RICHMOND, Va - A former special education teacher at Lee-Davis High School walked out of the federal courthouse in Richmond the fifth man to officially admit guilt in the "Celebgate" hacking scandal.
Christopher Brannan pleaded guilty to two federal charges that he hacked the online accounts of "A-list" stars and students and teachers at Lee-Davis. Nude and sexually suggestive photographs obtained in the hacking of the iCloud accounts of the celebrities were leaked on the internet in 2014. The fallout made headlines across the globe, and movie star Jennifer Lawrence called the leaking of her personal files "a sexual violation" and "disgusting."
Monday, when the Judge Henry Hudson asked Brannan if he was in fact guilty in the case, Brannan appeared to choke up when replying, "yes sir."
In his plea agreement, prosecutors suggest that Brannan serve 34 months in prison, and in court, the Judge Hudson said the sentence seemed appropriate, although he will review a pre-sentence report and can stray from the recommended sentence, if he sees fit.
After entering his guilty plea, Brannan was released on bond until his sentencing hearing in January 2019. Probation officers may monitor his personal computers or smartphones until then, but prosecutors said during the hearing they have no evidence that Brannan is a threat to the community anymore.
After the proceedings Monday, Brannan, his attorney, and U.S. attorney working the case in Richmond declined to comment.
Authorites in Los Angeles identified Brannan as a suspect during an FBI-lead investigation into the "Celebgate" hacking.
Federal court documents state Brannan intentionally hacked the internet accounts of more than 200 people between August 2013 and October 2014. The victims were not just the celebrities that were widely reported. Brannan targeted his own sister-in-law, who was a minor at the time, in addition to numerous students and teachers at Lee-Davis, court documents say.
Brannan was able to access the full iCloud backups of at least 18 people using a publicly available forensic software, and documents say the backups contained "sensitive and private photographs and videos." Brannan intended to keep the photographs and videos permanently, prosecutors wrote.
Investigators say Brannan was able to hack the accounts through a phishing expedition. By using bogus email addresses that appeared to come from Apple security, Brannan would get the victims to provide him with information on their usernames and passwords. According to investigators, Brannan also surveyed the social media accounts of his victims to help him answer their security questions.
"The bad guys are really persistent, and they only have to get lucky. We have to be 100% perfect," said Peter Aiken, a professor of data and computer security at VCU. "Technology’s always neutral, but if you use it badly, it can be very, very powerful."
Aiken said you do not have be a computer wiz to pull off the type of hacking described in Brannan's case, making it all the more important to be guarded with your personal information online.
"If all I need is that [social media] information to find you, and then I can look around and do this, it’s called social engineering, and it does not take a lot of time," Aiken said.
Brannan's sentencing hearing is scheduled for January 25th at 9:30 a.m.