The Full story of how celebrities iCloud accounts were hacked

Status
Not open for further replies.
M

Maninthemirror

Banned
http://finance.yahoo.com/news/originalguy-full-story-icloud-hacker-081044692.html




After hundreds of private photographs were posted online, many commenters struggled to believe that someone had gained access to Apple's online service. The tech giant's online storage and backup service is praised by the company for its simplicity, that it "just works." And the hack could not have come at a worse time for Apple, which on Tuesday will stage its biggest event of the year: the launch of iPhone 6, a smartwatch, and a new operating system for its Macs, all of which are likely to have new features linked to iCloud.

As leaked photographs continued to be posted online, theories emerged regarding their source . Some suggested that a "brute force" hack recently unveiled by Russian security researchers was to blame, while some internet commenters wondered whether venue Wi-Fi at the Emmy Awards had been compromised. But the truth is far more disturbing: The leaked celebrity photos don't originate from a single hack but instead from a collector who gradually added to his haul over months before suddenly deciding to post it online.

This is the story of that collector, who goes by the screen name "OriginalGuy."
Click to expand...


As well as hosting vast amounts of pornography, AnonIB also plays host to a ring of skilled hackers who have learned how to obtain naked photographs of women by breaking into iCloud accounts.

The /stol/ board on AnonIB (short for "Stolen" or "Obtained Photos") serves as a global meeting hub for iCloud hackers. Using specialist password-cracking tools and guessing targets' security questions through Apple's iForgot password reset form, AnonIB hackers are consistently able to gain access to iCloud accounts with only an email address.
Click to expand...


The leaked celebrity photos weren't the result of a single hack but were instead hoarded over a period of months by one well-connected figure in underworld porn forums. As the Daily Mail reports, AnonIB user "OriginalGuy" has been identified as the source of the leaks, and posts seen by Business Insider on both AnonIB and 4Chan indicate that he has regularly contributed to celebrity porn threads on both sites. But despite knowing the user who leaked the trove of images, we still don't know the identities behind the hackers.

In a post on AnonIB shortly after the main leak of celebrity photos, OriginalGuy explained to other users how he had built up a collection of photos so explosive that image boards were struggling to keep up with page views.
Click to expand...

Pornography hoarders often do not possess skills or talents that they can use online, like an ability to hack. Instead, hoarders are defined by the content they keep. One of the internet's most legendary digital hoarders was "Freezer," a poster on invite-only torrent networks who repeatedly taunted other users with details about the rare music he owned. After his death, it was discovered that Freezer had taken his collection to the grave, asking his family in his will to destroy all the tapes. Whether pornography or music, the knowledge that you possess content nobody else does can be a powerful intoxicant.

So if porn collections are so valuable, why did OriginalGuy post his? It seems that OriginalGuy had a sudden realization that his collection wasn't so valuable after all.
Click to expand...

Rumors of "major win" had circulated online for weeks before the leak. "Win" is a term used to refer to naked or sexual images of women found through hacking their online accounts. It's possible that part of OriginalGuy's collection had, against his knowledge, been sold to somebody else.
OriginalGuy admitted to paying "a lot via bitcoin" for a portion of the images when they were being traded between celebrity porn collectors on Friday and Saturday. As Deadspin reports, photographs had been shared online for weeks before OriginalGuy purchased them, potentially rendering his collection of little value.

Hours before the photos emerged, posters on AnonIB caught wind of a coming leak of celebrity images. While you might expect pornography fans to react with excitement over such news, many were terrified of what would happen next.



OriginalGuy knew that leaking his collection would have dire consequences for the iCloud hackers at /stol/ and the celebrity porn fans at 4chan. Whether he was angry over discovering that his collection was already online, or disappointed to learn that about 30% of his images were fake, OriginalGuy took to AnonIB on the afternoon before Labor Day to begin sharing his collection.
Click to expand...

The Aftermath

After OriginalGuy "dumped" his collection, many experienced iCloud hackers and celebrity photo traders declared the industry over. Following the hack, posters on AnonIB discussed the repercussions for their industry.
Click to expand...

Read the full at the link

fascinating and disturbing
 
interesting. So it wasn't even about the celebs or the nudes, it was about net cred and interpersonal battles? fascinating.

er, and distrubing.
 
...As the Daily Mail reports
Click to expand...

grandpa-simpson.gif
 
show me your skeleton said:
don't victim blame. the person/group of people (and the society that rewards such behaviour) that collected those photographs are the problem.
Click to expand...

Yes they are. But things like this will continue to happen anyways, because well, humans. So better to protect yourself by not having very private images on the internet in the first place.
 
NotBacon said:
Yes they are. But things like this will continue to happen anyways, because well, humans. So better to protect yourself by not having very private images on the internet in the first place.
Click to expand...

Thats it. When I say 'dont store nudes of yourself online' I dont consider it victim blaming. Store them locally. Sure devils advocates would say 'well what if your house was broken into, its the same' - but it really isnt. Its the equivalent of putting your locked house in arms reach of anyone with a computer willing to try the door.

CharlieDigital said:
.....If you were to look at the app itself, it's non-obvious that it is syncing those images and videos to the cloud and that you have to manually disable Auto Backup.
Click to expand...

That is not a good situation and a genuine issue. Thats hopefully a good awareness point that will come of this - getting people to check the settings that are on the devices and applictions weve come to rely on in a very short space of time. I consider myself reasonably tech aware and dont do enough of this checking. Scandals like this may tip the scales.
 
JohnGrimm said:
This is why you don't store your nudes in the cloud.
Click to expand...

show me your skeleton said:
don't victim blame. the person/group of people (and the society that rewards such behaviour) that collected those photographs are the problem.
Click to expand...

A few days ago, my wife complained about her phone battery being drained very quickly and couldn't figure it out.

I flipped through the Android menus to get to the battery usage and found that Google Photos was using up a much larger than usual share of juice.

It turns out that she had taken some rather long videos of my daughter on her phone that day and it had been trying to sync it to the cloud. I asked her if she knew that Photos was set up to do this and she looked at me quizzically and said that she had never set it up to do so.

If you were to look at the app itself, it's non-obvious that it is syncing those images and videos to the cloud and that you have to manually disable Auto Backup. The app makers (in this case Google and Apple) could really help by making it a more explicit choice to backup certain content and not automatically assume that all content should go to the cloud. Desktop Picasa, for example, requires that the user explicitly syncs folders.
 
When Mary Elizabeth Winestead said she deleted that picture years ago, I initially thought that it was some weird cloud thing where it was actually still there but hidden. But the truth was way more obvious and upsetting: they probably had access to her account when that picture was first taken. There are people out there who probably have access to dozens of celeb's emails, just waiting for a juicy picture to pop up.
 
show me your skeleton said:
don't victim blame. the person/group of people (and the society that rewards such behaviour) that collected those photographs are the problem.
Click to expand...
I don't think it's victim blaming to point out the risk here. The bottom line is that your photos are vulnerable on iCloud. That doesn't mean it's your fault if the photos get stolen, but I think it would be foolish to leave sensitive information on iCloud at this point if you're any kind of celebrity.
 
Freezer sounds (or rather, sounded) like a fucking asshole. I "know" a guy who hoards rare Radiohead soundboard recordings that he'll never publicly release just because, depriving everyone of material that isn't even his in the first place!

Anyway. I had no idea there was a whole industry around hoarding and trading celebrity nude photos, what a bizarre and gross occupation to have. I can't imagine how little self-reflection must go into doing something like that.
 
Cat Party said:
I don't think it's victim blaming to point out the risk here. The bottom line is that your photos are vulnerable on iCloud. That doesn't mean it's your fault if the photos get stolen, but I think it would be foolish to leave sensitive information on iCloud at this point if you're any kind of celebrity.
Click to expand...

That's ridiculous. If you follow that train of thought, then any problems that arise from a defective product are always the fault of a user who trusted they were buying what was advertised to them.

"Your steering wheel went out because of an ignition switch issue? Well, that's your fault for buying Ford!"
 
CharlieDigital said:
A few days ago, my wife complained about her phone battery being drained very quickly and couldn't figure it out.

I flipped through the Android menus to get to the battery usage and found that Google Photos was using up a much larger than usual share of juice.

It turns out that she had taken some rather long videos of my daughter on her phone that day and it had been trying to sync it to the cloud. I asked her if she knew that Photos was set up to do this and she looked at me quizzically and said that she had never set it up to do so.

If you were to look at the app itself, it's non-obvious that it is syncing those images and videos to the cloud and that you have to manually disable Auto Backup. The app makers (in this case Google and Apple) could really help by making it a more explicit choice to backup certain content and not automatically assume that all content should go to the cloud. Desktop Picasa, for example, requires that the user explicitly syncs folders.
Click to expand...

Your wife must have turned it on. When you start Photos for the first time, it has a popup that asks you if you want to auto-backup your content to the cloud. It doesn't default on.
 
LakeEarth said:
When Mary Elizabeth Winestead said she deleted that picture years ago, I initially thought that it was some weird cloud thing where it was actually still there but hidden. But the truth was way more obvious and upsetting: they probably had access to her account when that picture was first taken. There are people out there who probably have access to dozens of celeb's emails, just waiting for a juicy picture to pop up.
Click to expand...

I also wonder if any of these hackers made money by selling personal information in these mails to gossip sites or leaking early movie information to news sites.

This is such a huge leak that I'd be amazed if it was limited to nude pictures.
 
Blader said:
That's ridiculous. If you follow that train of thought, then any problems that arise from a defective product are always the fault of a user who trusted they were buying what was advertised to them.
Click to expand...

You're implying only defective means of access were the cause here. Do you not draw a line when social engineering is involved?
 
garath said:
Your wife must have turned it on. When you start Photos for the first time, it has a popup that asks you if you want to auto-backup your content to the cloud. It doesn't default on.
Click to expand...

I'm sure it did, but it's gotta be like those TOS agreements. As much as you would think that people read through what they are agreeing to, most folks probably don't.

Even if a user agrees at the onset, I think it should be more obvious to the user that sync is ON when they load the app and it be more obvious how to turn it off.
 
I wonder how many non-celebrities had their accounts accessed, especially if they have similar names or email addresses.
 
Cat Party said:
I don't think it's victim blaming to point out the risk here. The bottom line is that your photos are vulnerable on iCloud. That doesn't mean it's your fault if the photos get stolen, but I think it would be foolish to leave sensitive information on iCloud at this point if you're any kind of celebrity.
Click to expand...

What's foolish is using easily guessed/cracked security questions and passwords.

So yes, I'd agree with you in the fact that it's a user issue more than an iCloud issue. If you are putting sensitive materials ANYWHERE then use a good lock.
 
Blader said:
That's ridiculous. If you follow that train of thought, then any problems that arise from a defective product are always the fault of a user who trusted they were buying what was advertised to them.

"Your steering wheel went out because of an ignition switch issue? Well, that's your fault for buying Ford!"
Click to expand...
No one is ever going to win the argument because the line is always drawn in haphazard fashion.
I see things like this all the time all over the country.
js14E6F.jpg
 
CharlieDigital said:
I'm sure it did, but it's gotta be like those TOS agreements. As much as you would think that people read through what they are agreeing to, most folks probably don't.

Even if a user agrees at the onset, I think it should be more obvious to the user that sync is ON when they load the app and it be more obvious how to turn it off.
Click to expand...

I hear what you are saying and agree. However, at least for Google Photos, it's pretty up front and clear. It's a big message at the top of photos that pops up asking to auto-backup when you first open it (I only know this so clearly because I JUST started using Photos a few weeks ago and declined the auto backup).

As far as being easy to turn on/off, it's literally the very first option in settings. Open Photos->Settings->Auto Backup with a tagline "Automatically backup new photos and videos to Google Photos. Backups are for your eyes only." I'm not sure what else they can do to make it more accessible.
 
Rumors of "major win" had circulated online for weeks before the leak. "Win" is a term used to refer to naked or sexual images of women found through hacking their online accounts.
Click to expand...

I hope one day I can do my part to misinform someone about the meaning behind a bit of internet slang.
 
CharlieDigital said:
I'm sure it did, but it's gotta be like those TOS agreements. As much as you would think that people read through what they are agreeing to, most folks probably don't.

Even if a user agrees at the onset, I think it should be more obvious to the user that sync is ON when they load the app and it be more obvious how to turn it off.
Click to expand...

Actually the message is extremely clear, brief, and easy to understand. There just are a lot of users who just don't read anything.
 
Um, this doesn't seem to explain how the accounts were hacked at all because I'm not sure how they got the answers to their security questions or even figured out the correct email.
 
It's clear that the hackers have had access to the accounts for months, maybe years. It's also pretty clear now that there's a celeb picture buying/selling ring on the deep web. Short of someone buying it all deciding to just deevalue the entire "industry" most of the stuff will probably never see the light of day.

Heck, the hacker even showed proof that he has dozens of pictures and videos of Jennifer Lawrence. However, only a handful got out.
 
This just reads like stuff others have already theorised. The images being collected over a period of time seems like a fairly obvious idea given the age of some of the pictures (with some being deleted years ago).
 
JohnGrimm said:
This is why you don't store your nudes in the cloud.
Click to expand...

Cat Party said:
I don't think it's victim blaming to point out the risk here. The bottom line is that your photos are vulnerable on iCloud. That doesn't mean it's your fault if the photos get stolen, but I think it would be foolish to leave sensitive information on iCloud at this point if you're any kind of celebrity.
Click to expand...

I don't think some of you understand how regular people in the real world work.

Apple, Google, Microsoft, and every other big tech company have been advertising the cloud for years as being something that just works automatically. You click a single button you might not fully understand the first time you turn on the device, and from then on every single photo you ever take is automatically uploaded in the background to some cloud service.


The vast majority of people in the world don't know how to control how or where this data is sent. That's the entire point of "it just works". All they know is that it's easy to get to their stuff because it automatically goes everywhere.

Asking someone to manually go and disable iCloud/etc. every time they want to take a personal photo is asinine. The operating systems don't make it as easy to do that as they do to enable it forever in the first place.

Not to mention the fact that nudes aren't the only type of personal information people worry about. What about regular, wholesome family photos? Photos which happen to give away exactly where you live? Photos of your close friends and family? Photos of your hobbies that aren't exactly controversial but that you just like to keep to yourselves?

What if every single photo you've taken throughout your entire life was suddenly and irrevocably made public for literally everyone in the world to see, right now? You sure you wouldn't mind?


If companies are intentionally building services which "just work" to enable automatic upload, then it's not the customer's fault when it does so exactly as intended. Stop blaming the victim here - that's exactly what you're doing when you say "shouldn't have taken those photos!"


ReAxion said:
guess you think it's a bad idea to use banks.
Click to expand...
Banks, being black and unarmed, taking a stance as a woman, falling for exploitative short-term loans: the world is on a hot-streak of victim blaming these past couple months.
 
See You Next Wednesday said:
Lessons learned is not not trust Apple products.
Click to expand...

And that's the story of how all hell broke loose.

Any who, sucks that the celebrities photos were released(I still can't get over the name they gave it; "The Fappening' O dear...). However, if they didn't have those photos on the cloud it wouldn't have happened. That's not to victim blame, they can by all means take all the nudes they want, but putting it on the cloud isn't at all secure, plus if you have it backed up to the cloud even though you delete it off your phone it's still on the cloud, which is why some reportedly "deleted photos" got surfaced as well. I also hate how the FBI are involved just because it was celebrities, if any normal persons nudes were released I doubt the FBI would bat an eye. As for getting the photos removed from the internet, good luck, Beyonce tried that once with those unflattering photos and look at how that turned out.

guess you think it's a bad idea to use banks.
Click to expand...
Except for the fact that banks keep only around 20%-30%(depending on where you live) of the money in their vault. Rest is all digital. Bank robbers don't even get that much from heists, as usual Hollywood goes over-the-top with it.
 
dLMN8R said:
I don't think some of you understand how regular people in the real world work.

Apple, Google, Microsoft, and every other big tech company have been advertising the cloud for years as being something that just works automatically. You click a single button you might not understand the first time you turn on the device, and from then on every single photo you ever take is automatically uploaded in the background to some cloud service.


The vast majority of people in the world don't know how to control how or where this data is sent. That's the entire point of "it just works". All they know is that it's easy to get to their stuff because it automatically goes everywhere.

Asking someone to manually go and disable iCloud/etc. every time they want to take a personal photo is asinine. The operating systems don't make it as easy to do that as they do to enable it forever in the first place.

Not to mention the fact that nudes aren't the only type of personal information people worry about. What about regular, wholesome family photos? Photos which happen to give away exactly where you live? Photos of your close friends and family? Photos of your hobbies that aren't exactly controversial but that you just like to keep to yourselves?

What if every single photo you've taken throughout your entire life was suddenly and irrevocably made public for literally everyone in the world to see, right now? You sure you wouldn't mind?


If companies are intentionally building services which "just work" to enable automatic upload, then it's not the customer's fault when it does so exactly as intended. Stop blaming the victim here - that's exactly what you're doing when you say "shouldn't have taken those photos!"
Click to expand...

plus upload to photostream (where they were stolen from) is an option which 99% of iPhone users chose Yes on without knowing what it really does
 
Cat Party said:
I don't think it's victim blaming to point out the risk here. The bottom line is that your photos are vulnerable on iCloud. That doesn't mean it's your fault if the photos get stolen, but I think it would be foolish to leave sensitive information on iCloud at this point if you're any kind of celebrity.
Click to expand...

did you even read the article? It has to do with weak personal security way more than anything related to apple or icloud. the reason it is hitting apple so hard simply comes down to because among celebrities/affluent apple is by far the dominant platform, combined with the default behavior or photos and icloud. Nevertheless:

a) these users were targeted. This is nowhere near a "Joe Schmo is vulnerable and be scared" sort of thing.
b) not only were the users targeted but clearly the ones affected were affected because of weak personal security to begin with. weak passwords combined with (as has been pointed out) biographical security questions on public figures.

sure there are things that apple can and should implement going forward to safety net users with weak personal security.. but there are IMHO much bigger fish to fry out of this, like:

don't use weak security on your cloud stuff (password, password1, mypassword, etc)

if only biographical security questions are offered, use either a lastpass type app to "encode" those answers, or jumble them up (so for your grade school always use your first car, for your first car always use your mother's maiden name, etc)

accounts are compromised all the time, whether by vengeful exes, or by hackers looking for nude selfies.. companies like Apple, Google, MS etc can only take external security so far to reinforce personal security.. but even strong external security (brute force lockouts, alerts, etc) can be bypassed over a long enough time allowing access to accounts with weak personal security.
 
Cat Party said:
I don't think it's victim blaming to point out the risk here. The bottom line is that your photos are vulnerable on iCloud. That doesn't mean it's your fault if the photos get stolen, but I think it would be foolish to leave sensitive information on iCloud at this point if you're any kind of celebrity.
Click to expand...

This.

Gordon Shumway said:
You monster!

/s
Click to expand...

You'd be surprised. I was in a reddit thread yesterday about this exact topic and people were exploding.

"YOU'RE JUST AS BAD AS THEM"
"QUIT THE VICTIM BLAMING BULLSHIT"
"THESE ARE MY PHOTOS, THEY ARE IN MY PRIVATE CLOUD, I HAVE A RIGHT"

....what?

Angry Grimace said:
Um, this doesn't seem to explain how the accounts were hacked at all because I'm not sure how they got the answers to their security questions or even figured out the correct email.
Click to expand...

email address + password-cracking + easy security questions
 
ReAxion said:
guess you think it's a bad idea to use banks.
Click to expand...

I only store money in banks, which has no personal value to me, and I store only what is insured. In such case, if it is stolen from the bank it will be reimbursed.

I don't store embarrassing information in a bank, no.

Also, those security questions? Lie. Don't actually list your pet. You're likely to share that all over the internet. Your mother's maiden name? Not difficult to find, especially if you're a celebrity with a celeb parent. Lie about that shit. Say your dad's name is Optimus Prime. Make it impossible to logically guess the answers.
 
CharlieDigital said:
A few days ago, my wife complained about her phone battery being drained very quickly and couldn't figure it out.

I flipped through the Android menus to get to the battery usage and found that Google Photos was using up a much larger than usual share of juice.

It turns out that she had taken some rather long videos of my daughter on her phone that day and it had been trying to sync it to the cloud. I asked her if she knew that Photos was set up to do this and she looked at me quizzically and said that she had never set it up to do so.

If you were to look at the app itself, it's non-obvious that it is syncing those images and videos to the cloud and that you have to manually disable Auto Backup. The app makers (in this case Google and Apple) could really help by making it a more explicit choice to backup certain content and not automatically assume that all content should go to the cloud. Desktop Picasa, for example, requires that the user explicitly syncs folders.
Click to expand...
Not obvious? Does it not say "Auto Backup On" if you have it on? I know it says off for mine right at the top.
 
Status
Not open for further replies.

Similar threads

Monster The Ed Gein Story
21
537
Punished Miku replied
MONSTER: The Ed Gein Story | Official Trailer | Netflix
6
222
Durien replied
Superman | Full Trailer
2 3
109
3K
Alebrije replied
The hacker known as 4chan has been hacked and possibly murdered
2 3
100
8K
Sgt.Asher replied
What if the Seinfeld characters were the “heroes” of Lord of the Rings?
9
1K
Avid Reading Horse replied
Top Bottom