A Jacksonville man was arrested Wednesday, charged with hacking into celebrity email accounts in a computer invasion scheme that led to the posting of private and revealing information, including nude photos of actress Scarlett Johansson, on the Internet, federal authorities said.
Christopher Chaney, 35, was arrested without incident as part of a yearlong investigation of celebrity hacking that authorities dubbed "Operation Hackerazzi."
There were more than 50 victims in the case, including Mila Kunis, Christina Aguilera and actress Renee Olstead, authorities said. Others were named only by initials and investigators wouldn't disclose if they were famous, but said victims named in the indictment agreed to have their identities made public.
"It helps get out the message that cyber-hacking is a real threat," U.S. Attorney Andre Birotte said of the case, describing those who engage in such activity as "scum."
Chaney hacked Google, Apple and Yahoo email accounts beginning last November through February, then hijacked the forwarding feature so that a copy of every email received was sent, "virtually instantaneously," to an email account he controlled, according to an indictment handed up Tuesday by a federal grand jury in Los Angeles.
He allegedly used the hacker names "trainreqsuckswhat," ''anonygrrl" and "jaxjaguars911," and also used the victims' identities to illegally access and control computers. Chaney is accused of damaging email servers that caused losses of at least $5,000 per instance.
Authorities wouldn't say whether Chaney was able to access email accounts via cell phones, but he was able to figure out secure passwords to various celebrity accounts through information that had been made public.
Chaney was arrested by the FBI at his Westside home Wednesday morning and made his initial court appearance in the Jacksonville Federal Courthouse on Wednesday and charged with 26 counts of identity theft, unauthorized access to a protected computer and wiretapping. If convicted, he faces up to 121 years in prison.
Chaney was released to the custody of his parents on $10,000 bail, with one of several conditions being that he have no access to any computer or other device that has access to the Internet. He arrived at his parents' home Wednesday evening, but refused to answer any questions.
He left a note outside his home for the media Thursday that reads, "I understand you are only doing your jobs. I do not resent this or blame the media for trying to get the 'hot' story. I deserve this. My family and neighbors do not. ... Again I apologize and know you have your jobs to do."
Chaney's parents told Channel 4 their son is very smart and just had too much time on his hands.
Celebrities and people in the news have long been targets of privacy invasion but concerns have redoubled in the Internet age.
Authorities said Chaney was responsible for stealing nude photos taken by Johansson herself and were later posted on the Internet. Chaney offered some material to celebrity blog sites but there is no evidence that he profited from his scheme, said Steven Martinez, assistant director in charge of the FBI's Los Angeles office.
"Celebrity information is highly marketable," said Martinez, who added his office continues to receive complaints about celebrities having their personal information breached.
Representatives for Johansson, Kunis and Aguilera did not immediately respond to calls and emails seeking comment.
Chaney "mined through publicly available data and figured out passwords and security questions," Martinez said.
A message seeking comment was left on an answering machine for a Christopher Chaney in Jacksonville. There was no answer at a telephone listing for another Christopher Chaney.
According to the U.S. Attorney's Office, Chaney pleaded guilty to federal mail fraud charges in 1998 in a case involving Prudential Insurance.
Investigators said they hoped the celebrity-infused case will jumpstart those who don't value online security enough to protect their personal information and create more secure passwords that can't be easily figured out by would-be hackers.
"Taking these steps will go a long way in protecting yourself from the financial and emotional costs of having someone intrude on your private life and potentially steal your identity," Birotte said.