Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Almost 600 Accounts Breached in 'Celebgate' Nude Photo Hack, FBI Says
CNBC ^ | June 10, 2015 | M. Alex Johnson

Posted on 06/10/2015 9:28:30 PM PDT by Swordmaker

The stunning leak of nude and intimate photos of scores of celebrities may reach far wider than was previously known, involving the breach of almost 600 online storage accounts, according to unsealed federal court documents.

The "Celebgate" hack resulted in the posting on Aug. 31 of almost 500 purported photos of Hollywood stars, models and other celebrities — including Jennifer Lawrence, Kate Upton, Kirsten Dunst, Kaley Cuoco and U.S. soccer star Hope Solo — to the Wild West-like Internet forum 4chan, from which they quickly spread.

Apple Inc. confirmed the next day that the photos were obtained through a "targeted attack" on personal information used to maintain storage accounts on its iCloud system. The FBI's Cybercrimes Unit launched an investigation.

As early as October, the investigation began zeroing in on an address on the South Side of Chicago, the FBI said in a search warrant affidavit recently unsealed in U.S. District Court in Chicago.

Using phone records and computer identification information called Internet protocol, or IP, data, investigators found that the compromised accounts were accessed by a single computer linked to two email addresses belonging to Emilio Herrera, 30.

The FBI — which did not say in the affidavit that Herrera is a suspect — said only that the investigation is ongoing.

No other documents have been publicly filed in the case since the affidavit was unsealed, so it isn't known what investigators found at Herrera's home. But in asking for the warrant, the FBI revealed that potentially hundreds — theoretically almost 2,500 — iCloud accounts were targeted.It's important to note that the identification of Herrera — who has no apparent criminal record — doesn't mean he is necessarily a suspect. IP and email addresses can be masked or spoofed through a variety of technologies, and Internet data can be routed through third-party computers without their owners' knowledge using any of a number of software packages.

According to the affidavit, the computer address was successfully used to accessed 572 unique iCloud accounts — each of them an average of about six times. In addition, it said, the computer address was used in almost 5,000 attempts to reset 1,987 other iCloud passwords.

The affidavit doesn't specify whether that number includes multiple attempts to hack the same accounts or whether almost 2,000 individual accounts were targeted. Nor does it say how many of those other attempts were successful.

"A number of them were accounts of celebrities who had photos leaked online," and most of the rest — that is, accounts of people whose photos weren't published — belonged "celebrities, models or their friends and families," according to the affidavit.

Only a handful of alleged victims are identified, and even then only by their initials. They are described as "a female celebrity who has appeared in several movies."

The affidavit tends to support Apple's insistence at the time that the underlying iCloud technology itself wasn't breached — instead, it indicates that users' account names, passwords and security questions were the means of entry, as Apple contended.

But Apple did add additional steps to keep hackers out of user accounts, and it launched a campaign to encourage users to take stricter security measures.


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: apple; cloud; hacking; icloud; internet; tech
Navigation: use the links below to view more comments.
first previous 1-2021-4041-58 last
To: for-q-clinton; Star Traveler; dayglored; Loud Mime; itsahoot; amigatec; PA Engineer; ...

Oh, and for-q-clinton? I did use factual information to rebut your misinformation in that post. Your delusional viewpoint had nothing to do with the facts I laid out or that your facts were still delusional and contrary to the thrust of the article. Just because Apple took further steps to tighten security does not mean that iCloud was “hacked” as you want people to infer.


41 posted on 06/11/2015 8:29:02 AM PDT by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 34 | View Replies]

To: PA Engineer; Kickass Conservative; Swordmaker
That thing you're communicating on is some sort of computer device.

It is connected to the Internet.

If you are really interested in seeing gross photos, go to an image search site, enter the name of the hacked celeb, plus "hacked" or "leaked".

Just remember that what is seen cannot be "un-seen"...

42 posted on 06/11/2015 8:55:14 AM PDT by TXnMA ("Allah": Satan's current alias... "Barack": Allah's current ally...)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Swordmaker
I think the "security questions" as commonly used is one of the dumbest ideas out there.

The best thing you can do when prompted for these things is to have a system to obfuscate your answers so they'd be unguessable unless someone knows the system you use. It can be as simple as reversing the letters. i.e., 'green' becomes 'neerg'.

Other possibilities would be to rot13 your answer, thus "green" becomes "terra"

or you can hash it using any of several available hash algorithms.

Here is "green" passed through some hashes
md5sum: 9f27410725ab8cc8854a2769c7a516b8 
sha1sum: bc74f4f071a5a33f00ab88a6d6385b5e6638b86c 
sha224sum: c8b29243e82a83e40317ca514c43b5ceb291abb7bf59c4eafa8e190d 
sha256sum: ba4788b226aa8dc2e6dc74248bb9f618cfa8c959e0c26c147be48f6839a0b088 

You don't have to use the entire string the first or last 8 or so characters would be sufficient.

Yes, this is a pain.

However, it protects your accounts from malicious folk. It also makes it so that you're not giving valuable information to folks that they can use to hack you.

Picture this: you sign up for a website, and they use "security questions". However, unknown to you the website has been hacked, and the site stores your answers as plain text in a database. Now the malicous individual or organization now has a bunch of your answers to these security questions. Suckage

One thing to keep in mind when using this kind of system is that you should be consistent, or at least have a record for each site you use as to what method you used to generate it. Keep in mind that consistency may sound like a good idea, but it still opens you up to someone getting the string you use. i.e., if you always answer "terra" for when the answer is 'green', then it really doesn't matter what method you use, because someone might know what your answer is.

I'm more paranoid than your average bear, so I have a program that keeps track of all my passwords and stuff. The data used by this password program is maintained in an encrypted file, and I put information about the method used to generate any "security" answers in the comments for the entry for that site. Thus, knowing that 'green' on site A is 'terra', won't help you to know the answer to what 'green' is on another one.

One final note: make absolutely SURE whatever method you use is reproducible, and that you have a record of your method that you're not going to use when your hard drive dies. (You do have backups right?)

 

 

 

 

43 posted on 06/11/2015 9:11:05 AM PDT by zeugma (http://www.freerepublic.com/focus/chat/3294350/posts)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bratch
What a lucky snake. Who is the person next to the snake? If it is jennifer lopez, again, I say what a lucky snake.
44 posted on 06/11/2015 9:25:58 AM PDT by john mirse
[ Post Reply | Private Reply | To 14 | View Replies]

To: for-q-clinton; Star Traveler; dayglored; Loud Mime; itsahoot; amigatec; PA Engineer; ...
So posting what you posted is delusional? I only reposted the last line in the article that YOU posted. So you’re pretty much saying you’re delusional. I think you nailed it!

No, you took that as the most important item in the article and made it the response to the fact that Apple, the FBI search warrant affidavit, and the article all stated that iCloud was NOT hacked. Yet you implied that it must have been because Apple increased iCloud security. That is where you go off the rails. . . as usual. . . in to the land of anti-Apple Hate Brigade delusion, trying to have people infer that there were problems with Apple's security when it was quite plain the issue was ordinary phishing attacks or weak security questions and answers chosen by the celebrities themselves, not anything inherently wrong with Apple security. Your delusion is there is always something wrong with Apple.

45 posted on 06/11/2015 9:28:40 AM PDT by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 40 | View Replies]

To: john mirse

It looks like Jennifer Lawrence, but after all the air brushing they look the same to me.


46 posted on 06/11/2015 9:34:23 AM PDT by MaxMax (Call the local GOP and ask how you can support CRUZ for POTUS,)
[ Post Reply | Private Reply | To 44 | View Replies]

To: john mirse
What a lucky snake. Who is the person next to the snake? If it is jennifer lopez, again, I say what a lucky snake.

Too bad the snake is the wrong species. . . and that it probably ate last month. Otherwise it would be thinking "How can I dislocate my jaw enough to accommodate this tasty morsel, after hugging it to death?"

47 posted on 06/11/2015 9:36:12 AM PDT by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 44 | View Replies]

To: TXnMA

I have to laugh.

I Post a throwaway line that appears on every Thread here regarding the Opposite Sex and I have had more responses than when I Post a response to those who say that Romney would have been just as bad as Obama.

This place really cracks me up. I can’t wait until the latest Hot Teacher seduces a 17 Year Old Boy Thread. LOL


48 posted on 06/11/2015 9:36:22 AM PDT by Kickass Conservative (Hillary, because it's time for a POTUS without a SCROTUS...)
[ Post Reply | Private Reply | To 42 | View Replies]

To: Swordmaker
Too bad the snake is the wrong species. . . and that it probably ate last month. Otherwise it would be thinking "How can I dislocate my jaw enough to accommodate this tasty morsel, after hugging it to death?"

*****

That's funny. It seems the snake and I were thinking the same thing: "How can I dislocate my jaw enough to accommodate this tasty morsel, after hugging it to death?"

49 posted on 06/11/2015 9:52:49 AM PDT by john mirse
[ Post Reply | Private Reply | To 47 | View Replies]

To: Kickass Conservative
This place really cracks me up. I can’t wait until the latest Hot Teacher seduces a 17 Year Old Boy Thread. LOL

*****

Does the recent homosexual sex scandal surrounding former high school wrestling coach 73 yr. old Rep. Hastert from Ohio qualify as such a scandal you are talking about?

50 posted on 06/11/2015 10:01:29 AM PDT by john mirse
[ Post Reply | Private Reply | To 48 | View Replies]

To: zeugma
I think the "security questions" as commonly used is one of the dumbest ideas out there.

I advocate not answering a security question with anything close to a true answer.

For example, if the first security question is "What is your paternal grandmother's first name?" answer "mashedpotato1stQ". To the second security question is "In what city did you meet your spouse?" answer "mashedpotato2ndQ". And, of course to the third security question "What is your all time favorite movie?" answer "mashedpotato3rdQ".

I keep a record of these false answers in an encrypted file but usually they are easy to remember because the key is that the false word is based on the first letter of the main name of the site. I.E., Bank of America would be under A for "America" but not "Bank" because the differentiating name in the site is " America" because there are many banks. . . so I might use "Applesauce" or "Applecobbler" as the main word in my security question.

This may result in a few duplications, but the odds are pretty good it won't hit a malicious site. . . or if it did, the malicious site would not find a real site that duplicates the nonsense security answers it has to allow it to break in.

51 posted on 06/11/2015 10:03:31 AM PDT by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 43 | View Replies]

To: john mirse

Uh, what the heck are you talking about, really?

What does that Moron Hastert have to do with what I Posted?

It appears having a Sense of Humor is not allowed on FR.
What’s next, Get off my Lawn?

I’m beginning to think this the Site for Grumpy Old Men. Geez...


52 posted on 06/11/2015 10:09:43 AM PDT by Kickass Conservative (Hillary, because it's time for a POTUS without a SCROTUS...)
[ Post Reply | Private Reply | To 50 | View Replies]

To: Swordmaker

Oh I see to you defending apple is the most important thing. For me it’s what Apple has done since this incident to protect users is the most important thing. And I stand by that—the end-user is way more important than Apple.

I guess you and I have to disagree on this...and I’m delusional for thinking the end-user protection is the most important thing.


53 posted on 06/11/2015 10:16:35 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 45 | View Replies]

To: Kickass Conservative

#5 Just google a name. They will show up.
How I know is ah I er have asked others.


54 posted on 06/11/2015 10:19:24 AM PDT by minnesota_bound
[ Post Reply | Private Reply | To 5 | View Replies]

To: for-q-clinton; Star Traveler; dayglored; Loud Mime; itsahoot; amigatec; PA Engineer; ...
Oh I see to you defending apple is the most important thing. For me it’s what Apple has done since this incident to protect users is the most important thing. And I stand by that—the end-user is way more important than Apple.

The facts are that Apple was correct in that iCloud was not hacked. . . but you want Apple to be somehow wrong. . . and that is your deep seated delusion in all of these threads. No matter what Apple does, it is wrong. Deluded. This is obvious to everyone who reads what you post, your comments, and your attitude. Apple has the best record of end-user protection and YOU cannot see that. . . and claim it is not. That is delusional.

55 posted on 06/11/2015 10:20:29 AM PDT by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 53 | View Replies]

To: Swordmaker
so long as the owner doesn't change the security questions to something NOT in her fan biography.

I hate sites which do not let you make up your own security questions. "What is your mother's maiden name" can be looked up. "What was the name of the first person you slept with" is harder for strangers to find out, even for celebrities.

56 posted on 06/11/2015 10:27:14 AM PDT by PapaBear3625 (You don't notice it's a police state until the police come for you.)
[ Post Reply | Private Reply | To 29 | View Replies]

To: Swordmaker

If I had any interest in seeing naked “celebrities” I would just go to more movies.


57 posted on 06/11/2015 10:30:12 AM PDT by Cementjungle
[ Post Reply | Private Reply | To 1 | View Replies]

To: minnesota_bound

I was just making the same throwaway comment that everyone else has Posted when a Thread like this appears.

I wasn’t aware I was asking for advice, but thanks anyway. LOL


58 posted on 06/11/2015 11:25:35 AM PDT by Kickass Conservative (Hillary, because it's time for a POTUS without a SCROTUS...)
[ Post Reply | Private Reply | To 54 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-58 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson