Los Angeles resident Hao Kuo Chi has pleaded guilty to a series of crimes related to hacking Apple iCloud accounts and then distributing user files. In total, the attacker managed to steal more than 620 thousand photos and 9000 videos of a private nature.
After entering into a pre-trial agreement with the prosecution, Chi spoke of at least 306 victims. It is possible that the criminal is greatly underestimating his "achievements", since the FBI found out that 4700 out of 500 thousand letters sent to his Gmail addresses contain iCloud login information that was tricked by the attacker.
The cybercriminal selected his victims based on online requests from interested users. He promoted his hacking services on hacker forums. The customers named the iCloud account that needed to be hacked, after which Chi used the addresses of the Gmail mail service, impersonating Apple technical support.
If the victim believed the offender and shared with him the information necessary to log into the account, he saved the available videos and photos in Dropbox, and then sent a link to the materials to customers.
According to court documents, the perpetrator acted both in the interests of the customers and in his own, keeping copies of the stolen content. Despite the fact that the attacker used a secure email service, his actions were primitive and depended on the willingness of victims to share the data necessary to log into iCloud, and the number of naive users turned out to be quite large.
It turned out that in 2108, one of the victims found her photos on adult sites. Initially, images were stored on the iPhone, and later were saved to iCloud. As soon as the victim complained to law enforcement agencies, it turned out to be extremely easy to find the offender - he entered other people's accounts directly from his home. By the time the agents received the search warrant, they already knew almost everything about the scheme used by the criminal, thanks to the data requested from Dropbox, Google, Apple, Facebook and Charter Communications.
On August 5, Chi was found guilty of four counts of illegal access to user data and criminal conspiracy with a group of individuals. For each episode, he faces up to 5 years in prison, but it is most likely that the attacker will get off with a lighter punishment thanks to remorse and a deal with the investigation.
0 Comments:
Post a Comment
Your comment and facebook share will be appreciated