Monday, September 1, 2014

All The Different Ways That 'iCloud' Naked Celebrity Photo Leak Might Have Happened

Business Insider

All The Different Ways That 'iCloud' Naked Celebrity Photo Leak Might Have Happened

Samir Hussein/Getty
After naked photos of around 20 celebrities leaked online last night, the internet scrambled to try and figure out exactly how the images became public. In the original 4chan thread where the hacker first posted the images, the consensus was that Apple's iCloud service was to blame. But how likely is it that Apple's encrypted cloud service led to the mass hack, and what are the other ways that the nude photos could have emerged? iCloud The original leaker behind the celebrity photos claimed that they accessed the images using the iCloud accounts of various celebrities. It's unlikely that someone has broken into Apple's iCloud service. Instead the photos most likely emerged due to a type of hacking known as "social engineering." This exploit works by learning which online services your target uses, and then compiling as much data on them as possible before using that data to either spoof access, or to simply use their email address and a guessed password to log in to their account.
Jennifer Lawrence is known to use iCloud after she let slip in a red carpet interview with MTV this year that she frequently has trouble with the service, remarking "My iCloud keeps telling me to back it up, and I'm like, I don't know how to back you up. Do it yourself."
After discovering the iCloud account of a celebrity, it's trivially easy to access their online photo backup through Apple's Photo Stream utility and iCloud photo backups. Analysis of the embedded EXIF data (information about where and how the picture was taken that is frequently appended to digital photo images)  included in one of the leaked images shows it was taken a few weeks ago, well within Photo Stream's limit of 30 days before images are deleted. However, actress Mary Elizabeth Winstead claimed on Twitter that the leaked photos of her included in the hack were taken "years ago."
Dropbox or Google Drive Despite the original leaker claiming to have accessed the trove of photos thanks to an iCloud exploit, the range of devices showcased suggests that another service may have been to blame. Various naked celebrities are photographed taking selfies with Android devices and webcams. Leaked videos could not have originated from the iCloud photo backup service. The range of devices and media may mean that another backup service like Dropbox or Google Drive could be the originator of the leaked photos, with both services offering automatic backup tools for photos and videos imported from cellphones.
Snapchat Several of the leaked celebrity photos had text overlaid, which indicates that at least some of the photographs were first sent through Snapchat. While Snapchat has struggled with security issues in the past, it's unlikely that the app was the source of all the nude photos. Rather, it may be that it was either accessed as part of a larger hack, or screenshots of images received through the app were discovered after hacking into a backup service.
A hacked insider Many celebrities don't manage their devices themselves, instead they hand them over to an assistant to do all the boring things like backing up photos or managing iCloud accounts. The sheer number of photos involved in this hack suggests that someone has been saving up naked photos for a while. Other than the celebrities themselves, the only other people with access to these photos would be the "insiders" who help celebrities get around from day to day, such as personal assistants and bodyguards. If a well-connected and scheming personal assistant had their personal backup account hacked, it could result in a trove of photos similar to what we've seen posted online.
A stolen laptop or phone The leaked photos seemingly originate from a variety of different devices, and two of the videos of British actress Jessica Brown Findlay were made to send to a friend. Could the leaked photos come not from an online hack, but from the physical theft of a phone or laptop belonging to a well-connected celebrity who had been hording naked photos of their friends? While it may seem unlikely, there's actually precedent for unfortunate celebrities losing their devices.
In early 2014 it was reported that Lindsay Lohan and her management were doing "whatever it takes" to try and retrieve a stolen laptop that had gone missing during a trip to China. The laptop's hard drive was reported to contain naked photos of the star, as well as private correspondence with other celebrities such as Lady Gaga and Woody Allen. It's unclear whether Lohan's team were successful in reclaiming the laptop, but no leaked photos of the actress have emerged this year.
A hacker collective The original 4chan thread where the leaked photos surfaced included two different users posting new leaks. It's possible, then, that the trove of leaked celebrity photos came from not a single hack, but a group of enterprising hackers pooling their resources to try and earn the biggest reward.
The 4chan user who posted the majority of the photos was soliciting for Bitcoin donations in order to publish more leaked snaps. While one figure of $40,000 was claimed as the total value of donations, Bitcoin transaction records show that he received only 0.25 bitcoin (around $120).
Could the leaked photos result from a collective gang of hackers sharing their photos in one giant leak in order to maximize the amount of money gained? It's certainly possible, many of the photos in the batch were proven as fake, meaning that they likely came from a variety of sources with varying levels of access and credibility.
The Emmy Awards One of the strangest theories surrounding the hack is that a group of celebrities who attended the recent Emmy Awards were somehow hacked using the venue's Wi-Fi connection. The Def Con conference is often touted as an example of the dangers of using venue Wi-Fi for awards or conferences, with the conference operating a "Wall of Sheep" to showcase the various attendees who have been hacked.


More From Business Insider

end quote from:

All The Different Ways That 'iCloud' Naked Celebrity Photo Leak Might Have Happened

Here's the problem in ANYTHING in "Icloud". If you actually understood where the ICLOUD is you wouldn't put anything you care about in "Icloud". The reason for this is simple. 

ICLOUD if you imagine as a non-programmer is literally like a cloud of information spanning the globe.

Imagine servers all over the world carrying bits and pieces of whatever you put out into the "Cloud". Now, anyone who knows the "Number" of your computer can trace anything that comes from your computer or'Iphone', Ipad, Android anywhere on earth. You only need one person that wants to compile one thing or everyone about you and they, (if they are good with technology) can do this because most information in the Cloud are  vulnerable. 

 

So, people selling the icloud are trying to downplay just how "Vulnerable" everything is in the Icloud world wide. 

 

Everything just stored on your hard drive or a removable hard drive for back up instead of in the cloud is only vulnerable if you leave your computer in your browser mode like Windows Explorer or Firefox (I prefer Firefox because of better security). So, the only time I leave one of my computers with Safari or Firefox on is when I'm using them. 

My Iphone is supposed to be backed up by Icloud but I don't really like that either. However, it is good to know the most vulnerable piece of equipment online that you will ever own (as of now) is your Iphone or android smartphone. Almost anyone good at technology can literally strip off everything off your Iphone or Android any time they want to. So, putting private things on an Iphone is stupid because it is the most public device (worldwide) that you can presently own.

However, I recently bought an Iphone 5s (why?) because it is the easiest most intuitive device to learn to use effectively. 

However, I know it is the most vulnerable device known to man as far as hacking goes, so anything I put there through texts or conversation or anything else I imagine I'm saying in a crowded place like a Restaurant or other public place where people might be listening. Whatever you do with your Iphone or Android you really shouldn't do unless you would do it in a public place and show whatever you are doing to everyone there like in a restaurant or theater or shop or store. If you can't imagine doing this then whatever it is you shouldn't be doing it on your smart phone.

This is what I believe. So, why would I own an Iphone5S? Because it is convenient and because I know what it actually is. It is a public information system in which literally anything I put there or do or say or text there could be compromised worldwide at any given moment or moments.


Later: People talk about how ICloud has an encryption algorithm but when you have thousands to millions of "safe crackers" Internet style spending every minute of the day cracking codes for a living, this is going to be cracked. Any code that can be written can be "hacked" sooner or later either directly or through some kind of "Back Door" that programmers put in for debugging software for easier access. 

So, one of the ways people hack is to "pay-off" the programmers for thousands to millions of dollars. And if this happened who would know?

The problem with everything "secret" on the Internet is: "Where there's a will there's a way" eventually.

I would actually worry about Countries who have millions or billions of dollars to "pay-off" programmers or someone like ISIS that might have somewhere between 500 million up to 1 billion dollars for these kinds of purposes. Remember ISIS makes between 3 million to 6 million dollars a day just through extortion and kidnapping westerners and rich middle eastern people.

 

 

No comments: