Scarlett Johansson Photo Arrest Latest in FBI War Against Hackers

A racy photo of songbird Christina Aguilera appeared on the Internet in December 2010. Explicit shots of TV actress Renee Olstead soon followed. Then, last month, two pics of Scarlett Johansson showed up, one of them of the Lost in Translation actress posing seductively with her top off. Plenty of theories abounded about who was responsible for the attacks on the private lives of Hollywood’s hottest celebrities. Was it a hacker group? Or was blackmail involved? Or both?

According to federal authorities, the culprit has turned out to be a 35-year-old unemployed Florida man named Christopher Chaney, who lived in a home owned by his parents. Chaney isn’t affilated with any of the troublemaking hacking groups such as Anonymous, Hollywood Leaks or Lulz Security, and “acted alone,” said Assistant United States Attorney Wesley Hsu, chief of the Cyber and Intellectual Property Crimes Section.

Chaney wasn’t after credit-card numbers, part of a blackmailing scheme, or using the photos as a launchboard for a cause. Instead, he apparently did it for the thrill of it. If convicted as charged, the doughy, bespectacled Chaney could get more than 120 years in prison.

After Chaney appeared in a federal court in Florida on Wednesday, he was released on $10,000 bail and ordered by a judge to move back in with his parents. He told Action News in Jacksonville that his foray into hacking began “as curiosity and it turned to just being addictive.”

Chaney said he “wasn’t attempting to break into emails and get stuff to sell.” Instead, he said, he was addicted to “seeing the behind-the-scenes of what’s going on with the people you see on the big screen.”

Steven Martinez, assistant director in charge of the FBI’s Los Angeles field office, called Chaney’s scheme a “disturbing and rising trend.”

“These hackers are sophisticated,” he said. “It has been a cat-and-mouse game since the beginning.”

According to federal authorities, Chaney began hacking the Google, Apple, and Yahoo email accounts of celebrities last November. After figuring out their email addresses, he then discovered their passwords by trial and error after painstakingly mining dozens of celebrity magazines and websites. Once he had access, he would go through their emails looking for photos, personal information, and movie scripts. During a four-month period, he cracked the passwords of close to 50 celebrities’ accounts by finding out their secret passwords, such as the name of a pet or a mother’s maiden name. Once he obtained the data, he said he offered it to several celebrity websites, which posted the photos online.

Tsu said Chaney used an email program that forwarded any messages the celebrities received to his account. It also allowed Chaney to continually receive victims’ emails even after a password had been reset. He used several aliases such as “trainreqsuckswhat,” “anonygrrl” and “jaxjaguars911.”

According to sources, federal agents got wind of Chaney’s hacking scheme when a celebrity contacted the agency to inform them that their email account had been breached. Agents confiscated Chaney’s computer in February. The day before he was arrested, a federal grand jury in Los Angeles charged Chaney with accessing protected computers without authorization, damaging protected computers without authorization, wiretapping, and aggravated identity theft, among other things.

The investigation was dubbed “Operation Hackerazzi.”

Chaney’s arrest is the latest in a series of high-profile arrests made by federal authorities to crack down on computer hacking. The problem continues to grow, authorities say. Currently, the U.S. attorney’s office in Los Angeles has 10 prosecutors assigned to its unit.

“It is prolific,” said Hsu. “There is a lot of it out there.”

Last month, the Los Angeles office arrested 23-year-old Arizona college student Cody Kretsinger for breaching the computers at Sony Pictures Entertainment. Kretsinger was a member of Lulz Security, or LulzSec, a group that has been linked to hacking scandals involving government agencies and businesses. According to the indictment, Kretsinger, who went by the moniker “recursion,” grabbed the emails and passwords of people who entered contests promoted by Sony and then gave them to members of LulzSec who posted the material on its website.

In June, a 31-year-old paraplegic named Luis Mijangos was charged with federal extortion after he allegedly hacked into the computers of dozens of teenage girls and women looking for intimate photos and videos, and then attempted to extort them, threatening to send the images to friends and family unless they made him new sexually explicit videos. Mijangos, who claimed he was a member of an underground gang of Mexican hackers, targeted at least 44 girls and 186 women, mostly in Southern California.

“He did it for power over the girls,” said FBI spokesperson Laura Eimiller.

In January 2010, Brian Mettenbrink, an Iowa State University student, pleaded guilty to the charge of unauthorized access of a protected computer for his involvement in the Web attack against the Church of Scientology, which was spearheaded by Anonymous, an international collective of hackers. Mettenbrink, then 20, told authorities that he downloaded software from an Anonymous Internet message board that he used to knock down the Scientology websites and make them inaccessible to visitors.

“They said they were declaring war on the Church of Scientology,” said Hsu. “Anonymous is very loosely associated. If anyone wants to be a member they can call themselves Anonymous.”

A newcomer that is causing headaches for celebrities and Hollywood insiders is Hollywood Leaks, a small splinter group of Anonymous. The group began breaking into the email accounts and leaking information over the summer and even released a YouTube video stating: “Attention Hollywood we are Anonymous. We have been watching you. We have been listening to you. You have been allowed to run free too long.” (After the Johansson pics were leaked, Hollywood Leaks said they had nothing to do with it. If they did, they would have put them on their site first.)

The group said it was responsible for hacking the email account of an actor in the Tom Cruise movie Rock of Ages. Once inside, the group discovered a copy of the script sent by the movie’s director, and downloaded it. It ended up on the Pirate Bay website. The same group also claimed it hacked into the Twitter account of rapper Kreayshawn, and posted the cellphone numbers of a number of celebrities, including Miley Cyrus. No one has been charged so far in any of those attacks, said Eimiller.

The phenomena gained notoriety in 2005 when hackers gained access to photos on Paris Hilton’s phone by guessing her password: “tinkerbell,” the name of her Chihuahua. Since then, a number of high-profile celebrities, such as High School Musical actress Vanessa Hudgens, Lady Gaga, and Ke$ha, have been hacked.

“These people are scum,” said U.S. Attorney Andre Birotte, Jr. “While the case against Mr. Chaney involves celebrities who were targeted because of their fame, this case reminds us that we are all potential victims of computer hackers.”