A year and a half after the images made their way online, the U.S. attorney’s office in Los Angeles announced that it has tracked down a man who stole them.
Ryan Collins, a 36-year-old from Lancaster, Pa., has agreed to plead guilty to a felony violation of the Computer Fraud and Abuse Act arising from illegally accessing a protected computer to obtain information.
Though the leak in September 2014 set off a frenzy of concerns about the security of the cloud, it turns out that Collins stole the images via a good old-fashioned phishing scam. In his plea agreement, he details how he posed as Apple or Google administrators using official-seeming email addresses, like “email@example.com” and “firstname.lastname@example.org” to trick women into giving him their usernames and passwords. He then used those to search the victims’ email accounts for intimate videos and photos and other private information.
According to the agreement, Collins used this scheme to hack about 50 iCloud accounts and 73 Gmail accounts between November 2012 and September 2014. Most of his victims were female celebrities, court records show, but none of the victims are named.
But investigators haven’t found any evidence linking Collins to the actual leaks, or proving that Collins shared the images with anyone else. It’s not clear how many of the photos shared during Celebgate came from Collins’s hacks, or how they wound up online.
According to the U.S. attorney’s office, an 18-month prison term for Collins has been recommended, although he could see as much as five years.
Whatever the sentence, it will not put an end to the investigation into the leak, which targeted a host of Hollywood stars — Lawrence, Upton, Anna Kendrick, Kirsten Dunst — plus other well-known women, including FIFA World Cup winner Hope Solo and Olympic gymnast McKayla Maroney.
In an interview with Vanity Fair, Lawrence called the hack a “sex crime.”
“It is not a scandal,” she said. “… It is a sexual violation. It’s disgusting.”
The U.S. attorney’s office told Gawker that the case against Collins is “directly related” to raids in Chicago in the fall of 2014. According to the Chicago Sun Times, federal authorities traced the IP addresses used to hack into hundreds of iCloud accounts back to two inconspicuous homes on the city’s South Side. Legal records show that they left with several computers, cellphones, a Kindle, floppy disks, hard drives and thumb drives, according to the Sun Times, but no charges have been filed.
That investigation is “ongoing,” the U.S. attorney’s office told Gawker.