A man who admitted to illegally accessing email accounts belonging to more than four dozen celebrities to steal their private photos and confidential documents was sentenced to 10 years in federal prison by a U.S. District Court judge in Los Angeles on Monday.
Christopher Chaney, 36, of Jacksonville, Fla. was also ordered to pay a fine of more than $66,000 as restitution for his crimes.
Chaney was arrested in November 2011 and has been in custody since March, when he pleaded guilty to nine felony counts, including unauthorized access to computers and wiretapping. He faced a maximum of more than 120 years in prison.
According to the U.S. Attorney's office in Los Angeles, Chaney gained access to the email accounts of Mika Kunis, Scarlett Johansson, Renee Olstead and dozens of other celebrities by resetting their passwords using the "forgot your password" feature. Chaney apparently used publicly available information on the celebrities to correctly answer the security questions needed to reset the passwords on the Gmail, Apple and Yahoo email accounts they used.
Once he gained access, Chaney looked through the contact lists for more victims. He also changed the account settings on each email account he accessed so he would have a duplicate copy of all incoming mail forwarded to his own email account. That allowed him to receive email meant for the celebrities -- even after they regained control of their accounts.
Chaney collected numerous private photographs, business contracts, letters, scripts, driver's license information and Social Security Numbers. In several instances, he sent emails from the compromised accounts asking for more photographs, the FBI said in a statement.
Many of the photos were then forwarded to gossip sites. Nude pictures of Johansson and photos of other celebrities were later published online by some sites.
Email account hijackings are not uncommon. In 2008, Tennessee college student David Kernell broke into an email account belonging to Alaska Gov. Sarah Palin by resetting her password after guessing the answers to her security questions. He then took screen shots of the contents of several Palin emails and posted the images online. At the time, Palin was the GOP's vice presidential nominee.
As with Chaney, Kernell also used publicly available information about Palin to guess the correct answers to the questions. Kernell was sentenced to a year in prison.
Earlier this year, a hacker claimed that he had gained access to presidential contender Mitt Romney's email account using exactly the same tactic.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is email@example.com.
Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.