14 DAY TRIAL // The FBI executed a search warrant and raided the house of 19-year-old Josh Holly, Murfreesboro, Tennessee, who is suspected of hacking into the e-mail and MySpace account of 15-year-old Miley Cyrus, the lead actress from the popular Disney series Hannah Montana, and posting stolen provocative pictures belonging to the celebrity on the Internet. The FBI took away three of his computers, his mobile phone and other records.
Holly, also known online as TrainReq, Rockz and h4x, has boasted on blogs and forums about his hacking activities, while being confident that the authorities couldn’t find him. According to his own account, in 2007 he used social engineering to trick a MySpace employee into giving him access to the administration panel of the popular website. He claims that, in the course of 16 hours of unauthorized access, he reset the passwords of several user accounts and engaged in an online advertising scheme that earned him $50,000.
At the same time he checked out the password stored for the account of Miley Cyrus, the daughter of country music legend Billy Ray Cyrus and lead-actress in the Emmy Award-nominated television series Hannah Montana. Holly claimed that the password was stored in plain text, even though MySpace representatives refused to confirm this. After discovering the password, Holly had the idea of trying it out on her Gmail e-mail account and it worked. This is not surprising, considering that lots of responsible adults use the same password over multiple accounts, let alone a 15-year-old girl.
Inside the e-mail account, Holly discovered over a dozen photos, some of which were provocative in nature, depicting the actress baring her midriff in the bathroom in front of a mirror or posing in her underwear and swimsuit. After failing to sell them, the hacker posted them online for free. He then contacted online media channels, blog owners and forums and took credit for the incident.
Graham Cluley, senior technology consultant at Sophos, pointed out that "for instance, I found a video on YouTube where a hip-hop radio station interviewed the hacker a while back and actually encouraged him to hack into other accounts on their behalf. It beggars belief why the radio station is allowed to get away with this, and include in their video some of the photos that were stolen. In case you’re not aware, Miley Cyrus is only 15 years old. Is no-one remembering this?"
Miley Cyrus is not the first high profile celebrity to be the target of hacking attempts. Last week, French President Nicolas Sarkozy discovered that his bank account had been compromised and small sums of money had been illegally withdrawn. Also recently, a 20-year-old student has been indicted for hacking into the personal Yahoo e-mail account of Alaska Governor and US vice-presidential candidate Sarah Palin. The student used social engineering as well and he found the information necessary to change the account password by doing online research.
Security experts recommend using complex passwords, containing both uppercase and lowercase characters as well as both letters and numbers. It is also recommended to use different passwords for different accounts and very intimate information that cannot be easily located when choosing security questions and answers. Making use of different browsers for different activities, like a separate browser only for online banking, is another good idea. If that is too much of a hassle, at least separate, time-wise, such activities from normal browsing.