Apple Security: Hacker Steals Over 6 Lakh Nude Pics From iCloud With Phishing Links
This comes at a time when Apple has been under a ton of backlash after it revealed that it would scan images on iPhone and iCloud to look for child abuse images. Privacy advocates claimed it risks opening a new avenue for government surveillance of iPhone users around the world.
A man from LA hacked thousands of Apple iCloud accounts and managed to collect over 620,000 private photos and videos to steal and share nude images of women.
Apple
Also Read: WhatsApp Chat Leak: How To Disable WhatsApp Cloud Backup On Android, iPhone
Reported first by LATimes, the perpetrator, Hao Kuo Chi, residing in La Puente has agreed to plead guilty to four felonies, including conspiracy to gain unauthorised access to a computer, according to court records.
Chi admitted that he would do this at the request of people he met online under the alias, ¡°icloudripper4you¡±. He advertised himself as someone who is capable of breaking into iCloud accounts to steal photos and videos.
In court confession, Chi agreed that he along with his co-conspirators used a foreign encrypted email service to talk anonymously. Whenever they¡¯d find what they were looking for, they¡¯d flag it as ¡°wins¡± that were then collected and shared with one another.
This comes at a time when Apple has been under a ton of backlash after it revealed that it would scan images on iPhone and iCloud to look for child abuse images. Privacy advocates claimed it risks opening a new avenue for government surveillance of iPhone users around the world.
Chi¡¯s modus operandi however, was only limited to images stored on the victim¡¯s iCloud accounts -- accounts he got access too after the victim unknowingly shared with them. He used it to send emails via two gmail accounts -- applebackupicloud and backuppagenticloud. These emails would tell users that their accounts were compromised and asked them to change their password.
Also Read: Hackers Are Using iCloud's "Find My iPhone" Feature To Lock Apple Devices Remotely For A Ransom
These links would take the victim to special sites that would record whatever user ID and password the victims would enter, without really changing anything for them. FBI found over 500,000 emails in the two accounts including 4,700 with iCloud user IDs and passwords that Chi recorded.
Chi would then access the account (which he was asked to hack into) and load the images on his Dropbox account that he would share with the other party. The Dropbox contained over 620,000 photos and 9,000 videos.
Reuters
His act came into the limelight in 2018 when a California company specialising in removing celebrity images off the internet was notified that one public figure in Tampa, Florida had his personal images shared on porn sites, according to Anthony Bossone, the FBI agent who worked on this case. The victim has these images stored on their iCloud account.
Also Read: Apple Will Scan Your iPhone Photos For Child Abuse Pics: What About Privacy?
Investigators soon found that the account was logged in from an address in La Puente in Los Angeles -- Chi¡¯s residence. Soon after, the FBI raided his apartment and got access to his records of images on a variety of cloud accounts.
On August 5, 2021, Chi pleaded guilty to one count of conspiracy and three counts of gaining unauthorized access to a protected computer. He could face up to five years in prison for each of the four crimes.
