This week, the 24-year-old hacker Alonzo Knowles was sentenced to five years in prison after being found guilty in a case involving the hacking of female celebrities’ online accounts. Knowles didn’t stop at stealing what he found in the hacked accounts. He attempted to sell the private emails, unpublished TV and movie scripts, and sexually explicit pictures and videos he stole from them.
The bad news for Knowles, and the good news for those female celebrities that he had targeted was that the person he was trying to sell the stolen material to was an undercover law enforcement officer.
Bahamas-based Knowles met with an undercover cop in New York in December 2015, claiming that he had “exclusive content” that was “really profitable” and worth “hundreds of thousands of dollars.” During their conversations, Knowles admitted that he obtained the material directly from the victims without their knowledge, and claimed to have access to material from up to 130 victims.
Using the pseudonym ‘Jeff Moxley’, Knowles then described how he used a mixture of password-grabbing malware and phishing attacks to steal login credentials from his unsuspecting victims:
During their meeting, Knowles described two methods he used to hack each victim’s email account. The easier method involved sending a virus to the victim’s computer that would enable Knowles to access it. The more difficult method involved Knowles sending a false hacking notification to the Victim and asking the Victim for his passcodes. Once Knowles had used the victim’s passcodes to successfully access the victim’s email account, Knowles, unbeknownst to the Victim, would change the settings in the victim’s email account in order to continue to access to the email account. In order to avoid detection from the Victim, Knowles would delete notifications from the email service provider regarding changes to the settings of the Victim’s email account.
One of Knowles’s victims was former singer turned actor, Naturi Naughton.
In a videoed victim impact statement, Naughton described how she had “never felt more violated and out of control in [her] entire life.”
Callous hacker Knowles does not seem to have had too much sympathy for what he put his victims.
US district Judge Paul A Engelmayer said that jail conversations between Knowles and several women resulted in his prison sentence being doubled. These conversations clearly demonstrated that he was not showing any remorse and continued to pose a threat to society.
We sincerely hope that any celebrities (or just anyone) who had their privacy invade by this hacker has now learned that they need to work harder to protect their online accounts. One valuable lesson that everyone needs to learn – whether in the public eye or not – is to enable multi-factor authentication or two-step verification where available, providing an additional layer of protection.
A typical hacker will find it considerably harder to break into your online accounts if you have two-step verification/authentication turned on. In most cases they will just move on to a softer target.
It goes without saying that strong and unique passwords are essential. Do not use easy-to-guess passwords or passwords reused between different services. Too many people are being simply too lazy with their account security, and making crime too easy for malicious hackers.