Celebrity email hacker extraordinaire 'Guccifer' gets four years behind bars

The man who made celebrities change their passwords

By day he was a small-town cab driver, by night a man who hacked celebrities out of satirical spite; celebrity hacker 'Guccifer' has been sentenced to a minimum of four years in jail by a Romanian court.

Arrested in January, Marcel Lazar Lehel, 42, acquired notoriety after a spectacular series of attacks on the websites, email and social media accounts of personalities and politicians between 2009 and 2013.

In many ways what Lehel did under his nom de web Guccifer ('goo-chee-fer') was a throwback to the early prank days of web defacement except that by the turn of the first decade of the 21st Century there were better targets that could be used to cause embarrassment, particularly poorly-secured online email accounts.

The most audacious was his targeting of email accounts used by relatives and friends of former US President George HW Bush, from which he stole and published emails, family pictures and even the self-portraits by his son, George W Bush, effectively launching his artistic career.

It didn't stop there. With a shrewd ability to pick on targets that might gain notoriety, Guccifer's other attacks included hijacking the Facebook page of former US Secretary of State Colin Powell and stealing a publishing an unpublished work by Sex and the City author, Candace Bushnell taking over her Twitter account at the same time.

If a celebrity had an Internet presence, then they were fair game as far as Guccifer was concerned. Film stars including Leonardo DiCaprio, Nicole Kidman and Steve Martin also had their email accounts hacked. He even got his hands on a script for British TV series, Downton Abbey.

Disappointingly, Romanian police have not documented Guccifer's full target list but it is clear that he systematically picked on huge numbers of prominent people across several countries including his own, every now and then finding a security or password weakness he was able to exploit.

His downfall was probably his attacks on powerful people in his home country, including Romania's secret service head, George Maior, which quickly grabbed the attention of law enforcement. One particularly embarrassing attack was his theft of apparently flirtatious emails written by Romanian European Parliament member Corina Cretu to former US Secretary of State Colin Powell, which dropped hints about an affair between the pair. This was later denied.

Little is still known about Lehel or his deeper motivations, but it is possible he simply attacked his targets because he could. Many were found to be using poor security and all it took was one man sitting in a room in a small Romanian town to realise and exploit this. His legacy is that he smartned up the online security of thousands of celebrities and polticians, or at least it is assumed so.

The US is not known to made any extradition request for Lehel, prosecutors told Reuters news agency. He is known to have a previous three-year suspended sentence on file and so could in theory spend a total of seven years in prison without parole.

Tags Personal TechsecurityFacebook


Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Sophos Mobile Control

Data protection, policy compliance and device control for mobile devices

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.