Apple iCloud Security Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 09/03/2014 8:37:26 PM PDT by Swordmaker
An interesting aspect of information security is how periodically it collides with other industries and subcultures. With more information than ever being stored and shared online and on connected devices hacking stories are frequent and are mainstream news. This was the case yesterday as dozens of celebrities fell victim to hackers who leaked hundreds of private photographs and videos stolen from web based storage services.
The summary of the story is that a number of personal and private nude images from high profile celebrities started appearing on online image boards and forums – most notably on anon-ib, 4chan and reddit.
The first pictures were posted nearly a week ago, but didn’t get much attention since they were being ransomed (censored previews being shared in the hope somebody would purchase them). It was only after a number of intermediaries purchased the images and posted complete nudes in public forums that the story exploded.
At least a dozen celebrities were affected by the photo dumps, with over 400 individual images and videos. A list of celebrity names published anonymously, and serving as something akin to a sales brochure, suggests that over 100 have had their personal data compromised.
After this story broke I spent some time immersed in the crazy, obsessive subculture of celebrity nudes and revenge porn trying to work out what they were doing, how they were doing it and what could be learned from it.
This is an excerpt. Read more New Web Order
14. On the topic of OPSEC. Tracking down one of the distributors who was posting ransomed private images to 4chan and reddit was simple. He (Bryan Hamade—swordmaker) posted a screenshot as part of pitching the sale of 60 or more images and videos for a single celebrity but didn’t black out his machine name or the machine names of the other computers on his local network. A user on reddit did a Google search and tracked down the company he worked for (although they picked the wrong employee). Tracking each of those names linked one of them back to a reddit account that had posted a screenshot of the exact same explorer interface (the guy had a bad habit of taking screenshots of his own machine). He has denied being the source of the images, but he is definitely a distributor who purchased them from within the network since the ransomed set he posted were all images that did not and have not yet leaked.
edit: Turns out Maroney was underage when these pictures were taken, which means this screenshot is an admission of posesssion of child pornography. Reddit mods on the fappening sub are desperately asking users to remove any images of her and other underage celebrities.
15. I personally don’t distinguish between somebody who stole the data directly and somebody else who “only” bought that data with the intention of selling it for a profit to the public.
16. It seems to have gone wrong for not only our identified friend but a lot of other members of this network over the past few days. It appears the intention was to never make these images public, but that somebody – possibly the previously identified distributor – decided that the opportunity to make some money was too good to pass up and decided to try to sell some of the images. The first post from this set that I could track down was nearly 5 days to the story becoming public, on the 26th of August. Each of those posts was a censored image with a request for an amount of money for an uncensored version. After numerous such posts and nobody paying attention to it (thinking it was a scam) the person behind the posts began publishing uncensored versions, which quickly propagated on anon-ib, 4chan and reddit. My theory is that other members of the ring, seeing the leaks and requests for money also decided to attempt to cash in thinking the value of the images would soon approach zero, which lead to a race to the bottom between those who had access to them.
All it proves to me is how stupid most celebrities are
If you want on or off the Mac Ping List, Freepmail me.
Did you read the blog?
These guys have been doing this for YEARS!
BTTT
Did I say “guys?” I should have said “perverts.”
This sort of thing happens to people all the time, when vindictive ex-lovers or jealous haters post nude photos of people (both male and female), just to hurt their reputations. But you only hear about it when it happens to celebrities and they start whining in public about it. Here is a word to the wise: if you don’t want nude photos of yourself to be circulated on social media, then don’t put nude photos of yourself on the computer. Duh!
Gems of wisdom, but a bit late for these women. . .
I’m even more in love with Jennifer Lawrence than I was already.
This article is useless since it doesn’t tell me how to get a peek at the pictures.
Sure it does, it mentions several of the sites to look at them. Articles like this have probably driven millions to those formerly mostly unknown places. You can probably see as much by watching regular movies, most of these "stars" eventually show it all for the publicity (think Miley Cyrus, then you'll not care to see them at all).
what?...no penises?....where’s the fairness?
Cherry,
In fairness, I have to admit that I reviewed (blush) some of the photos to assure they were real. Merely, of course to see if there was any articles to read, if course, ala Playboy. There were a few penises, usually ancillary to the, er, main subject of the photography. . .
All in all, given the subject matter, there was nothing new under the sun, nothing spectacular, and really quite boring. None were artfully posed. . . and none could be said to, shall we say, even look “sexy.” Poor photographic skills abounded.
Were it not for the names attached to the photos, no one would have given more than one glance at any of them. . . and yawned.
The photos are really irrelevant. This article is about a sick subculture.
This proves once and for all: the cloud is not a safe place to store sensitive data.
How? In what way is the cloud inherently not safe? Did you read the blog? The data was compromised not by hacking security but by social engineering the users' themselves and researching their past to figure out what THEY would use for passwords and security questions. That means the Internet is not safe. . . in general.
All it proves to me is how stupid most celebrities are.”
Why anyone ever thinks they are smart is beyond me. A bunch of nice looking folks with minimal skills - read waiter and waitress - get into a few flix and if they catch on they become stars. Where could anyone think they had any brains?
Yes I read the blog and I’m willing to change my stance on this. The Internet, particularly the cloud, is not a safe place to store sensitive data.
I’m not blaming the cloud directly. That would be like trying to blame my car. The cloud is susceptible to people who get off on stealing other peoples’ personal data.
Better. The cloud is a tool. You keep tools sharp and clean, and in good shape. Then you use them properly. That means hard passwords and very difficult security questions. Checkout this thread on an article from The Guardian Australia:
How easy is it to crack into an Apple iCloud account? We tried to find out
I don't get that. She's meh. Not bad, not good. Just meh. What's the deal?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.