Scam of the day – December 9, 2016 – Celebrity hacker sentenced

Since 2014 I have been reporting to you about a string of celebrity hackings in which nude photos, videos and other personal material were stolen by a number of different hackers who have been caught, put on trial and sentenced.  The latest celebrity hacker to be convicted for his crimes is Alonzo Knowles who hacked into the emails of various celebrities and athletes from whom he stole not just nude photos and videos, but also unreleased movie and television scripts, unreleased music and financial documents all of which he tried to sell for profit.  Knowles pleaded guilty and his attorneys asked for a sentence of fourteen months in prison.  Instead the judge sentenced him to five years in prison which was considerably more than the recommended federal sentencing guidelines of 27-33 months.  Contributing to the larger sentence was the fact that while in prison awaiting sentencing, Knowles used the monitored prison email system to send out emails in which he bragged about his plans to write a book including photographs in which he would expose the secrets of his victims.  For a sophisticated cybercriminal, this was an incredibly stupid action that showed a lack of remorse to the sentencing judge.

TIPS

Knowles managed to hack into the email accounts of his victims by first targeting friends of his victims.  He identified friends of his victims through photographs appearing on line and then hacked into the email accounts of these people, taking control of the accounts, gathering personal information including telephone numbers from the accounts and then emailing his celebrity targets with spear phishing emails that enabled him to get information from the celebrity victims.   You may remember that the fact that Hillary Clinton was using a private email server while acting as Secretary of State was disclosed not by a hacking of her email, but by a hacking of the email account of one of her advisers, Sidney Blumenthal.

This case serves as another reminder of the important cybersecurity steps we all need to take, particularly in regard to using email.  For personal emails you may wish to use a separate email account than the one you use generally that may be more easily discovered.  You should also use a security question that is not easily guessed or obtained through research.  Colin Powell and many others became victims of email hacking because their security questions were easily guessed enabling the hacker to change their passwords.  I suggest using a nonsensical answer to the email question, such that if the question is what is the maiden name of your mother, you indicate something totally unrelated, such as “firetruck.”  Another option, as cleverly suggested by a regular Scamicide reader is to just add some digits at the end of the answer so, for example, your mother’s maiden name could be “Smith1234.”

It is also important not to store sensitive data in your email folder.  To protect yourself from hackers, you may wish to both encrypt sensitive information on your computer and store it in a portable USB hard drive to protect it from ransomware attacks.  It is important to recognize that anytime you are asked for personal or sensitive information in an email, you can’t be sure if the person contacting you is someone you know and trust or whether their email account had been hacked as was done in this case so never provide personal information in response to an email or text message unless you have confirmed the identity of the person contacting you.   Trust me, you can’t trust anyone.

Dual factor authentication for all accounts where you may have sensitive information is also important.