Agent Congratulations, Miss X, you've got the part/won a quiz show/appeared in a tabloid story/etc. You're a celebrity!
Miss X Whoopee! I'll rush off home and upload lots of nude selfies to AWS.
"....Fishy
So, he managed to get the private email addresses (not PR managed ones) of all these celebs and they all responded to the phishing emails? Wasn't there talk of an iCloud backdoor that was firmly shut soon after this happened? Seems some kind of deal has been made to cover that up..."
That was my first thought too - so many celebs' private email addresses and they all responded to phishing emails from addresses formed like tech_support107@gmail.com according to (I think it was) the BBC website.
Of the two things there (I can see _some_ of them being dumb enough or out of touch with reality enough to respond to such emails) that he somehow had access to all their personal email addresses is somewhat suspect.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
