A Romanian court has sentenced the hacker known as “Guccifer”, famed for posting nude self-portraits of George W Bush on the internet, to four years in jail on Friday.
Marcel Lazar Lehel, 42, a former cab driver in Arad near the Romanian border with Hungary, was better known by his aliases "Guccifer" and "Small Fume”, which he used while hacking into various high-profile people's email accounts.
Victims also included Jeremy Paxman, three members of the House of Lords and the head of the Romanian secret service.
Guccifer was arrested by agents from Romania's Directorate for Investigating Organised Crime and Terrorism in January this year, but shot to fame in 2013 when he hacked into the former US president Bush’s AOL email account and those of his family.
Bath and shower portraits of Bush
The hacker stole private photos, artwork and correspondence, including self-portraits depicting Bush in the shower and bath and photos of George H W Bush in hospital which he posted online.
Lehel gained access to a confidential list of home addresses, phone numbers and emails of dozens of members of the Bush family, including both former US presidents and their children.
The hacker also leaked personal emails sent between the former US secretary of state Colin Powell and the Romanian European parliament member Corina Cretu – prompting Powell to deny allegations of an affair in 2013.
Guccifer also hacked into the private Yahoo email account of George Maior, head of Romania's secret service, which the agency said had been used in the past for academic correspondence, not secret-service business.
Googling answers to security questions
The long list of Guccifer’s high-profile victims allegedly covered entertainers, industrialists, academics, diplomats, financiers, government and military officials, and journalists, including Obama administration officials, three members of the House of Lords and Jeremy Paxman, according to documents sent to news site the Smoking Gun.
Lehel employed several methods to break into the email, but found success simply guessing answers to security questions using publicly available information, including Wikipedia, to gain access to online accounts with Facebook, BT Internet, AOl, Yahoo and others.
Guccifer’s simple attacks display the importance of securing private information and ensuring that personal data linked to security and password reset questions is not publicly available following several high-profile break-ins where personal data was stolen including eBay and Office shoes.
Lehel was also convicted of hacking into the email accounts of Romanian public figures in 2012, but was given a three-year suspended sentence.
The court ordered the defendant to pay 11000 Romanian Leu (£2,020) in legal costs to the state and confiscated a silver NEC laptop owned by the Lehel.
The FBI and other US law enforcement agencies have reportedly been investigating Lehel since 2013, but the Romanian court did not publish any details of Lehel’s actions or whether the US had sought extradition.
guardian.co.uk © Guardian News and Media Limited 2010