Hao Kou Chi, a Californian man apparently hacked iCloud accounts in order to steal nude photos, by impersonating an Apple customer support technician. He was apparently involved in a large-scale email campaign, stealing people’s iCloud passwords in a bid to break into their accounts and collect data more than 620,000 private videos and photos.
The 40-year old from La Puente has pleaded guilty to his four felonies, which include conspiring to gain unauthorized access to computers, in order to go through with his plans of stealing and sharing nude images of young women.
As per reports by the Los Angeles Times, Chi has admitted that he marketed himself as a hacker-for-hire, who could help people break into iCloud accounts, making use of the moniker “icloudripper4you.” This would be followed by him duping people into telling him their iCloud IDs as well as passwords. He would use the same to steal photos and videos stored on iCloud accounts. He has added that he isn’t even aware of who was involved in the scam.
A Teaser For What’s To Come?
The case brings to light the inherent risks that storing data on cloud services carries. Cybercriminals are fast be coming experts at designing and launching socially engineered phishing campaigns, that are looking increasingly convincing, much to the concern of users.
Meanwhile, since the company in question is Apple, which has recently been at the receiving end of major flak, owing to its upcoming CSAM scanning tool. The product will apparently be capable of scanning photos and videos stored onto users’ iCloud accounts for detecting CSAM, and privacy groups like the Electronic Frontier Foundation have taken issue with the same.
According to the Foundation, flagging CSAM images will apparently result in client-side access being allowed, essentially defeating the purpose of end-to-end encryption. This, they assert, will create a data backdoor, opening iCloud to many more, and greater, security risks.
Used Dropbox To Share Files
At the same time, Chi himself did not use any security flaws to carry out his plans, and instead, relied on two Gmail accounts to fool people. The two accounts were “applebackupicloud” and “backupagenticloud,” respectively. Combined, the two accounts together have 500,000 emails, 4,700 of which contained iCloud login credentials of people.
Once he got his hands on a person’s iCloud credentials, he would break into their account, at the request of whoever had put him up to the task. Dropbox was used for sharing the photos, with Chi’s end containing as many as 620,000 photos and 9,000 videos.
Chi’s activities came to light in March 2018, when a California firm that specializes in taking down celebrity photos from the internet, notified an unidentified public figure of their nude photos being circulated on porn websites. The photos were later found to have been stored on iCloud. Following his guilty plea, Chi now faces up to 5 years in prison.