Scammer Infiltrated Thousands of iCloud Accounts to Find Nude Photos

A criminal from Los Angeles has pled guilty to felony charges after breaking into thousands of iCloud accounts to hunt down nude photos of women, reports The Los Angeles Times.

iCloud General Feature
Hao Kuo Chi collected more than 620,000 private photos and videos by impersonating Apple customer support staff and sending out emails to trick his victims into providing Apple IDs and passwords. Chi used social engineering and phishing schemes to coerce his victims, and he did not breach Apple's ‌iCloud‌ protections.

Chi accessed photos and videos from at least 306 victims across the United States, and most of them were young women. Some of the victims were attacked at the request of people that Chi met online after he marketed himself as "icloudripper4you," a service that could break into ‌iCloud‌ accounts to steal photos and videos.

His unknown co-conspirators would ask Chi to hack a specific ‌iCloud‌ account, and he would respond with a Dropbox link. Chi operated two Gmail addresses "applebackupicloud" and "backupagenticloud," where the FBI found more than 500,000 emails with approximately 4,700 ‌iCloud‌ user IDs and passwords that he had been sent from his victims.

Chi's scam fell apart after he hacked the ‌iCloud‌ account of an unnamed public figure in March 2018 and the photos ended up on pornographic websites. The FBI launched an investigation, and found that a log-in to the victim's ‌iCloud‌ account had come from Chi's home.

Chi has pled guilty to one count of conspiracy and three counts of gaining unauthorized access to a protected computer, and he now faces up to five years in prison for each crime. In a phone call with The Los Angeles Times, Chi said that he was "remorseful" for what he did, but claimed he had a family to support. He said that he was afraid public exposure of his crimes would "ruin [his] whole life."

The unauthorized ‌iCloud‌ access perpetrated by Chi is similar to a 2014 attack that saw hackers gain access to celebrity iCloud accounts through their username and password.

After that incident, Apple bolstered ‌iCloud‌ account security, offering two-factor authentication and sending emails whenever there's a new login to an ‌iCloud‌ account. The people involved in Chi's attack likely did not have two-factor authentication enabled.

Apple recommends two-factor authentication for all Apple IDs to add extra security, and it offers a support document on how to avoid phishing schemes like the one used by Chi.

Tag: iCloud

Top Rated Comments

ComRadMac Avatar
8 weeks ago
"he was afraid public exposure of his crimes would "ruin [his] whole life."

Yes, that is the plan. Let's hope it works.
Score: 47 Votes (Like | Disagree)
JMacHack Avatar
8 weeks ago

uploading nudies to iCloud has got to be the most moronic computer activity a person can do
Incorrect, giving out the password to your cloud-hosted nudies is more stupid.
Score: 28 Votes (Like | Disagree)
iObama Avatar
8 weeks ago
"I had a family to support."

Wonder what they're gonna do now that you're in prison, *******.
Score: 26 Votes (Like | Disagree)
daved2424 Avatar
8 weeks ago
To all the smart alecs on here, not everyone is as tech savvy as you and I. It is an unfortunate fact that some people are easy targets. Victim blaming is not big and it’s not clever, no matter how “dumb” you think the victims are.

Chances are though, they have better interpersonal skills than the lot you and are quite likely just nicer human beings.
Score: 26 Votes (Like | Disagree)
LukeDizzle Avatar
8 weeks ago
Link?

Asking for a friend
Score: 19 Votes (Like | Disagree)
Le Big Mac Avatar
8 weeks ago
At least 620,000 photos/videos of people having sex have been uploaded to iCloud? Come on people!
Score: 17 Votes (Like | Disagree)

Related Stories

iCloud General Feature

iCloud+'s New Custom Email Domain Feature Now Available in Beta

Wednesday August 25, 2021 7:48 am PDT by
Starting with iOS 15, iPadOS 15, and macOS Monterey, users with a paid iCloud+ storage plan can personalize their iCloud email address with a custom domain name, such as johnny@appleseed.com, and the feature is now available in beta. iCloud+ subscribers interested in setting up a custom email domain can visit the beta.icloud.com website, select "Account Settings" under their name, and select ...
icloud mail redesign

Web-Based iCloud Mail Redesign, Hide My Email, and Custom Domain Features Now Live

Monday September 20, 2021 1:00 pm PDT by
Alongside the launch of iOS 15, iPadOS 15, tvOS 15, and watchOS 8, Apple has also pushed an update for its iCloud.com website, introducing a new look for iCloud Mail that's viewed on the web. The new web-based iCloud Mail design looks similar to the Mail apps on devices running iOS 15, iPadOS 15, and the beta version of macOS Monterey. It is a cleaner and more streamlined look than the prior ...
icloud passwords for windows

Apple Releases iCloud 12.5 for Windows With iCloud Keychain Password Manager App

Monday August 16, 2021 11:50 am PDT by
Apple today released a new version of its iCloud for Windows app, with the 12.5 update adding a new iCloud Keychain password manager app for Windows users. With the new password management option, those who are running Windows can access their iCloud Keychain passwords and can add, edit, copy and paste, delete, and look up usernames or passwords. Apple in January released an updated version...
iCloud General Feature

iCloud+ to Let iCloud Mail Users Personalize Their Email Domain Name

Tuesday June 8, 2021 2:41 am PDT by
At its WWDC keynote on Monday, Apple announced that iCloud is getting a premium subscription tier called "iCloud+," which includes tentpole privacy features like Private Relay and Hide My Email. Another feature included in iCloud+ that wasn't discussed in the keynote is the ability to create a custom email domain name. From Apple's iOS 15 features preview page, under the iCloud+ section: Cus...
iCloud General Feature

Apple Confirms Detection of Child Sexual Abuse Material is Disabled When iCloud Photos is Turned Off

Thursday August 5, 2021 2:16 pm PDT by
Apple today announced that iOS 15 and iPadOS 15 will see the introduction of a new method for detecting child sexual abuse material (CSAM) on iPhones and iPads in the United States. User devices will download an unreadable database of known CSAM image hashes and will do an on-device comparison to the user's own photos, flagging them for known CSAM material before they're uploaded to iCloud...
iOs 15 Photos Feature

iOS 15 Messages Bug Causes Saved Photos to Be Deleted

Wednesday September 29, 2021 1:28 pm PDT by
A serious bug in the iOS 15 Messages app can cause some saved photos to be deleted, according to multiple complaints we've heard from MacRumors readers and Twitter users. If you save a photo from a Messages thread and then go on to delete that thread, the next time an iCloud Backup is performed, the photo will disappear. Even though the image is saved to your personal iCloud Photo...
apple privacy

Apple Publishes FAQ to Address Concerns About CSAM Detection and Messages Scanning

Monday August 9, 2021 1:50 am PDT by
Apple has published a FAQ titled "Expanded Protections for Children" which aims to allay users' privacy concerns about the new CSAM detection in iCloud Photos and communication safety for Messages features that the company announced last week. "Since we announced these features, many stakeholders including privacy organizations and child safety organizations have expressed their support of...
macos big sur ios 14 iphone 12 pro macbook air icloud drive desktop documents hero

Apple Merging 'iCloud Documents and Data' Service With iCloud Drive in May 2022

Tuesday May 11, 2021 2:36 am PDT by
Apple plans to merge its iCloud Documents and Data service with iCloud Drive starting in May of 2022, according to a support document published late last week (via MacGeneration). iCloud Drive and iCloud Documents and Data share the fundamental ability to backup data from apps. However, iCloud Documents and Data was often a cumbersome, confusing experience. In contrast, iCloud Drive is more...
Whatsapp E2EE Backups

WhatsApp's End-to-End Encrypted Chat Backups Feature Now Rolling Out

Friday October 15, 2021 1:09 am PDT by
WhatsApp end-to-end encrypted backups are now rolling out for iPhone users, Facebook has announced. Until now, WhatsApp let users back up their chat history to ‌‌iCloud‌‌, but the messages and media contained in the backups weren't protected by WhatsApp's end-to-end encryption while in ‌‌Apple's cloud servers‌. Since Apple holds the encryption keys for ‌iCloud‌ Backup, a...
apple privacy

Apple Makes iCloud Safari Bookmarks End-To-End Encrypted [Updated]

Monday October 4, 2021 1:28 am PDT by
Apple has toggled end-to-end encryption for Safari bookmarks in iCloud, further expanding the type of user data that the company fully encrypts, offering the highest level of privacy and data protection. Spotted on Reddit, an update to Apple's "iCloud security overview" page has indicated that alongside Safari tabs and history, Safari bookmarks are now end-to-end encrypted, meaning no one,...