A California man has pled responsible to 4 felonies just after breaking into “thousands of iCloud accounts” in an attempt to steal and share nude photos of women, in accordance to a new report from the Los Angeles Situations. The gentleman admitted to impersonating Apple customer help representatives, tricking them into giving him with their Apple ID login info.
In accordance to federal authorities, courtroom files, and an FBI investigation, 40-12 months-old Hao Kuo Chi received accessibility to photographs and videos of at least 306 victims and designed a assortment of 620,000 photographs and 9,000 videos, which he then hosted on his Dropbox account. He would then manage the pictures by no matter whether the account “contained a ‘win’ of nude photos,” according to the FBI.
The investigation discovered that Chi posed as a technological guidance agent able of breaking into iCloud accounts to steal pics and movies. He promoted himself as “iCloudRipper4You” and would oftentimes seek out out victims dependent on requests from other people. That is, Chi would receive a request to crack into someone’s iCloud account, then method that person beneath the guise of an Apple assist employee.
In court papers, the FBI identified two Gmail addresses that Chi made use of to entice victims into transforming their iCloud signal-on details: “applebackupicloud” and “backupagenticloud.” The FBI mentioned it observed extra than 500,000 e-mail in the two accounts, including about 4,700 with iCloud consumer IDs and passwords that ended up despatched to Chi.
Chi’s conspirators would ask for that he hack a selected iCloud account, and he would reply with a Dropbox website link, according to a court docket assertion by FBI agent Anthony Bossone, who functions on cybercrime circumstances.
Issues commenced heading awry for Chi in 2018 when he acquired obtain to an unidentified celebrity’s iCloud account, and the photographs finished up finding posted on a pornographic internet site. Investigators tracked down the iCloud login to Chi’s dwelling and requested facts from sources, this kind of as Apple, Google, Dropbox, Fb, and Constitution Communications.
Investigators before long identified that a log-in to the victim’s iCloud account had occur from an world-wide-web address at Chi’s property in La Puente, Bossone said. The FBI acquired a research warrant and raided the household May possibly 19. By then, brokers had by now collected a clear picture of Chi’s on the web life from a vast trove of information that they acquired from Dropbox, Google, Apple, Facebook and Charter Communications.
Chi has agreed to plead responsible to just one count of conspiracy and three counts of gaining unauthorized obtain to a safeguarded laptop or computer. He could confront up to 5 many years in jail for every of the prices.
In all situations, the stolen visuals have been retained secure on Apple’s iCloud servers, with the account house owners handing above the login credentials below the illusion that Chi was an Apple worker. There was no breach in anyway of Apple’s iCloud stability units. As usually, it’s important to in no way give out your iCloud login information and to permit two-component authentication on your account to protect against unauthorized obtain.
You may possibly bear in mind the notorious scenario in 2014 where nude photographs of lots of celebrities were posted on Reddit and 4Chan. These pics have been also leaked by way of iCloud, with what Apple called a “very focused assault on person names, passwords and stability questions” affecting “certain movie star accounts.”
FTC: We use money earning vehicle affiliate backlinks. More.