As much as I have been writing about Cyber attacks and threats these last few months, I have not really spent too much time covering what happens to a Cyber attacker after they have been caught and tried in a court of law.
To be honest, as I scour the news headlines every morning, I have seen an increased amount of coverage with regards to the punishment that Cyber attackers do get once they are caught. But keep in mind that the total number of people actually apprehended is actually very small, given just how many Cyber attackers there are out there in the world today.
So, the person I bring to you about today is an individual by the name of George Garofano, whose age is 26. Apparently, he was convicted for hacking into some, or really Phishing, into some iCloud accounts.
I think some of it may even involved the theft of some nude pictures of some people, not for sure exactly. But anyways, a Connecticut federal court sentenced this person to eight months in prison, and after his release, he will be under supervised release, a form of probation.
George is supposed to report prison on October 10th. Technically, his crime involved coming up with a scheme a phishing scheme to hijack the passwords of approximately 240 Apple iCloud accounts, most of them owned by celebrities such as Jennifer Lawrence — from April 2013 to October 2014.
Once he accessed these particular accounts, he would go after the victim’s personal information, such as their usernames and passwords.
Many a time, George would then trade, or even sell this information on the Dark Web for other Cyber attackers to get their hands on. Once they had this, they would attempt to even launch Identity Theft attacks against the victims. It is not for sure yet how far the other Cyber attackers got into this part, and forensics officials are still investigating this aspect.
There were others also involved in this scheme, most notably Ryan Collins of Lancaster, PA, and even two from my stomping grounds of Chicago: Emilio Herrera and Edward Majerczyk. George pleaded guilty to another charge of unauthorized access to a protected computer in order to obtain other sensitive information and data.
Finally, once he is released from prison, George will also have to perform 60 hours of community service as part of his supervised release.
My thoughts on all of this?
Actually, I think George should be given a stiffer sentence. Granted, what he did may not be as severe as a Ransomware attack, but still, he did go after unsuspecting victims and tried to exploit them further. But, I am not legal expert, so I cannot say exactly what a stiffer sentence would be. I don’t think that more jail is the answer in this case, maybe more community service? Hard labor somewhere?
I am glad to see that the media is giving more coverage on the punishments that Cyber attackers are actually receiving. Perhaps that will deter more people from actually engaging in such activities. But, I don’t our legal system is up to speed yet with handling such a glut of Cyber crime cases. The reason I say this is that there is really not much legal precedence for the courts to fall back on when trying such cases.
Although I do support some sort of jail time for these Cyber attackers, keep in mind that they are not hardened criminals, say like a murderer. These are still intelligent people (after all, if they can launch Ransomware attack, they must have some level intelligence), and I think a much better suited form of punishment would be for them is to try to train the youth of America in Cyber security – not from the illegal standpoint, but from the legal one, and to encourage them to get a career in this field, which is so lacking for trained people.
As much as we Corporate America is trying to keep up with the Cyber attacker, so is our legal system. But in this case, with the latter, it is going to take a much, much longer time.