The latest case of iCloud hacking comes from a man in Los Angeles County who stole more than 620,000 personal images and videos from thousands of iCloud accounts with the intent to steal and share nudes of young women.
La Puente man hacked into at least 306 iCloud accounts in a scheme to steal nudes
As reported by the Los Angeles Times, 40-year-old Hao Kuo Chi of La Puente agreed to plead guilty to four felonies relating to breaking into thousands of iCloud accounts to steal nude images. The aim of this crime was to steal images of naked women to share with his associates.
Chi impersonated a member of Apple customer support staff in emails in an effort to trick victims into handing over their Apple ID login details, court records revealed. The scheme worked for at least 306 victims across the United States. In addition, Chi said he hacked into the accounts of 200 additional victims at the request of other people he met online. As per the report, he marketed himself as capable of breaking into iCloud accounts under the name “icloudripper4you.”
Chi admitted in court papers that he and his still-unnamed co-conspirators used a foreign encrypted email service to communicate with each other anonymously. “I don’t even know who was involved,” said Chi in a brief phone interview. He also expressed panic that that publicization of his crimes would ruin his “whole life” claiming “I’m remorseful for what I did, but I have a family”
The FBI identified two Gmail addresses that Chi used to make victims change their iCloud login details: “applebackupicloud” and “backupagenticloud.” According to court records, the FBI found more than 500,000 emails in the two accounts, including about 4,700 with iCloud user IDs and passwords.
As mentioned above, Chi has hacked iCloud accounts for other people. Requests made to him would include the account’s name to hack and he would respond with a Dropbox link. The online storage contained 620,000 photos and 9,000 videos organized based on whether they contained a “win,” of nude images.
The scam was discovered in March 2018 when a company that specializes in removing celebrity photos informed an unnamed public figure of the scheme. An investigation was then launched which lead to authorities discovering a log-in to a victim’s iCloud account had come from an internet address at Chi’s house in La Puente.
The FBI got a search warrant and raided Chi’s residence on May 19. Chi agreed to plead guilty on August 5 to one count of conspiracy and three counts of gaining unauthorized access to a protected computer. He faces up to five years in prison for each count.
- Apple confirms it scans iCloud Mail for CSAM but not iCloud Photos, yet
- Pegasus enabled Bahraini government to hack iPhones of nine activists, at home and in exile