An Illinois man, Emilio Herrera, 32 is facing up to five years in federal prison after signing a plea agreement to a felony violation of the Computer Fraud and Abuse Act, specifically one count of unauthorized access to a protected computer to obtain information, according to the U.S. Attorney’s Office.
From April 27, 2013 till the end of August 2014, Herrera through a phishing scheme sent emails that appeared to be from security accounts of internet service providers and encouraged the recipients to send him their user names and passwords — including more than 550 Apple iCloud and Google Gmail accounts among which belong to female celebrities whom had their nude picture posted via file sharing protocols like BitTorrent around September 2014.
Although he was charged in Los Angeles, the parties have agreed to transfer the case to the Northern District of Illinois for the entry of his guilty plea — he faces up to five years in federal prison — and sentencing.
According to the count documents, after his victims responded, Herrera will then use their user names and passwords to illegally access their iCloud and Gmail accounts. Once inside their accounts, Herrera had access to personal information, including sensitive and private photographs and videos.
The Herrera case is a product of an ongoing FBI investigation into “Celebgate” and its perpetrators.
As early as October, the investigation began zeroing in on an address on the South Side of Chicago, the FBI said in a search warrant affidavit recently unsealed in U.S. District Court in Chicago.
Using phone records and computer identification information called Internet protocol, or IP, data, investigators found that the compromised accounts were accessed by a single computer linked to two email addresses belonging to Emilio Herrera.
In January, another Illinois man was sentenced to 9 months in prison for a related phishing attack targeting more than 300 iCloud and Gmail accounts. Before that, a Pennsylvania man last October was sentenced to 18 month in prison for accessing 50 iCloud accounts and 72 Gmail accounts.
In a related news, hackers have successfully broken into a celebrity London-based plastic surgery clinic, whose clients include Katie Price and even members of royal families.
London Bridge Plastic Surgery (LBPS) has confirmed it fell victim to the cyber attack and said it was ‘horrified’ that highly-sensitive data had been breached – including images of ‘male and female genitalia’.
The hackers are believed to be The Dark Overlord, a group known to international law enforcement agencies, and who have a record of trying to extort its victims – including schools, medical centers and a Netflix production studio.
Speaking about the breach, The Daily Beast claims the group bragged about having pictures of the surgery’s clients, saying: ‘We have TBs (terabytes) of this s***. Databases, names, everything.
In a statement LBPS told the website: ‘We can confirm that the Clinic has been the victim of a cyber attack.
‘We took measures to block the attack immediately in order to protect patient information and we informed the Metropolitan Police who launched an investigation. Regrettably, following investigations by our IT experts and the police, we believe that our security was breached and that data has been stolen. We are still working to establish exactly what data has been compromised.
The group behind the attack are highly sophisticated and well known to international law enforcement agencies having targeted large US medical providers and corporations over the past year. We are horrified that they have now targeted our patients. Security and patient confidentiality has always been of the utmost importance to us.
We invest in market-leading technology to keep our data secure and our systems are updated daily. We are deeply saddened that our security has been breached. We are profoundly sorry for any distress this data breach may cause our patients and our team are available around the clock to speak to anyone who has any concerns by calling 0203 858 0664.’
Although the hackers claim to have information about ‘royal families’ they did not confirm if they were referring to the British one.
The Daily Beast claim when the hackers contacted them they some are extremely private, saying: ‘Many are highly graphic and close-up, showing surgery on male and female genitalia.
Met Police’s Organized Crime Command are now investigating, with a Scotland Yard spokesman confirming they have made no arrests.