Celebrity Phone Hacking 101 – and How to Prevent It

The FBI reportedly is hunting for a hacking ring suspected of targeting female celebrities and stealing photos and videos from their computers and smartphones.

Some 50 celebrities are said to have been victimized. Gossip website TMZ has listed Vanessa Hudgens, Miley Cyrus, Selena Gomez, Scarlett Johansson, Jessica Alba, Christina Aguilera and Renee Olstead as among the targets of the alleged hackers.

Contacted by AOL News, the FBI said it could neither confirm nor deny the existence of an investigation into the hacking ring. According to TMZ, law enforcement sources have said they believe a single individual — a ringleader — is responsible for the mass hacking and that the individual has been shopping around nude photos of various celebrities.

But how is this alleged hacker ring getting at the celebrities in the first place? According to an expert AOL News spoke with, it depends on the type of device the hacker is going after.

“If they are targeting the cell phone, there are a couple ways they could be going about it,” said Steven M. Abrams, an attorney and chief computer forensics examiner at Abrams Forensics.

Here are some ways hackers can grab data from personal computers and other electronic devices:

  • Physical possession. Obtaining possession of a device via somebody in the celebrity’s entourage who, for a price, makes it available to somebody to download the information from it, Abrams said.
  • Spyware. According to Abrams, spyware is available for most cell phones and can be installed through a Bluetooth connection or, if the victim has an iPhone, BlackBerry or Android phone, via a malicious downloadable application. Cell phone spyware is very sophisticated and, depending on the phone, can allow the hacker not only to retrieve content from the phone, but also to monitor the victim’s whereabouts via GPS and listen in on phone conversations.
  • Backup. A hacker can obtain information without having any access to the phone at all if the phone has been backed up to a computer. The information could be obtained by directly targeting the victim’s computer, or, if she or he has an iPhone and the hacker can gain access to the iTunes account, the hacker can obtain any information the victim has backed up through that account, Abrams said.

As for the images, videos and other information that hackers are reportedly obtaining via the celebrities’ computers, Abrams said they could get that directly from the computers or through online accounts.

“Targeting the [victims] this way can be pretty easy, and there are several ways the [hacker] can go about it,” he said.

Two of the most common hacking methods, Abrams said, are spyware and account takeovers.

Hackers could secretly install on a victim’s computer spyware that gives them access to not only the contents of the hard drive, but also the victim’s user names and passwords. According to Abrams, the software is fairly simple to install and can be sent to the victim without her or his knowledge via an e-mail, or it can be accidentally downloaded. The programs are generally designed so that they will not be flagged by Internet security programs.

For celebrities, an account takeover can be an especially troublesome problem. If a hacker knows a celebrity’s e-mail address, he or she can go to the provider and click on “forgot password.” The hacker will generally need to enter some personal information — most of which, for celebrities, is widely available online — and he or she will probably have to answer a “secret question” such as the name of the celebrity’s pet or where he or she went to school. These questions can be easy to answer.

Once a hacker has a celebrity’s e-mail account, he will most likely be able to access the celebrity’s other online accounts, such as social networking websites and, possibly, banking and other personal accounts.

While the FBI is not commenting on its reported investigation into the hacker ring, Abrams warns that catching the individual or individuals responsible could prove to be difficult. It all depends on the level of sophistication of the methods being used, he said.

“There are forensic procedures called ‘instant response,’ and if the machine that was hacked is still running, you can usually find clues in the random access memory of the computer that were left behind by the hacker,” Abrams said. “If they obtain the [hacker’s] IP address, which is what they would be looking for to trace them, it could help identify them, but the problem is they usually spoof them, making it much more difficult, if not impossible, to find them.”

So, how can a celebrity, or anyone else, for that matter, stay safe? Abrams has these suggestions:

  • Physical security. Maintain physical security over all computer equipment and phones.
  • Phone security. Do not sync your phone with your computer; that eliminates the risk of your information being obtained in that way.
  • Passwords. Never use the same password for more than one account and take care when filling in your account information. Use an alternate address or insert a random answer to a security question. Make it as difficult as possible so that your information cannot be duplicated easily.

Finally, use common sense.

“I would say, overall for celebrities, it is always a good idea not to put anything on any of your devices that you wouldn’t want to read on the front page of a newspaper tomorrow,” Abrams said. “Just like photos — you probably don’t want to ever take any photos of yourself that you wouldn’t want your parents to see.”