Christopher Chaney, the Florida man who hacked into the personal e-mail accounts of more than 50 people associated with the entertainment industry—including actors Scarlett Johansson, Mila Kunis, and Renee Olstead—was sentenced late Monday to 120 months in federal prison.
In custody since March when he pleaded guilty to nine felony counts, including wiretapping and unauthorized access to protected computers, Chaney, 36, of Jacksonville, was sentenced by U.S. District Court Judge S. James Otero. He was also ordered to pay $66,179 in restitution and serve a three-year term of supervised release.
At Monday’s hearing, Judge Otero said Chaney’s conduct demonstrated a “callous disregard to the victims”—particularly, two non-celebrity victims, each of whom was stalked by Chaney for more than 10 years.
In his ruling, Judge Otero made a particular finding that extreme emotional distress can be as devastating as a physical injury in cyber related crimes.
“Illegal wiretapping gave Mr. Chaney access to every e-mail sent to more than four dozen victims and allowed him to view their most personal information,” said U.S. Attorney André Birotte, Jr. “Mr. Chaney is responsible for causing dozens of illegally obtained, private photographs to be posted on the Internet, where they were available for all to see. This case is a sobering reminder that cybercrime poses a very real threat to every American, and everyone should take steps to safeguard their identities and personal information on the Internet.”
The Assistant Director in Charge of the FBI’s Los Angeles Field Office commented: “For many victims, Mr. Chaney’s actions were tantamount to breaking and entering of their private homes by a thief in the night. Mr. Chaney methodically targeted his victims based on their celebrity without regard for the law or the impact the theft of personal and intimate details would have to their lives. This case illustrates the need for cyber security vigilance by computer users and, in addition, may serve as a deterrent for anyone contemplating similar intrusions.”
When Chaney initially plead guilty, he admitted that from at least November 2010 to October 2011, he hacked into the victims’ e-mail accounts by clicking on the “Forgot your password?” feature and then re-setting the victims’ passwords by correctly answering their security questions. By properly guessing the answers using publicly available information found on the Internet, Chaney gained exclusive control of the victims’ e-mail accounts, and was able to access their e-mail boxes. While in the accounts, Chaney also went through their contact lists to find addresses of potential new hacking targets.
In relation to the wiretapping charges, Chaney admitted that he altered e-mail account settings by inserting his own e-mail address into the forwarding feature so that he would receive, without the victims’ knowledge, a duplicate copy of all incoming e-mails. Most of the victims did not check their account settings, so even after they regained control of their e-mail accounts, Chaney’s e-mail address remained in their account settings.
Chaney admitted that as his hacking scheme became more extensive, he began using a proxy service called “Hide My IP” because he wanted to “cover his tracks” and not be discovered by law enforcement agents. Even after his home computers were seized, Chaney used another computer to hack into another victim’s e-mail account.
As a result of his hacking scheme, Chaney obtained private photographs and confidential documents, including business contracts, scripts, letters, driver’s license information, and social security information. On several occasions, Chaney sent e-mails from the hacked accounts, fraudulently posing as the victims requesting more private photographs and information.
Chaney e-mailed many of the stolen photographs to others, including another hacker and two gossip websites. As a result, some of the stolen photographs were posted on the Internet.
The investigation of Chaney and his hacking activities was conducted by the Federal Bureau of Investigation.