Connecticut man sentenced in celebrity photo hacking scandal

A Connecticut man was sentenced to eight months in prison Wednesday for his role in a phishing scheme that exposed intimate photos, many belonging to celebrities.

George Garofano pleaded guilty in April to hacking more than 250 Apple iCloud accounts. He admitted to posing as a member of Apple’s online security team and sending emails to the victims asking for their usernames and passwords.

He was one of four people charged in the 2014 hacking scandal, in which private photos of Jennifer Lawrence, Kate Upton, Kirsten Dunst and others were published online.

“It is not a scandal. It is a sex crime,” Lawrence told Vanity Fair in 2014. “It is a sexual violation. It’s disgusting. The law needs to be changed, and we need to change.”

Garofano was the last of the suspects to be sentenced in the case. Each of the suspects took a plea deal or pleaded guilty to one count of unauthorized access to a protected computer to obtain information.

In 2016, Ryan Collins of Lancaster, Pennsylvania was sentenced to 18 months in federal prison and ordered to pay a $3,000 fine.

Last year, Edward Majerczyk, the son of two Chicago police officers, received nine months in federal prison and was ordered to pay $5,700 in restitution.

Emilio Herrera of Chicago took a plea deal in October. It is unclear whether he has been sentenced.

None of them pleaded guilty to distributing the images.

Investigators have said they did not find any evidence linking the four suspects to the actual leaks or showing they shared or uploaded the information.

Tracking the hackers

FBI agents stormed a home in Chicago in 2014 and seized several computers, cell phones and storage drives in connection with the case after they tracked the source of the hacking to an IP address linked to Herrera.

The IP address linked to Herrera was used to access 572 individual iCloud and Gmail accounts.

The accounts were accessed 3,263 times from the IP address, according to a search warrant.

Many online services lock someone out after several unsuccessful attempts to log in, but at the time of the photo scandal Apple’s “Find My iPhone” app and iCloud did not. That has since changed. Hackers performed what is known as a “brute force” attack, which uses a computer program to generate and test thousands of potential passwords until an account is entered.

The suspects in this case received relatively short sentences compared to the one handed down in another high-profile celebrity hacking scandal.

In 2011, a Florida man hacked several celebrity email accounts, stealing nude photos, scripts and personal information. His targets included actresses Scarlett Johansson and Mila Kunis and singer Christina Aguilera.

Christopher Chaney pleaded guilty to accessing protected computers without authorization, damaging protected computers, wiretapping and aggravated identity theft. He was sentenced to 10 years in prison.

He hacked e-mail accounts by using the “forgot your password?” feature to reset passwords. He used his research of celebrities’ personal information to correctly answer their security questions.

He said the hacking started as a curiosity but he became addicted to spying on celebrities.

Unlike the 2014 case, authorities said Chaney sold or uploaded the information he obtained.