Posted on 06/10/2015 9:28:30 PM PDT by Swordmaker
The stunning leak of nude and intimate photos of scores of celebrities may reach far wider than was previously known, involving the breach of almost 600 online storage accounts, according to unsealed federal court documents.
The "Celebgate" hack resulted in the posting on Aug. 31 of almost 500 purported photos of Hollywood stars, models and other celebrities — including Jennifer Lawrence, Kate Upton, Kirsten Dunst, Kaley Cuoco and U.S. soccer star Hope Solo — to the Wild West-like Internet forum 4chan, from which they quickly spread.
Apple Inc. confirmed the next day that the photos were obtained through a "targeted attack" on personal information used to maintain storage accounts on its iCloud system. The FBI's Cybercrimes Unit launched an investigation.
As early as October, the investigation began zeroing in on an address on the South Side of Chicago, the FBI said in a search warrant affidavit recently unsealed in U.S. District Court in Chicago.
Using phone records and computer identification information called Internet protocol, or IP, data, investigators found that the compromised accounts were accessed by a single computer linked to two email addresses belonging to Emilio Herrera, 30.
The FBI — which did not say in the affidavit that Herrera is a suspect — said only that the investigation is ongoing.
No other documents have been publicly filed in the case since the affidavit was unsealed, so it isn't known what investigators found at Herrera's home. But in asking for the warrant, the FBI revealed that potentially hundreds — theoretically almost 2,500 — iCloud accounts were targeted.It's important to note that the identification of Herrera — who has no apparent criminal record — doesn't mean he is necessarily a suspect. IP and email addresses can be masked or spoofed through a variety of technologies, and Internet data can be routed through third-party computers without their owners' knowledge using any of a number of software packages.
According to the affidavit, the computer address was successfully used to accessed 572 unique iCloud accounts — each of them an average of about six times. In addition, it said, the computer address was used in almost 5,000 attempts to reset 1,987 other iCloud passwords.
The affidavit doesn't specify whether that number includes multiple attempts to hack the same accounts or whether almost 2,000 individual accounts were targeted. Nor does it say how many of those other attempts were successful.
"A number of them were accounts of celebrities who had photos leaked online," and most of the rest — that is, accounts of people whose photos weren't published — belonged "celebrities, models or their friends and families," according to the affidavit.
Only a handful of alleged victims are identified, and even then only by their initials. They are described as "a female celebrity who has appeared in several movies."
The affidavit tends to support Apple's insistence at the time that the underlying iCloud technology itself wasn't breached — instead, it indicates that users' account names, passwords and security questions were the means of entry, as Apple contended.
But Apple did add additional steps to keep hackers out of user accounts, and it launched a campaign to encourage users to take stricter security measures.
The affidavit tends to support Apple's insistence at the time that the underlying iCloud technology itself wasn't breached — instead, it indicates that users' account names, passwords and security questions were the means of entry, as Apple contended.
As I have described, Reddit and 4Chan user's investigations discovered long before this that the majority of the photos, aside from those that came from iCloud, came from Windows PCs, Android, other digital cameras, and even scanned photographs and would not have been uploaded by Apple Devices to iCloud. It was also found that many of them came from a private group of perverts who traded such pictures after phishing for passwords from the celebrities through other on-line means including befriending the celebrities. The iCloud was only hacked by means of using the "Forgot my password" reset using the answering of security questions and because the celebrities selected questions the answer to which were easily discovered by reading fanzine biographies it was child's play to reset their passwords to something the person breaking in wanted it to be to steal anything he wanted. There was no "hack" of the security of iCloud, but rather a hack of insufficiently difficult questions or answers. Such answers would be almost impossible to learn about the average citizen, but not about celebrities whose publicists put that information out to satisfy the demands of fans.
If you want on or off the Mac Ping List, Freepmail me.
Freepers DID IT! With the help of the Apple Ping list members, the Freepathons went over the top this week! Thanks to all you who dug down deep and gave. . . special thanks to all of you who became regular givers!
Let me guess. Their password was password.
LOL! Nope, can't be under Apple's requirements for Apple's iCloud passwords. Those have to be at least eight characters, include an upper and lower case alphabetical character and at least one number and one keyboard symbol. There are 223 possible characters that can be accessed from the Apple keyboard. That's 8223 = 2.44944165532867 X 10201 possible combinations of characters one could use. . . if one just stuck to eight characters. As the affidavit requesting the search warrant stated, the miscreant did not get in by guessing their passwords. He merely PHISHED them through email, or researched them in Fanzines, and used the "I forgot my password" to change their original password to one of his choice to get in.
One apparent consistency was the iCloud victims found themselves locked out of their own accounts with their passwords no longer working. Later, they found their private nude photos for sale on 4Chan and Reddit among 2000 other celebrities.
This Thread is useless without Pictures.
Videos would be better though.
Key is rightnhere...”But Apple did add additional steps to keep hackers out of user accounts, and it launched a campaign to encourage users to take stricter security measures”
I have helped many relatives and friends to resolve problems on their computers. Lots of them are idiots. They either create no secure accounts, or use the default administrator account... with no password. And when they do create a password for Internet accounts, it's something safe that no one would think of, like "54321", their birthday or their kid's name. And they write it down on a piece of paper taped to the computer. Despite warnings, they don't learn to use safe practices.
Go for it, knock yourself out. You can probably still find the pics out there.
I for one, have zero interest in seeing any of those mentioned nude. I love females but it just wouldn’t feel right to me. It would make me feel rather scuzzy to invade someones personal privacy.
All that does is notify a user that someone, most likely the user himself, is trying to change a password and prevents any further progress until the passcode provided by Apple, sent to a known device owned by the user is intput before proceeding with any changes to the account. It would prevent what happened.
The "Fappening" was a typical phishing expedition event. Nothing more. There is no "key" here except in your own delusional mind that desperately needs to have Apple iCloud defective in some way.
Even the FBI states that is what happened here. . . the Search Warrant Affidavit even defines Phishing as part of the request and reasons for why they needed the search warrant.
The facts of this case are that not one original password was ever "hacked" to gain access to the iCloud accounts. No one broke into iCloud by brute force breaking of anyone's passcode. No one found a backdoor. They used phishing to persuade the owners of the accounts to provide the password voluntarily, or the miscreant discovered the answers to the owners security questions by research and merely changed the users original password.
The one picture that they had with the article was a "Getty Image" and I won't subject Jim Robinson to that copyright demand hell.
>>This Thread is useless without Pictures.
> Come on! There has to be a link.
Beware of the suspicious email going around with the subject: “Nude photos of Hillary Clinton”
It may contain nude photos of Hillary Clinton.
Wouldn't pass muster on iCloud. No loser case letter and no number. . . but other wise, I love it. Be a bit hard to type in on an iOS device. . .
* and they did exist, once upon a time.
http://www.sfgate.com/news/article/Ivy-League-Nude-Photos-Locked-Up-Subjects-could-3047551.php
1995-01-21 04:00:00 PDT New Haven, Conn. — The Smithsonian Institution has cut off all public access to a collection of nude photos taken of generations of elite college students, some of whom went on to become leaders in U.S. culture and government.
The pictures at first were taken to study posture. Later, they were made by a researcher examining the relationship between body shape and intelligence.
All freshmen at at least some of the colleges involved — Ivy League and other prestigious schools — were required to pose in the buff.
ADVERTISING
Among those who would have been subject to the ritual were former President George Bush, who went to Yale, and former Wellesley student Hillary Rodham Clinton, but it was not immediately known if their photos are at the Smithsonian, which has never displayed any of the pictures....
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.