Celebrity email hacker extraordinaire 'Guccifer' gets four years behind bars

The man who made celebrities change their passwords

By day he was a small-town cab driver, by night a man who hacked celebrities out of satirical spite; celebrity hacker 'Guccifer' has been sentenced to a minimum of four years in jail by a Romanian court.

Arrested in January, Marcel Lazar Lehel, 42, acquired notoriety after a spectacular series of attacks on the websites, email and social media accounts of personalities and politicians between 2009 and 2013.

In many ways what Lehel did under his nom de web Guccifer ('goo-chee-fer') was a throwback to the early prank days of web defacement except that by the turn of the first decade of the 21st Century there were better targets that could be used to cause embarrassment, particularly poorly-secured online email accounts.

The most audacious was his targeting of email accounts used by relatives and friends of former US President George HW Bush, from which he stole and published emails, family pictures and even the self-portraits by his son, George W Bush, effectively launching his artistic career.

It didn't stop there. With a shrewd ability to pick on targets that might gain notoriety, Guccifer's other attacks included hijacking the Facebook page of former US Secretary of State Colin Powell and stealing a publishing an unpublished work by Sex and the City author, Candace Bushnell taking over her Twitter account at the same time.

If a celebrity had an Internet presence, then they were fair game as far as Guccifer was concerned. Film stars including Leonardo DiCaprio, Nicole Kidman and Steve Martin also had their email accounts hacked. He even got his hands on a script for British TV series, Downton Abbey.

Disappointingly, Romanian police have not documented Guccifer's full target list but it is clear that he systematically picked on huge numbers of prominent people across several countries including his own, every now and then finding a security or password weakness he was able to exploit.

His downfall was probably his attacks on powerful people in his home country, including Romania's secret service head, George Maior, which quickly grabbed the attention of law enforcement. One particularly embarrassing attack was his theft of apparently flirtatious emails written by Romanian European Parliament member Corina Cretu to former US Secretary of State Colin Powell, which dropped hints about an affair between the pair. This was later denied.

Little is still known about Lehel or his deeper motivations, but it is possible he simply attacked his targets because he could. Many were found to be using poor security and all it took was one man sitting in a room in a small Romanian town to realise and exploit this. His legacy is that he smartned up the online security of thousands of celebrities and polticians, or at least it is assumed so.

The US is not known to made any extradition request for Lehel, prosecutors told Reuters news agency. He is known to have a previous three-year suspended sentence on file and so could in theory spend a total of seven years in prison without parole.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal TechsecurityFacebook

More about BushEuropean ParliamentFacebookReuters Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts