As the internet is in a frenzy over the recent Jennifer Lawrence, Kate Upton, and celebrity nude photo leak by an unknown hacker, many are trying to find out how that attack was done as well as who is behind the attack.
DailyMail has reported that the leaked photos of the celebrities had been on the deepweb for a number of weeks before begin published publicly. The alleged “one man” behind the leaks is also false, a number of attackers have been reported to have been behind the swath of celebrities nude photos accumulated.
The hacked nude photos of Jennifer Lawrence, Kate Upton, and 101 others were said to have been on the black market for weeks before their initial release. Not only were they floating around the black market, the photos had been accumulated many months before, and only the tip of the all the photos hackers are said to have access too have been leaked thus far.
The method hackers used obtained the pictures remains unknown. Apple is said to be investigating if iCloud was vulnerable in any way, and many others are saying DropBox was also a vector in the Kate Upton leak.
Just days before the massive image dump of nude celebrities was released to the public Sunday afternoon, the internet was crawling with claims that users were trading these nude photographs between each other.
While the claims now appear to be true, hackers are said to have a list of over 100 celebrities nude photos stored and ready for release, and are are slowly releasing them day by day.
Previously the photos were believed to have originated on 4Chan, which was also found untrue. Photos were initially uploaded to another image board, AnonIB, which is another not as popular image board mainly based around adult content.
Just last week, posts about Jennifer Lawrence nude photos being leaked began flooding AnonIB, and the photos were infact leaked and confirmed authentic by many of the actresses themselves throughout Sunday.
According to many news sources and the image boards themselves, the photos were siphoned out of the actresses iCloud or cloud storage accounts but not released instantly. The hackers are alleged to have collected over 101 actresses nude photos in total before informing the public.
The hacking of the celebrities photos was not a one man job, but infact appears to be a number of people.
One man, Bryan Hamade, has been accused by the Reddit community for leaking the photos. The Georgia software engineer denied the claims and says he has seen them but was not behind the attack.
The first sign of the photos appearing online of Jennifer Lawrence nude was an anonymous poster from AnonIB on Tuesday, August 26, claiming a “major win” for hackers was on its way. To no surprise, many users disregarded the post in disbelief until Sunday hit. Once Sunday arrived and the photos were posted, many users offed them as fake one more, that was until Jennifer Lawrence’s representatives confirmed to BuzzFeed that the photos were indeed authentic.
As the vector for attack remains unknown, one user on AnonIB did claim to be “ripping iClouds” which is one method hackers are believed to have abused. Later in the post the anonymous user claimed that the pictures had been online for some time, believed to be a few weeks, which also gives more credit to hackers claims of having over 101 actresses nude photos in total.
As stated previously, a man named Bryan Hamade was believed to be one of the hackers identified by reddit. He was outed as trying to sell photoshopped pictures of the celebrity for bitcoins to reddit users. Unknowingly, Hamade took screenshots and left identifying pieces of information about himself in the images. Reddit further identified the man, found his name, email, and photographs.
Hamade told MailOnline, “I am not the original leaker,” and “I only reposted one thing that was posted elsewhere and stupidly had my network folders visible.”
Hamade then stated that he believes the users who released the images were not the ones behind the attacks.
“The real guy is on 4chan posting intermittently,” said Hamade. “He’s most likely the one behind it but it does seem the photos passed around to multiple people before being leaked, so it may just be someone who has them and didn’t hack to get them. I’d never in a million years know how to hack into any of the accounts listed. 4chan just attacked me because they like to attack anyone in situations such as this.”
One hacker claims they broke into actresses iCloud account reaping the nude photos of celebrities, but gave no timeframe on how long they had access to the accounts for or how they did it.
As iCloud claims to encrypt the data during transmission and inside their server, this means hackers would have to have access to the account with a username and password, authentication token, or similar.
A script that allowed attackers to brute force, or repeatedly guess passwords till one works, was found on Github and pointed out to The Next Web who investigated. The vulnerability was found in ‘Find my iPhone’ and allowed attackers to freely guess the passwords with no lockout time or restrictions until the correct password was guessed. From there, attackers would be able to access the vault and continuously search through synced content.
While the iCloud brute force tool seems like a flaw that could have allowed attackers access to the celebrities iCloud vault and photos, it also seems unlikely. One celebrity caught in the leak, Mary Elizabeth Winstead, said the photos of her and her husband were taken years ago in the privacy of their own home. She also stated she had since deleted them long ago. Once photos are deleted, they only remain in the iCloud backup for 30 days before being permanently deleted from the service.
Either attackers had access to actresses iClouds for years, Apple is lieing, or there is a seriously vulnerability in the iCloud system.