Man impersonates Apple support, steals 620,000 photos from iCloud accounts

The man was after sexually explicit photos and videos that he would then share online or store in his own collection.

A California man has fessed up to breaking into the Apple iCloud accounts of hundreds of individuals and downloading more than 620,000 images and 9,000 videos while on the prowl for nude photos of young women. He would then share or trade these images online or keep them for his own collection.

Hao Kuo Chi, a 40-year-old citizen of La Puente, Los Angeles County, pleaded guilty to four counts including committing computer fraud, according to a report by the Los Angeles Times. Going by the online handle “icloudripper4you”, he billed himself as being adept at infiltrating iCloud accounts and pilfering their content, an activity he referred to as “ripping”.

According to his plea agreement, Chi was able to access the iCloud accounts of at least 306 victims from around the United States. After investigators searched his house, he also admitted to infiltrating some 200 accounts at the behest of individuals that he had met online.

RELATED READING:Jail for man who hacked 1000 student email accounts in search for sexually explicit images

“Chi acknowledged in court papers that he and his unnamed co-conspirators used a foreign encrypted email service to communicate with each other anonymously. When they came across nude photos and videos stored in victims’ iCloud accounts, they called them ‘wins,’ which they collected and shared with one another,” reads the Los Angeles Times report.

To achieve his goal, Chi contacted his victims and duped them into parting with their Apple IDs and passwords by masquerading as an Apple customer support agent using various email accounts. The Federal Bureau of Investigation (FBI) said that it was able to pinpoint two Gmail addresses that were used to trick victims – “applebackupicloud” and “backupagenticloud”, which contained in excess of half a million emails. These included some 4,700 emails with iCloud user IDs and passwords that Chi received. According to the FBI, Chi had over 620,000 photos and 9,000 videos, which were partly organized based on whether they contained explicit images or not.

How to keep your Apple account secure

Phishing campaigns are one of the favorite tools in a cybercriminal’s tool bag. Over the years, online fraudsters have been finetuning their ruses, so much so that many schemes may be difficult to spot even for the trained eye. However, there are still multiple steps you can take to keep your accounts secure:

  • If you receive an unsolicited email from a service you supposedly use, scrutinize the email address; if it didn’t come from an official support address (in this case Gmail) you’re most probably dealing with a scam.
  • Look out for bad spelling and numerous grammar mistakes, more often than not, phishing emails are riddled with them.
  • Always enable two-factor authentication (2FA), which acts as an extra layer of security and makes it harder for cybercriminals to infiltrate your account even if they have access to your password. Apple allows you to use one of your Apple devices as an authentication factor by displaying a verification code on it. Besides trusted devices, you can also set up trusted phone numbers by following Apple’s handy guide to their 2FA settings.

If you want to take a deep dive into the tell-tale signs of phishing, read our article on how to recognize phishing messages. If you’d like to test yourself on whether you’re adept at spotting the phish, you can take our phishing quiz.

FURTHER READING: What Pippa Middleton can teach us about iCloud security

written by Amer Owaida, ESET We Live Security


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s