In the summer of 2014, an anonymous hacker flooded the Internet with the private nude photos of dozens of major celebrities, including Jennifer Lawrence, Kim Kardashian, Kate Upton, Cara Delevingne and dozens of others. Now, nearly 2 years later and authorities believe they’ve identified the hacker, yet no one is facing charges.
The amass of nude pictures leaked online, dubbed The Fappening, was the result of a hacker who harvested the private iCloud accounts of famous A-list Hollywood celebrities. The hacker was suspected of having access to their accounts for months, harvesting dozens of private photos uploaded into the celebrities seemingly-private iCloud vault.
Who is the suspected hacker?
If you remember back in June of last year, the Federal Bureau of Investigation (FBI) raided the home of a Chicago man named Emilio Herrera, who was accused of using his PC to steal “nude and sexually explicit photographs of dozens of female celebrities.” However months later and Herrera has yet to face charges.
Now, two years later, court documents reveal the FBI’s latest suspect is a man named Ed Majerczyk.
In October of 2014, the FBI raided Majerczyk’s home, another Chicago man believed to be the head of the extremely coordinated Fappening attacks that targeted nearly 100 A-list celebrities.
Majerczyk is suspected of illegally accessing iCloud accounts from his home in Chicago. According to the FBI, they also found various sexual photographs of Jennifer Lawrence on his PC, one of the top victims in his alleged social engineering attacks, court documents obtained by Gawker state.
How he gained access to dozens of accounts
The FBI’s latest target came up after federal agents raided their first Chicago home belonging to Emilio Herrera, an individual believed to be tied to hacking of thousands of Apple iCloud accounts, targeting more than 100 celebrity victims.
According to court documents, Majerczyk would send targets a bogus email from a series of accounts such as ‘firstname.lastname@example.org’ to create a phishing dragnet that fooled even dozens of celebrities into handing over their personal passwords.
In total, the FBI said Majerczyk accessed 330 unique iCloud accounts from his home over a total of 600 times.
Phishing for Jennifer Lawrence
Majerczyk is said to have gained access to dozens of victim’s iCloud accounts after posing as an “Apple Technical Assistant,” which resulted in the celebrities handing over access to their personal photos.
Jennifer Lawrence, a top target in the news who called the leak a “sex crime” had her iCloud account hacked from a simple phishing email. The email came from email@example.com, writing to Lawrence stating:
“Your Apple ID was used to login into iCloud from an unrecognized device on Wednesday, August 20th, 2014. Operating System: iOS 5.4 Location: Moscow, Russia (IP=18.104.22.168) If this was you please disregard this message. If this wasn’t you for your protection, we recommend you change your password immediately. In order to make sure it is you changing the password, we have given you a one-time passcode, 0184737, to use when resetting your password at http://applesecurity.serveuser.com/. We apologize for the inconvenience and any concerns about your privacy. Apple Privacy Protection.”
Lawrence quickly forwarded the phishing email alert to her assistant who presumably changed her password and gave the hacker direct access to her private iCloud vault.
Court documents show how Majerczyk used a number of deceptive web domains and fake security warnings to appear as authentic alerts from Apple, all to phish the accounts of popular Hollywood celebrities.
While court documents begin to unravel the ongoing Fappening saga, the entirety of the case remains shrouded in mystery. Why would a skilled hacker hijack thousands of iCloud accounts, especially those of A-list celebrities, and access them with his home IP address. Also, why is the FBI keeping the investigation so secret?
As more information becomes available, we will keep you updated.