LOS ANGELES. In 2014, George Garofano and three other men notoriously hacked and leaked nude photos of several female celebrities. The list included Jennifer Lawrence and Kate Upton. Last April Garafolo pleaded guilty to unauthorized access to a protected computer to obtain this information from 240 accounts. This week, a U.S. District Judge in Connecticut finally sentenced Garofano to eight months in federal prison.
Garafano originally was accused of hacking the iCloud accounts of his victims and allowing their private information and nude photos to be released onto the internet.
A major invasion of privacy
After the hack was revealed, Jennifer Lawrence – one of over 200 movie stars whose iCloud accounts were also hacked – was outraged. The Sun, a UK tabloid, noted her continuing revulsion over the attack, as she expressed it to another publication.
“Speaking to Hollywood Reporter in 2017, she said: ‘When the hacking thing happened, it was so unbelievably violating that you can’t even put it into words.
“I feel like I got gang-banged by the f******* planet – like, there’s not one person in the world that is not capable of seeing these intimate photos of me.
“You can just be at a barbecue and somebody can just pull them up on their phone. That was a really impossible thing to process.'”
From the outset, Lawrence regarded this invasion of privacy as equivalent to a sex crime. Since then, she has fought for tougher laws against such activities. Lawrence’s PR rep has echoed her sentiments. Sources report the rep declaring “This is a flagrant violation of privacy… The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence.”
Authorities and Apple respond to the attack
The authorities responded forcefully. As did Apple. Engineers working for the iPhone creator investigated the incident with the company’s customary thoroughness, according to MacRumors.
“When hundreds of nude celebrity photos began leaking online in 2014, there was initial speculation that iCloud had been hacked, but following an investigation, Apple determined that the accounts had been compromised by weak passwords.”
MacRumors further described that what Apple discovered was not actually a successful hack attack.
“A breach of Apple’s iCloud and Find My iPhone service was not involved in the recent hacking incident that saw the private photos and videos of several celebrities leaked onto the Internet, according to a press release just issued by Apple.
“Instead, celebrity iCloud accounts were compromised by a targeted attack on user names, passwords, and security questions.”
Hacking vs. Phishing
This kind of attack activity on user privacy is known as “phishing.” In other words, Garofano’s Hollywood victims were targets of a phishing attack that obtained enough personal information from the stars themselves to permit the cyber-crook to break into their accounts.
George Garofano managed to commit these crimes because he sent out emails that appeared to be from Apple that encouraged his victims to disclose their usernames and passwords or to input them on a third-party website, which he would later check.
Garofano will do the time for the crime
US District Judge Victor Bolden sentenced Garofano to eight months in prison, followed by three years of supervised release. Lawrence fired off a tweet expressing her delight that Garofano was headed for prison.
Connecticut prosecutors had been fighting for a sentence of 10 to 16 months in prison. But through his attorney, Garofano asked for leniency, requesting a shorter sentence of five months in prison and five months of home confinement.
Media reports state that prosecutors wrote to the court saying that “Mr. Garofano’s offense was serious and he did not engage in this conduct only once but 240 times over the course of 18 months.”
But Garofano’s defense attorney Richard Lynch said that Mr. Garofano has matured and accepted responsibility for his actions, noting that his client has not been in trouble with the law since the phishing attack occurred.
Three other men have already been found guilty of this offense. They received prison sentences of up to 18 months.
After his sentencing, George Garofano issued a statement to the court. In that statement he said he blames nobody but himself. He also noted that he understood his felony conviction would affect him for the rest of his life.
What you can do to avoid becoming the victim of a phishing attack
Meanwhile, according to MacRumors,
“Apple has since made improvements to its iCloud security by adding two-factor authentication to iCloud.com, introducing email alerts when an iCloud account is accessed on the web, and requiring app-specific passwords for third-party apps that access iCloud.”
Phishing attacks often disguise their intent by sending emails that purport to come from a friend of the victim but actually spoof the friend’s account.
Even more sophisticated phishing attacks mimic the appearance of corporate and bank websites. Seemingly authentic, these emails prompt the recipient to provide personal information. They look legit, and countless users fall for the ploy.
Bottom line: No matter what device you’re using to access your email account, never respond to any email by providing passwords, userids, bank account or social security numbers or personal information.
— T.L. Ponick contributed to this article.
Headline image: Jennifer Lawrence at 83rd Oscars. (Image via Wikimedia commons, CC 2.0 license)