1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Feds Bust Guy Behind "The Fappening"

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, Jun 10, 2015.

  1. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    http://gawker.com/feds-seized-chicago-mans-computers-in-celeb-nude-leak-i-1709153721

    Last summer, stolen photos of dozens of famous women flooded the internet; eager pervs cheered it as “The Fappening,” a pornographic cataclysm without any clear cause or culprit. But even as the horny internet has (mostly) moved on, the feds have been working hard to identify the culprit or culprits—and they’ve narrowed in on the suspicious activity of at least one man.

    A recently unsealed federal search warrant and related affidavit pertaining to the FBI’s investigation into the iCloud hacker ring shows the investigation moving offline. On October 15th, 2014, federal agents entered the neat, modest brick home of Emilio Herrera on the South Side of Chicago. According to a sworn affidavit by Special Agent Josh Sedowsky of the FBI’s Cybercrimes Unit, someone
    in this house had been on an iCloud hacking spree.

    “Based on victim account records obtained from Apple,” Sedowsky wrote, “one or more computers used at [Herrera’s house] access or attempted to access without authorization multiple celebrities’ e-mail and iCloud accounts over the course of several months.”

    The affidavit for the first time confirms the scope and authenticity of the picture leak—“female celebrities” are listed as victims, though by initials only: “A.S., C.H., H.S., J.M., O.W., A.K., E.B., and A.H.” These initials
    presumably refer to Abigail Spencer, Christina Hendricks Hope Solo, Jennette McCurdy, Olivia Wilde, Anna Kendrick, Emily Browning, and Amber Heard (though we could be incorrect).

    A still-sealed affidavit obtained and reported by the Chicago Sun-Times refers to a J.L., presumably Jennifer Lawrence, the breach’s highest-profile victim:

    The agent described one interview with “J.L.” that he had to stop because she became “very distraught.”

    “J.L. stated she was having an anxiety attack and was visibly shaken,” the agent wrote.

    Herrera’s alleged iCloud cracking went way beyond that narrow list of celebs: between May 31, 2013, and August 31, 2014, his IP address “was used to access approximately 572 unique iCloud accounts,” and “in total, the unique iCloud accounts were accessed 3,263 times.” The FBI doesn’t disclose the exact number of famous accounts breached during this account, but notes that “a number” of them belonged to “celebrities” involved in the Fappening, and “the majority of the other accounts accessed from [Herrera’s home] were accounts of celebrities, models or their friends and families.”

    The affidavit cites an additional (perhaps unrelated) 4,980 attempted reset attempts against 1,987 different password. The sealed warrant reported by the Sun-Times reports an equally prolific iCloud hacker at another Chicago address:

    The IP address on Narragansett accessed 330 unique iCloud accounts between May and August 2014, according to the other. Of those, 291 allegedly belonged to people who registered their accounts outside Illinois. Those 291 accounts were accessed more than 600 times, the agent wrote.

    This was much more than a hobby.

    In addition to the scope of the attack, the FBI affidavit offers new details of how the breach itself went down. In the case of A.S., she “recalled getting locked out of her online accounts” between April and May 2014—that’s several months before the leak. “All [stolen] photos were taken with her iPhone and sent
    through iMessage to her boyfriend”:

    In the case of A.H., “some of the [stolen] photos were sent to her fiancé, [while] others were never sent and only stored on her phone.”

    It’s clear now that the celebrity iCloud heist was done through the oldest (and most reliable) method of online malice: phishing emails and a password reset. Anything pertaining to password cracking and phishing is called out in a “list of items to be seized” on the FBI’s warrant:

    The agents walked out of Herrera’s house with multiple computers, a cell phone, storage devices, and a Kindle Fire:

    What remains unclear is how these people were caught. Calls to the Herrera residence went unanswered, as did a message to a personal email listed in the affidavit—my first question would’ve been how someone capable of a vast password hijacking operation would forego a VPN or other method of masking his IP address. That’s a rookie screwup.

    It’s also unclear what the search of Hererra and the other Chicago address mean for the state of the investigation—the former has not yet been charged with any crime, nor is he even considered a suspect at this point, puzzlingly. An FBI spokesperson declined to comment on any particulars of this investigation beyond the fact that no charges have been filed yet.
     
  2. moneyfreedom

    moneyfreedom Jr. VIP Jr. VIP

    Joined:
    Jul 1, 2011
    Messages:
    302
    Likes Received:
    379
    Occupation:
    Internet Marketer
    "between May 31, 2013, and August 31, 2014, his IP address "was used to access approximately 572 unique iCloud accounts," and "in total, the unique iCloud accounts were accessed 3,263 times.""

    And to think that all he had to do was use proxies or torbrowser and he would've covered his tracks.
     
  3. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    884
    Likes Received:
    3,324
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    The Nude-Stealing iCloud Thieves Are Sad Their Party Is Over

    "For years now, a group of anonymous friends have been stealing photos of you from your iCloud accounts and trading them on a website called Anon-IB. Apple kept it easy to steal from you up until very recently. Now the Anon-IB boys are all upset.

    To be completely clear, it's still far easier than it should be to find, download, and store naked photos of you that you thought were safe on Apple's servers: the company still doesn't require two-factor authorization for iCloud accounts. But it's slightly better.

    The minimum amount better.

    Many Anon-IB'ers agree that leak "traders" spoiled the action for the people doing the actual hacking—no one seemed to care when it was photos of college classmates, but once it became Jennifer Lawrence, they drew global attention. What was once a semi-private hobby for a small set of predatory users turned into an international story.

    "This was bound to be over at one point," agrees another. "I'm surprised it went on for a couple of years unsanctioned.""

    http://valleywag.gawker.com/icloud-isnt-safe-because-everyones-a-target-and-apple-1629660564

    http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/all/

    http://anon-ib.ch/
     
  4. antichrist

    antichrist Jr. VIP Jr. VIP

    Joined:
    Aug 21, 2012
    Messages:
    1,942
    Likes Received:
    2,562
    Location:
    On top of the world!
    IPs are not people! He will have a strong defense...