Naked celebrity photo hacker used to be a high school teacher

Graham Cluley

Former teacher admits hacking into celebrity accounts to steal naked photos

Former teacher admits hacking into celebrity accounts to steal naked photos

A former high school teacher is to plead guilty to hacking into the online accounts of celebrities and stealing naked photographs and other private information.

30-year-old Christopher Brannan, who taught at Lee-Davis High School in Hanover County, Virgina, was charged back in April with identity theft and unauthorised access to computer systems.

The attacks occurred between August 2013 and October 2014, and saw Brannan hack into accounts on Yahoo, Apple iCloud, and Facebook after guessing answers to celebrities’ security questions using information gleaned from stars’ social media accounts. In addition, Brannan also admitted that he had phished passwords by sending fraudulent emails that posed as messages from Apple’s security team.

According to court documents, Brannan also admitted breaking into, or attempting to hack, the accounts of current and former teachers and students at the high school.

The names of the celebrities who were targeted by Brannan are not likely to be officially released in an attempt to protect their privacy. It must be bad enough having for a woman to have her naked photos appear unexpectedly on the internet, without giving gossip magazines and websites another excuse to publish pixelated screencaps of the stolen snaps in reports about the perpetrator’s guilty plea.

What strikes me about this case is that Brannan’s techniques were not that sophisticated. He guessed the answers to his victims’ security questions by perusing their posts on social media, and phished passwords by posing as Apple’s security team.

Both of these threats are easy to counter if you know how:

  • When choosing the answer to a security question on a website account, *never* tell the truth when asked the name of your best childhood friend, favourite holiday destination, or place where you met your partner. Instead, use a decent password manager to generate a random sequence of characters (just as you would with a password) and use *that* as the answer to your security question. Of course, you won’t be able to remember that security answer – so get your password manager to remember it for you.
  • Enable two-factor authentication (2FA) for your online accounts wherever possible. That way, it will be much much harder for an unauthorised person to access your online account even if they do manage to phish your password from you. I’ve included a helpful list to directions on how to set up 2FA on many online services below.

Christopher Brannan isn’t the last person who will try to break into someone’s accounts for cheap thrills. Make sure you’ve done everything you can to harden your online presence to help keep hackers out.

Read more about two-step verification:

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Naked celebrity photo hacker used to be a high school teacher”

  1. Not to excuse Brannon's behavior, which is unethical and illegal, but I can't help wondering what it is that causes "celebrities" to take naked pictures of themselves and post them on the 'Net, where, as was demonstrated, any ol' hacker can find them and spread them all over. Also, the fact that the same "celebrities" pick passwords and verification information that is 'way too easy to guess, in exactly the same way as a huge chunk of their fan base does. I guess all this shows is that holding such people up as models of behavior and intelligent living is a waste of time.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.




Stay informed!

Join thousands of others by signing-up for the free “GCHQ” newsletter, containing the latest news and tips from security expert Graham Cluley.

Name:

Email:

Yes, I would like to subscribe to email updates from Graham Cluley. I know it’s easy to unsubscribe if I ever change my mind.