A man has pleaded guilty to U.S. Justice Department charges of hacking into the Apple accounts of famous athletes and musicians, using them to embark on a spending spree.
Victims included “rappers” as well as “college and professional athletes,” including people in the NBA and NFL, the Justice Department said while declining to name specific people. The hacker, Kwamaine Jerell Ford of Georgia, began targeting accounts in March 2015 with a phishing scheme, pretending to be an Apple support representative needing logins, passwords, and/or the answers to security questions.
Ford convinced people this was necessary to reset an account or access videos people were sending, the Department elaborated. In reality he set about hijacking accounts by resetting passwords, changing email contacts, and editing security questions. Apple is said to have recorded “hundreds” of unauthorized logins.
This in turn gave Ford access to the credit cards of several people, which were used to rack up “thousands of dollars” in furniture, travel expenses, and direct money transfers.
Ford was originally indicted on six counts in April 2018, including charges of wire fraud, computer fraud, access device fraud, and aggravated identity theft. In the end he pleaded guilty to just one count of computer fraud and one of identity theft. A sentencing hearing is scheduled for June.
Phishing is a recurring problem with Apple and other platform holders. The best-known Apple-related incident was “Celebgate,” which targeted over 200 iCloud, Yahoo, and Facebook accounts owned by celebrities and others. With some celebrities, nude photos were stolen and spread rapidly online.
The best defenses against phishing are enabling two-factor authentication and maintaining a skeptical attitude, since Apple support representatives don’t contact people out of the blue or demand login information.