2 min read

Man admits impersonating Apple support staff to steal 620,000 photos from iCloud accounts

Graham CLULEY

August 25, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Man admits impersonating Apple support staff to steal 620,000 photos from iCloud accounts

A 40-year-old man has agreed to plead guilty to US court charges that he broke into thousands of Apple iCloud accounts and stole hundreds of thousands of images and videos of young women.

According to court records, Hao Kuo Chi, from La Puente, California, collected over 620,000 private photos and videos from his unsuspecting victims after advertising his services online.

In a plea deal with federal prosecutors, Chi admitted accessing the photos and videos from at least 306 victims - with approximately 200 of the victims selected at the request of others who had requested the images online.

Chi, who used the online hacker-for-hire handle "iCloudRipper4You", advertised himself as someone who could gain unauthorised access to iCloud accounts.

Most of Chi's victims were young women, who were tricked into handing over their iCloud login credentials after the hacker posed as an Apple support employee.

Using Gmail addresses such as "applebackupicloud" and "backupagenticloud", Chi duped the unwary into sharing their passwords.  When later examined, the email accounts were found to contain more than 500,000 messages, including about 4,700 of which contained usernames and passwords that had been sent Chi.

In addition, law enforcement unearthed approximately 620,000 photographs and 9,000 videos on Chi's Dropbox account, with some labelled as "profit" if they contained nudity.  Chi would share a Dropbox link to a specific folder related to a victim's account with his conspirators, so they could access the stolen content.

Interestingly, Chi is said to have come to the attention of the authorities in the wake of an infamous breach which saw scores of celebrities have their private and often nude photographs leaked onto the internet.

A Californian company that provides a service to celebrities who wish to have nude photographs removed from the internet, found an image of an unnamed individual on a pornographic website, and managed to link it to the victim's iPhone and Apple iCloud account.

Investigators were then able to discover that the victim's iCloud account had been accessed from an IP address linked to Chi's home in La Puente, which was subsequently served with a search warrant.

Chi, who has expressed remorse for his actions, has agreed to plead guilty to four charges, including conspiracy to gain unauthorised access to a computer.  He faces up to five years in prison for each of the four crimes.

All users storing sensitive information in the cloud would be wise to not only be wary of phishing attacks designed to steal credentials, and choose strong, unique passwords to protect their accounts, but to also enable multi-factor authentication where available to further harden security.

For further advice on how to better secure your cloud storage accounts, check out this article.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

WhatsApp Users Can Enable End-To-End Encrypted Chat Backups on iOS and Android Devices WhatsApp Users Can Enable End-To-End Encrypted Chat Backups on iOS and Android Devices
Alina BÎZGĂ

October 15, 2021

1 min read
Google gives away 10,000 free security keys to high-risk users Google gives away 10,000 free security keys to high-risk users
Graham CLULEY

October 12, 2021

2 min read
Bank of America employee indicted for email scam that targeted businesses Bank of America employee indicted for email scam that targeted businesses
Graham CLULEY

October 12, 2021

2 min read