Naked celebrity photo hacker used to be a high school teacher

Ex-high school teacher to plead guilty, could be imprisoned for years.

Former teacher admits hacking into celebrity accounts to steal naked photos

A former high school teacher is to plead guilty to hacking into the online accounts of celebrities and stealing naked photographs and other private information.

30-year-old Christopher Brannan, who taught at Lee-Davis High School in Hanover County, Virgina, was charged back in April with identity theft and unauthorised access to computer systems.

The attacks occurred between August 2013 and October 2014, and saw Brannan hack into accounts on Yahoo, Apple iCloud, and Facebook after guessing answers to celebrities’ security questions using information gleaned from stars’ social media accounts. In addition, Brannan also admitted that he had phished passwords by sending fraudulent emails that posed as messages from Apple’s security team.

According to court documents, Brannan also admitted breaking into, or attempting to hack, the accounts of current and former teachers and students at the high school.

The names of the celebrities who were targeted by Brannan are not likely to be officially released in an attempt to protect their privacy. It must be bad enough having for a woman to have her naked photos appear unexpectedly on the internet, without giving gossip magazines and websites another excuse to publish pixelated screencaps of the stolen snaps in reports about the perpetrator’s guilty plea.

What strikes me about this case is that Brannan’s techniques were not that sophisticated. He guessed the answers to his victims’ security questions by perusing their posts on social media, and phished passwords by posing as Apple’s security team.

Both of these threats are easy to counter if you know how:

  • When choosing the answer to a security question on a website account, *never* tell the truth when asked the name of your best childhood friend, favourite holiday destination, or place where you met your partner. Instead, use a decent password manager to generate a random sequence of characters (just as you would with a password) and use *that* as the answer to your security question. Of course, you won’t be able to remember that security answer - so get your password manager to remember it for you.
  • Enable two-factor authentication (2FA) for your online accounts wherever possible. That way, it will be much much harder for an unauthorised person to access your online account even if they do manage to phish your password from you. I’ve included a helpful list to directions on how to set up 2FA on many online services below.

Christopher Brannan isn’t the last person who will try to break into someone’s accounts for cheap thrills. Make sure you’ve done everything you can to harden your online presence to help keep hackers out.

Tags: , , , , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , ,

One Response

  1. Arnold Schmidt

    October 19, 2018 at 3:49 pm #

    Not to excuse Brannon’s behavior, which is unethical and illegal, but I can’t help wondering what it is that causes “celebrities” to take naked pictures of themselves and post them on the ‘Net, where, as was demonstrated, any ol’ hacker can find them and spread them all over. Also, the fact that the same “celebrities” pick passwords and verification information that is ‘way too easy to guess, in exactly the same way as a huge chunk of their fan base does. I guess all this shows is that holding such people up as models of behavior and intelligent living is a waste of time.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.