Scammer Infiltrated Thousands of iCloud Accounts to Find Nude Photos

A criminal from Los Angeles has pled guilty to felony charges after breaking into thousands of iCloud accounts to hunt down nude photos of women, reports The Los Angeles Times.

iCloud General Feature
Hao Kuo Chi collected more than 620,000 private photos and videos by impersonating Apple customer support staff and sending out emails to trick his victims into providing Apple IDs and passwords. Chi used social engineering and phishing schemes to coerce his victims, and he did not breach Apple's ‌iCloud‌ protections.

Chi accessed photos and videos from at least 306 victims across the United States, and most of them were young women. Some of the victims were attacked at the request of people that Chi met online after he marketed himself as "icloudripper4you," a service that could break into ‌iCloud‌ accounts to steal photos and videos.

His unknown co-conspirators would ask Chi to hack a specific ‌iCloud‌ account, and he would respond with a Dropbox link. Chi operated two Gmail addresses "applebackupicloud" and "backupagenticloud," where the FBI found more than 500,000 emails with approximately 4,700 ‌iCloud‌ user IDs and passwords that he had been sent from his victims.

Chi's scam fell apart after he hacked the ‌iCloud‌ account of an unnamed public figure in March 2018 and the photos ended up on pornographic websites. The FBI launched an investigation, and found that a log-in to the victim's ‌iCloud‌ account had come from Chi's home.

Chi has pled guilty to one count of conspiracy and three counts of gaining unauthorized access to a protected computer, and he now faces up to five years in prison for each crime. In a phone call with The Los Angeles Times, Chi said that he was "remorseful" for what he did, but claimed he had a family to support. He said that he was afraid public exposure of his crimes would "ruin [his] whole life."

The unauthorized ‌iCloud‌ access perpetrated by Chi is similar to a 2014 attack that saw hackers gain access to celebrity iCloud accounts through their username and password.

After that incident, Apple bolstered ‌iCloud‌ account security, offering two-factor authentication and sending emails whenever there's a new login to an ‌iCloud‌ account. The people involved in Chi's attack likely did not have two-factor authentication enabled.

Apple recommends two-factor authentication for all Apple IDs to add extra security, and it offers a support document on how to avoid phishing schemes like the one used by Chi.

Tag: iCloud

Top Rated Comments

ComRadMac Avatar
5 weeks ago
"he was afraid public exposure of his crimes would "ruin [his] whole life."

Yes, that is the plan. Let's hope it works.
Score: 47 Votes (Like | Disagree)
JMacHack Avatar
5 weeks ago

uploading nudies to iCloud has got to be the most moronic computer activity a person can do
Incorrect, giving out the password to your cloud-hosted nudies is more stupid.
Score: 28 Votes (Like | Disagree)
iObama Avatar
5 weeks ago
"I had a family to support."

Wonder what they're gonna do now that you're in prison, *******.
Score: 26 Votes (Like | Disagree)
daved2424 Avatar
5 weeks ago
To all the smart alecs on here, not everyone is as tech savvy as you and I. It is an unfortunate fact that some people are easy targets. Victim blaming is not big and it’s not clever, no matter how “dumb” you think the victims are.

Chances are though, they have better interpersonal skills than the lot you and are quite likely just nicer human beings.
Score: 26 Votes (Like | Disagree)
LukeDizzle Avatar
5 weeks ago
Link?

Asking for a friend
Score: 19 Votes (Like | Disagree)
Le Big Mac Avatar
5 weeks ago
At least 620,000 photos/videos of people having sex have been uploaded to iCloud? Come on people!
Score: 17 Votes (Like | Disagree)

Top Stories

iCloud General Feature

iCloud+'s New Custom Email Domain Feature Now Available in Beta

Wednesday August 25, 2021 7:48 am PDT by
Starting with iOS 15, iPadOS 15, and macOS Monterey, users with a paid iCloud+ storage plan can personalize their iCloud email address with a custom domain name, such as johnny@appleseed.com, and the feature is now available in beta. iCloud+ subscribers interested in setting up a custom email domain can visit the beta.icloud.com website, select "Account Settings" under their name, and select ...
icloud mail redesign

Web-Based iCloud Mail Redesign, Hide My Email, and Custom Domain Features Now Live

Monday September 20, 2021 1:00 pm PDT by
Alongside the launch of iOS 15, iPadOS 15, tvOS 15, and watchOS 8, Apple has also pushed an update for its iCloud.com website, introducing a new look for iCloud Mail that's viewed on the web. The new web-based iCloud Mail design looks similar to the Mail apps on devices running iOS 15, iPadOS 15, and the beta version of macOS Monterey. It is a cleaner and more streamlined look than the prior ...
icloud passwords for windows

Apple Releases iCloud 12.5 for Windows With iCloud Keychain Password Manager App

Monday August 16, 2021 11:50 am PDT by
Apple today released a new version of its iCloud for Windows app, with the 12.5 update adding a new iCloud Keychain password manager app for Windows users. With the new password management option, those who are running Windows can access their iCloud Keychain passwords and can add, edit, copy and paste, delete, and look up usernames or passwords. Apple in January released an updated version...
iCloud General Feature

iCloud+ to Let iCloud Mail Users Personalize Their Email Domain Name

Tuesday June 8, 2021 2:41 am PDT by
At its WWDC keynote on Monday, Apple announced that iCloud is getting a premium subscription tier called "iCloud+," which includes tentpole privacy features like Private Relay and Hide My Email. Another feature included in iCloud+ that wasn't discussed in the keynote is the ability to create a custom email domain name. From Apple's iOS 15 features preview page, under the iCloud+ section: Cus...
iCloud General Feature

Apple Confirms Detection of Child Sexual Abuse Material is Disabled When iCloud Photos is Turned Off

Thursday August 5, 2021 2:16 pm PDT by
Apple today announced that iOS 15 and iPadOS 15 will see the introduction of a new method for detecting child sexual abuse material (CSAM) on iPhones and iPads in the United States. User devices will download an unreadable database of known CSAM image hashes and will do an on-device comparison to the user's own photos, flagging them for known CSAM material before they're uploaded to iCloud...
apple privacy

Apple Publishes FAQ to Address Concerns About CSAM Detection and Messages Scanning

Monday August 9, 2021 1:50 am PDT by
Apple has published a FAQ titled "Expanded Protections for Children" which aims to allay users' privacy concerns about the new CSAM detection in iCloud Photos and communication safety for Messages features that the company announced last week. "Since we announced these features, many stakeholders including privacy organizations and child safety organizations have expressed their support of...
macos big sur ios 14 iphone 12 pro macbook air icloud drive desktop documents hero

Apple Merging 'iCloud Documents and Data' Service With iCloud Drive in May 2022

Tuesday May 11, 2021 2:36 am PDT by
Apple plans to merge its iCloud Documents and Data service with iCloud Drive starting in May of 2022, according to a support document published late last week (via MacGeneration). iCloud Drive and iCloud Documents and Data share the fundamental ability to backup data from apps. However, iCloud Documents and Data was often a cumbersome, confusing experience. In contrast, iCloud Drive is more...
icloud

Apple Seemingly Adds Russia to List of Countries Where iCloud Private Relay Won't Be Available

Friday September 17, 2021 3:43 am PDT by
Alongside iOS 15, Apple introduced an iCloud+ service that adds new features to its paid ‌iCloud‌ plans. One of these features is ‌iCloud‌ Private Relay, which is designed to encrypt all of the traffic leaving your device so no one can intercept it or read it. According to Apple, "regulatory reasons" prevent the company from launching Private Relay in China, Belarus, Colombia, Egypt, ...
apple passkey

Apple Aiming to Eliminate Passwords With Face ID/Touch ID Passkeys

Thursday June 10, 2021 1:34 pm PDT by
Apple is developing a new passkey feature that will allow customers to use Face ID and Touch ID-based account authentication in lieu of a password, Apple engineer Garrett Davidson explained today in a WWDC developer session (via CNET). "Passkeys in iCloud Keychain," a feature in iOS 15 and macOS Monterey, stores a new WebAuthn credential called a passkey in iCloud keychain. It's used instead ...
apple prepare for new iphone

Apple Prompts Pre-Order Customers to 'Get Ready' for New iPhone 13 With iCloud Syncing and Trade-Ins

Monday September 20, 2021 2:23 pm PDT by
iPhone users who have pre-ordered an iPhone 13 model are seeing a new prompt in the Settings app that walks through the steps of preparing for a new device. Tapping on this prompt encourages users to make sure that iCloud syncing is enabled for all of their apps for a complete iCloud backup, offering up an option to turn on syncing for any app that doesn't have it on. The feature also...