Online hacking of personal information has become a common occurrence in today’s digital world. Attackers are always finding ways of finding compromising information regarding their targets then using it to blackmail them. Most of the hackers are rarely tracked and therefore always go unidentified. This paper will discuss the iCloud leak and how it occurred as well as discusses phishing attacks and how they can be avoided.
The iCloud leak occurred on 31st August 2014. The leak involved private photos of celebrities being leaked from iCloud to many social media sites such as Reddit. On this particular incident, nude and other revealing photos of celebrities were leaked on 4Chan a known web site where users share photographs without exposing their identities. The group of hackers that leaked the photos was called ‘the collector’, and they distributed the leaked photos in exchange for bitcoins. Anonymous users of 4Chan then distributed the photos to other sites such as Imgur and Reddit. A sub-Reddit was even created specifically to share the photos and videos and the site gained so many followers overnight. Eventually, the photos were trending all over social media sites. During the attack, over 500 accounts belonging to celebrities were hacked. The photos were then available on the internet and people judged the victims harshly (Martinez, 2014). Some of the victims swore to have anyone who would post or share those photos arrested because they were being shared illegally.
Celebrities such as Jennifer Lawrence, Kate Upton, Rihanna and Ariana Grande were some of the victims to the leak. Unknown users of 4Chan said the photos were gotten from Apple’s iCloud service. However, Apple denied the claims and insisted that despite the fact that iCloud allows users to synchronize iCloud to their personal devices; the site was well secured and could not allow a leak. Some of the celebrities who were interviewed after the leak confirmed the authenticity of the photos while others disputed the credibility of the photos. Some of the victims blamed Apple claiming that the online storage sites were confusing to the users and hence that could have been a source of the hack. ICloud allows the users to input their passwords several times (Martinez, 2014). It was therefore argued that the attackers guessed the passwords of the specific users several times till they were able to access their photos.
There are claims that some of the photos had been hacked a year earlier and stored by the hackers awaiting the opportune time to leak them. One target said that the photos leaked had been deleted a year earlier before the leak occurred. It could therefore imply that either Apple has a backup of photos even after they are deleted or that the hackers had launched the attack years earlier.
Immediately the photos were leaked, Apple called for a press conference to address the problem. The company insisted that the hack did not occur as a result of Apple going against the terms of security for their customers. The spokesperson insisted that the company upholds customer confidentiality and would not go against it. The company said that the attack succeeded after hackers guessed usernames and passwords to iCloud (Martinez, 2014). Apple advised its users to secure their information with strong passwords and enable the two step verification to ensure their information was safe.
After the attack, the Federal Bureau of Investigation (FBI) was used to conduct the investigations. The courts discovered that the attack was not a brute force attack involving multiple password guesses but rather it was a phishing attack. The attack occurred after corrupt emails were sent to the targets requiring them to log in to their emails. The emails purported to be from Apple and Google. Upon logging in, the attacker was able to collect passwords and download icloud accounts. The downloaded accounts were then used to collect the compromising photos of the victims. Some of the perpetrators of the heinous act were caught through tracing their IP addresses. One of the attackers by name Ryan Collins was found in an apartment at Pennsylvania. His house had many cell phones and computers. Ryan admitted to have sent a phishing email to some of the celebrities telling them that their accounts were compromised and they should hence log in to their accounts to avoid further damage. Those who responded to the emails allowed the hacker to tap into their passwords which enabled him access to the users’ iCloud accounts and thus personal photos. Some of the attackers were imprisoned while others were fined to cater for emotional damages they caused their targets. Ryan Collins was imprisoned for 18 months. Later, a man named Emilio Herrera was caught in Chicago and his house also had many computers and mobile phones. He was associated with the leak. In 2016, another man by name Edward Majerczyk was found at Illinois and was suspected to have been associated with the leak (Eleftheriou-Smith, 2014). Edward also pleaded guilty of phishing attacks.
The iCloud leak on celebrities’ photos has made people extra careful on how they store their data. Attackers are everyday coming up with new strategies to gain targets. Some of the most hacked sites such as iCloud accounts always offer a more convenient way of storing data for users. Companies are also targets to attacks and they should therefore device ways of storing data in a more secure way.