2 min read

Man admits impersonating Apple support staff to steal 620,000 photos from iCloud accounts

Graham CLULEY

August 25, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Man admits impersonating Apple support staff to steal 620,000 photos from iCloud accounts

A 40-year-old man has agreed to plead guilty to US court charges that he broke into thousands of Apple iCloud accounts and stole hundreds of thousands of images and videos of young women.

According to court records, Hao Kuo Chi, from La Puente, California, collected over 620,000 private photos and videos from his unsuspecting victims after advertising his services online.

In a plea deal with federal prosecutors, Chi admitted accessing the photos and videos from at least 306 victims - with approximately 200 of the victims selected at the request of others who had requested the images online.

Chi, who used the online hacker-for-hire handle "iCloudRipper4You", advertised himself as someone who could gain unauthorised access to iCloud accounts.

Most of Chi's victims were young women, who were tricked into handing over their iCloud login credentials after the hacker posed as an Apple support employee.

Using Gmail addresses such as "applebackupicloud" and "backupagenticloud", Chi duped the unwary into sharing their passwords.  When later examined, the email accounts were found to contain more than 500,000 messages, including about 4,700 of which contained usernames and passwords that had been sent Chi.

In addition, law enforcement unearthed approximately 620,000 photographs and 9,000 videos on Chi's Dropbox account, with some labelled as "profit" if they contained nudity.  Chi would share a Dropbox link to a specific folder related to a victim's account with his conspirators, so they could access the stolen content.

Interestingly, Chi is said to have come to the attention of the authorities in the wake of an infamous breach which saw scores of celebrities have their private and often nude photographs leaked onto the internet.

A Californian company that provides a service to celebrities who wish to have nude photographs removed from the internet, found an image of an unnamed individual on a pornographic website, and managed to link it to the victim's iPhone and Apple iCloud account.

Investigators were then able to discover that the victim's iCloud account had been accessed from an IP address linked to Chi's home in La Puente, which was subsequently served with a search warrant.

Chi, who has expressed remorse for his actions, has agreed to plead guilty to four charges, including conspiracy to gain unauthorised access to a computer.  He faces up to five years in prison for each of the four crimes.

All users storing sensitive information in the cloud would be wise to not only be wary of phishing attacks designed to steal credentials, and choose strong, unique passwords to protect their accounts, but to also enable multi-factor authentication where available to further harden security.

For further advice on how to better secure your cloud storage accounts, check out this article.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Greenland hit by cyber attack, finds its health service crippled Greenland hit by cyber attack, finds its health service crippled
Graham CLULEY

May 20, 2022

1 min read
Nikkei Singapore HQ Hit with Ransomware Nikkei Singapore HQ Hit with Ransomware
Filip TRUȚĂ

May 20, 2022

1 min read
QNAP Warns Customers of New Wave of Deadbolt Ransomware Attacks QNAP Warns Customers of New Wave of Deadbolt Ransomware Attacks
Vlad CONSTANTINESCU
1 min read