No Silver Lining in this Cloud

The world has just witnessed its latest hack; this time it’s the private photographs of some of the most famous women in the world. The biggest question we as curious Internet users are trying to understand is how has some nameless hacker gained access to the cell phones of the rich and famous. After the revelation, it was evident – iCloud.

There are millions of private photographs available online and most of us Internet users struggle to understand how the invisible hacker could have accessed Apple’s online storage service. The security breach could not have come at a worse time. Apple is scheduled to launch the iPhone 6 on September 9, along with a new OS for its Macs and a smart watch; all of which are likely to have features linked to iCloud.

In its statement, Apple maintains that the theft of nude celebrity photographs did not occur because of any breach in the Apple system, including iCloud. Apple says, however, that certain celebrities were the subject of targeted hacking attempts that focused on revealing their usernames, passwords and security questions, a common technique across the web.

The cache of images began circulating on the night of Aug 31 2014 and is said to include nude or partially nude photographs of Jennifer Lawrence, Kirsten Dunst and Kate Upton, amongst others.

Apple says that it is “outraged” by the theft and has begun investigating the issue. The statement indicates that the pictures were stolen as a result of “social engineering” or “spear-phishing” attacks. In such attacks, hackers specifically target an individual user and attempt to trick account holders into giving out their passwords and user names to break into an account.

So, it’s not just nude photographs that the victims have to worry about being accessed by the hackers; it’s their GPS coordinates, private text messages, calendars, address books, phone call logs and other data stored on their phones and backed up to iCloud. The hackers are able to extract more than just images from iCloud backups using special forensic software.

Based on media reports available online, the intention wasn’t to make the images public but a perfect opportunity to make some money by selling the pictures.

A very interesting article on the iCloud hacker identified as “Original Guy” says that he is part of a notorious image board - 4chan. Now, 4chan is infamous for putting up child pornography – anonymous hackers and online trolls being part of it. It’s online forum – Anon 1B – has had a series of FBI raids. After years of upheaval, the site reappeared this year and users continued to post.

Apart from holding vast amounts of child pornography, Anon 1B apparently plays host to a ring of skilled hackers who have learned how to obtain naked photographs of women by breaking into iCloud accounts. The /Stol/board on Anon 1B (short for stolen or obtained photos) acts as the global meeting hub for iCloud hackers. The leaked photographs weren’t the result of a single hack, but were hoarded over a period of several months by one well-connected figure in the underworld porn forums – Original Guy.

Till now, this hacker hasn’t returned to upload any more of his collection. As for Anon 1B, the site is still alive and iCloud hackers continue to sell their skills to users looking to steal naked pictures off the Internet.

By Shaili Contractor

Blogger, Asian School of Cyber Laws