FBI Arrests Man Who Allegedly Hacked Celebrities to Steal Nude Photos

Federal authorities have arrested and charged a 35-year old Florida man for allegedly hacking dozens of Hollywood celebrities, including breaking into Scarlett Johansson’s phone and leaking nude pictures of her to the internet.

Christopher Chaney of Jacksonville, Florida, was charged with 26 counts of accessing protected computers without authorization, identity theft, damaging protected computers without authorization, and wiretapping.

Other prominent victims included Christina Aguilera, Mila Kunis, Simone Harouche and Renee Olstead. The FBI says Chaney hacked into the accounts of more than 50 people in the entertainment industry.

The FBI says Chaney used publicly available data about his victims to help him break into their e-mail accounts. For most victims he would then secretly set a forwarding address so every incoming e-mail would be forwarded to an account he controlled.

Chaney allegedly broke into Johansson’s Yahoo account in December 2010, just a month after he’d gotten into Harouche and Augilera’s accounts at Apple’s Me.com email service.

Photos that Johansson took of herself in the nude appeared online in early September, as did photos showing Kunis and Justin Timberlake in intimate settings. Chaney allegedly offered the photos to celebrity-focused blogs, though the indictment doesn’t say if Chaney attempted to sell the photos.

Chaney faces a maximum possible sentence of 121 years in prison. He was arrested in Florida on Wednesday morning and the U.S. District Attorney’s office in Los Angeles want to have him transferred to L.A. for trial.

The FBI says the arrest is part of Operation Hackerazzi, a crackdown on hackers who have been targeting celebrities.

Chaney allegedly used the handle “trainreqsuckswhat,” a clear reference to Trainreq, a 21-year old hacker named Josh Holly who broke into Miley Cyrus’ e-mail account and posted provocative stolen pictures of her online. Holly pled guilty in August to credit card fraud and spam attacks that originated from celebrities’ hacked MySpace accounts. Chaney also allegedly used the handles “anonygrrl” and “jaxjaguars911″.

Photo: In this Feb. 27, 2011 file photo Actress Scarlett Johansson arrives at the 83rd Academy Awards in the Hollywood section of Los Angeles. (AP/Chris Carlson)

More Than 93,000 Sony Customers Affected in New Breach

Sony announced on Tuesday that hackers broke into the accounts of more than 93,000 customers by trying to log in to Sony using a large list of usernames and passwords.

Sony said it believed the intruders collected the log-in credentials from another source, not from Sony’s networks, and were able to gain access to the Sony accounts because customers used the same credentials with their Sony accounts.

Phil Reitinger, Sony’s new chief information security officer, made the announcement on the company’s blog.

He wrote that intruders tested a “massive set of sign-in IDs and passwords” at web sites for several of its properties — Sony Entertainment Network (SEN), PlayStation Network (PSN) and Sony Online Entertainment (SOE). Most of the log-in credentials failed to gain the intruders access, but about 60,000 credentials matched those use by SEN and PSN users; another 33,000 matched credentials for SOE accounts.

“[G]iven that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks,” Reitinger wrote.

He noted that a “small fraction” of the accounts showed activity after they were breached, but that the intruders couldn’t access credit card account information. Sony had since locked all of the accounts accessed through the attack until customers can be notified to change their passwords.

“We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet,” he wrote.

Reitinger’s quick announcement was a departure from the company’s previous handling of a breach it suffered earlier this year, when the company waited a week to tell customers that its PlayStation Network had been hacked, and then was slow to release details. News reports indicate that the newest breach occurred primarily over the weekend between Oct. 7 and 10, just two working days before the company’s announcement.

In the previous case, Sony first discovered evidence of the breach on its PlayStation Network last April 20, but waited until the 26th to notify PSN customers. The company said it notified customers the day after forensic investigators told it that the intruders had hacked its network and obtained the personal information of more than 75 million customers. This was followed by another breach at Sony Online Entertainment, which compromised an additional 25 million customers, and still more breaches at Sony Pictures and Sony BMG.

The initial intrusion forced Sony to take its PlayStation Network offline for 40 days.

The tech giant was subsequently hit with a class-action lawsuit by customers complaining in part that the company failed to adequately secure their data, failed to notify customers of the breach in a timely manner and deprived customers of the use of the network for an extended period of time.

Sony has estimated that the breaches last spring would cost it more than $170 million this year, including expenses for shoring up its network against future attacks.

The company hired Reitinger last month as part of its efforts to improve the security of its networks in the wake of those earlier breaches.

Reitinger has heavyweight credentials in the security community. He was previously Deputy Under Secretary of the National Protection and Programs Directorate and Director of the National Cyber Security Center at the Department of Homeland Security. Before that, he was chief trustworthy infrastructure strategist for Microsoft.

See Also: