Written byPatrick Howell O'Neill
A Connecticut man charged with breaking into 240 iCloud accounts as part of the Celebgate saga has pleaded guilty for his role in the crime.
George Garofano, 26, pleaded guilty to one count of unauthorized access to a protected computer to obtain information which carries a maximum prison term of five years. Sentencing has not yet been determined.
He was released on $50,000 bond.
The plea comes as another person charged in the ordeal, Emilio Herrera, was sentenced to 16 months in prison for his role in the crime. Herrera, 32, pleaded guilty last year and was sentenced last month.
‘Celebgate’ refers to an incident in August 2014 when nude photographs of celebrities were posted on public online forms. Garofano and Herrera carried out their attacks using spear phishing emails that appeared to be from Apple.
“Garofano used the usernames and passwords to illegally access his victims’ iCloud accounts, which allowed him to steal personal information, including sensitive and private photographs and videos, according to his plea agreement,” according to a Department of Justice statement released when Garofano first agreed to plead guilty. “In some instances, Garofano traded the usernames and passwords, as well as the materials he stole from the victims, with other individuals.”
The Celebgate scandal prompted Apple to encourage users to turn on two-factor authentication. The company also enabled alerts to iCloud users when anyone changes a password and when anyone accesses data or logs in from a new device.
Phishing attacks against mobile devices are extraordinarily effective and increasingly common, according to a new report. Mobile device’s smaller size makes it more difficult to suss out fraudulent emails.
“Mobile devices have opened a profitable new window of opportunity for criminals executing phishing attacks,” the researchers wrote. “Attackers are successfully circumventing existing phishing protection to target the mobile device. These attacks are highlighting security shortcomings and exposing sensitive data and personal information at an alarming rate.”
Herrera’s sentencing and Garofano’s guilty plea wrap up the third and fourth case related to the incident incident. Edward Majerczyk, 28, pleaded guilty in 2016 and was sentenced to a nine month prison term last year. Ryan Collins, 36, also pleaded guilty and was sentenced to 18 months last year.