Cybercriminals never hack and tell. Or, at least, they shouldn’t. After boasting of his hacks, Christopher Chaney, the man responsible for getting ahold of nude photos of actress Scarlett Johansson, might be facing a 71-month prison sentence. In addition to time behind bars, Chaney may be forced to pay $150,000 in compensation to Johansson and the rest of his victims.
A recent Los Angeles Times article broke down the payments according to each victim. Prosecutors have asked the judge to order the following payments: $7,500 to Christina Aguilera; $66,179.46 to Scarlett Johansson; $76,767.35 to Renee Olstead, an actress best known for the TV show “The Secret Life of American Teenager”; and $10,374.59 to Aftra Health Fund.
Chaney admitted to hacking celebrity email accounts in a spree that went from November 2010 to October 2011, the LA Times reported. And he didn’t keep the gossip and photographs he got to himself. Prosecutors used the statements Chaney made to GQ Magazine to show he was not remorseful. In the GQ Magazine article, Chaney described the feeling of breaking into so many celebrity emails as a rush.
How Chaney hacked Hollywood
Although Chaney didn’t have a lot of technical knowledge, he managed to compromise the privacy of 50 people in the entertainment industry. How did he do it? According to a GQ Magazine article, through a mixture of trial and error, a little social engineering and maybe even a little luck.
“Finding a working e-mail address was a simple process of trial and error,” the article states. “In a Word document, he made a list of random celebrities and, one by one, entered them into Gmail -first name followed by last -until, days later, an address was finally accepted.”
The article goes on to describe how Chaney used the password recovery feature to break into victims’ accounts. Using sites like Facebook to identify friends’ names and Classmates.com to find old school buddies, Chaney was able to answer password security questions. He used compromised contact lists to identify other private emails and break into those accounts as well.
Should the prosecutors’ sentence be delivered? Is 71 months enough time in prison for Chaney? Are the fines enough? Let us know in the comments!