Oregon Man Pleads Guilty to Hacking Apple E-Mail Accounts

            LOS ANGELES – An Oregon man has pleaded guilty to a felony computer hacking charge related to a phishing scheme that gave him illegal access to 363 Apple and Google e-mail accounts, including those belonging to members of the entertainment industry in Los Angeles.

            Andrew Helton, 29, of Portland, pleaded guilty yesterday to a felony violation of the Computer Fraud and Abuse Act, specifically a charge of unauthorized access to a protected computer to obtain information.

            Helton pleaded guilty before United States District Judge John A. Kronstadt, who scheduled a sentencing hearing for June 2. As a result of yesterday’s guilty plea, Helton faces a statutory maximum sentence of five years in federal prison.

            “In today’s digital world, people use their e-mail and online accounts to store photos, music, notes, calendars, contacts, financial, and health information,” said United States Attorney Eileen M. Decker. “Through prosecutions such as the one announced here today, the United States Attorney’s Office is committed to assisting the continuing efforts of private companies to protect this sensitive and personal information from the malicious actions of sophisticated hackers and cyber criminals.”

            According to his plea agreement, from March 2011 to May 2013, Helton engaged in a phishing scheme to obtain usernames and passwords for his victims. He sent e-mails to victims that appeared to be from Apple or Google and asked victims to “verify” their accounts by clicking on a link. Once the victims clicked on the link, they were taken to a malicious website that looked like an Apple or Google login page. When the victims entered usernames and passwords on the malicious website, Helton then had access to the victims’ e-mail accounts.

            As a result of his scheme, Helton obtained approximately 448 usernames and passwords for approximately 363 e-mail accounts. Helton used this information to access and view the contents of the e-mail accounts.

            Many of Helton’s victims were members of the entertainment industry in Los Angeles. By illegally accessing the e-mail accounts, Helton obtained 161 sexually explicit, nude and/or partially nude images of approximately 13 victims, some of whom were celebrities.

            “The thought of a stranger accessing your private communications for sport or monetary gain can be devastating,” said David Bowdich, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “This insidious crime has distressed scores of average individuals, as well as celebrity victims. The FBI is committed to holding accountable those who illegally intrude upon the cyber landscape, and to educating consumers about strengthening passwords and employing two-factor authentication, among other safeguards.” 

            The case against Helton is the product of an investigation by the Federal Bureau of Investigation.