Icloud Hacked Celebrity Photos

🔞 ALL INFORMATION CLICK HERE 👈🏻👈🏻👈🏻

Icloud Hacked Celebrity Photos
Late Tuesday, Apple released an update to the celebrity photo investigation. The company confirmed that the pictures were stolen from celebrities’ accounts which suffered a “very targeted attack,” but its engineers exclude the possibility that the breach was caused by the exploitation of any flaws in the iCloud architecture or in the Find My iPhone feature:
“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved. ” states the Apple advisory.


Exam Pass Guarantee
Live instruction
CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!


The gossip news of this week is the alleged hack of Apple’s iCloud of many celebrities. Hundreds of naked photos purportedly belonging to more than one hundred actors and singers have been disclosed online.
On Sunday, the pictures of 101 celebrities, including Ariana Grande, Jennifer Lawrence, Victoria Justice, Kate Upton, Kim Kardashian, Rihanna, Kirsten Dunst and Selena Gomez were posted on the online image sharing forum 4chan, and rumors report that the pictures were obtained from the celebrities’ accounts on the Apple iCloud service .
Download The Ransomware Paper for real-world ransomware examples, mistakes and lessons learned.
Anonymous users on 4chan claimed to have taken them from the service, and despite that Apple hasn’t commented on the event, the analysis of the image embedded EXIF metadata confirms that the majority were taken using Apple devices. However, actress Mary Elizabeth Winstead claimed that her leaked pictures were taken “years ago.”
A detailed analysis of the metadata of the leaked image is available on Pastebin at the following address:
The anonymous user who first posted the celebrities’ photos claimed to have other pictures and explicit videos of Lawrence and requested donations via PayPal and Bitcoin for posting them.
The incident has raised questions about the level of security offered by online services like cloud storage . The iCloud service allows Apple users to automatically store their data online, including photos, documents and emails. Users can access their documents from anywhere once authenticated to the service. It’s likely that the attackers initially compromisedtheiCloudaccount belonging to one or more celebrities, then by “chaining” between accounts, obtained access to the victim’s address book to gather data for further attacks.
The 4chan user who posted the majority of the photos was soliciting for Bitcoin donations in order to publish more leaked pictures and videos.
The analysis of the transaction records related to the Bitcoin account (18pgUn3BBBdnQjKG8ZGedFvcoVcsv1knWa) used as the collector for the donations reveals that it has received eight donations for a total of 0.26 BTC.
Figure – Bitcoin account used by the hacker who leaked the pictures
It’s unlikely that hackers have compromised the entire Apple iCloud service and its infrastructure. The alleged attacker most likely used some hack to target specific accounts.
We already discussed in the past that there are many ways to violate a user account. An attacker could guess the user’s credentials, steal them with a malware, or simply reset the victim’s account by finding the associated email address and then answering the ‘ security questions ‘. An attacker could collect necessary information on the victims through various forms of social engineering attacks. The data gathered could help him to execute an emergency procedure (e.g. password reset, backup reset) simply answering a series of questions.
The website The Next Web , after the publication of the photos, has revealed the existence of a code for the hacking of iCloud that was posted to the open-source website GitHub.
The application exploits a vulnerability, already fixed by Apple, in the ‘ Find my iPhone ‘ service to guess passwords with unlimited attempts without being locked out.
The Find My iPhone feature allows users to locate and protect their Apple devices (iPhone, iPad, iPod touch, or Mac) if they are lost or stolen. The attacker can brute force the victim’s account, an operation that could be improved by choosing the passwords from a dictionary of words and phrases. The choice of these databases of passwords could be driven by the knowledge of the victims, of their habits and their preferences.
One of the celebrity victims of the data leakage, Jennifer Lawrence, has confirmed the authenticity of her pictures. Her spokesperson defined the incident as a “flagrant violation of privacy” and menaced to prosecute anyone who shared the images online.
“The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence,” the spokesperson said.
Security experts are speculating that photos may have been stolen from victims’ Dropbox accounts. Someone has hypothesized that insiders “with access to data somewhere made a private stash” and was subsequently hacked by the individual who leaked the pictures online.
I exclude the above hypothesis because iCloud backups, including photos, are encrypted, and even by accessing the account it is not possible to decrypt the information stored in the Apple Cloud.
“Some have also pointed to the presence of a Dropbox tutorial file in one hacked account as suggesting that the third-party cloud storage service was a source of some pictures,” states The Guardian in a post on the incident.
Another popular mobile application was mentioned in numerous articles posted on the data leakage is Snapchat. Several pictures had text overlaid, which indicates that at least some of the pictures were shared with Snapchat. Although Snapchat was affected by major security issues in the last months, it’s unlikely that its violation is the cause of the data breach.
At the time of this writing, Apple has fixed the security vulnerability in the Apple iCloud service that could have been exploited by attackers to violate celebrity accounts and steal their photos. The security patch comes just a few hours after hackers published hundreds of nude celebrity photos on 4chan.
The hackers that leaked the private celebrity photos online may have exploited a flaw in the Apple’s “Find my iPhone” feature, which allows an attacker to brute force the user’s account.
A few hours after the data leakage, on the GitHub online repository was published a Python script that could be used to “brute force” an Apple iCloud account’s password, exploiting the vulnerability in the Find My iPhone service. The attacker could use the script to repeatedly guess passwords in an attempt to discover the right one.
The script was available for anyone, at least for a couple of days, before Apple fixed the vulnerability, blocking the accounts after five failed attempts.
It’s unclear how long this vulnerability was present in the Find my iPhone feature. The only certainty is that the flaw was exploitable by attackers who were aware of the victims’ email address.
The owner of the tool, Hackapp , reported that the fix was applied 3:20am PT. Anyway, he remarked that there is no evidence that ibrute was involved in this incident.
“I’ve not seen any evidence yet, but I admit that someone could use this tool,” he said.
Figure – GitHub PythonScript Read me file

The script can guess passwords repeatedly without any lockout or alert to the target. Once the password is discovered, it could be used to access the victim’s account.
Hackapp confirmed that this kind of flaw is very common for authentication service interfaces:
“This bug is common for all services which have many authentication interfaces” and that with “basic knowledge of sniffing and reversing techniques” it is “trivial” to uncover them,” said the expert.
Hackapp also posted the slides which included details on the attack scheme and an analysis of security issues related to the iCloud keychain.
Figure – Slides published by Hackapp
An interesting point of view is that of Christopher Soghoian, principal of technology at the American Civil Liberties Union, on the the flaw in the Apple system and its alleged exploitation:
“If the celebs’ iCloud account passwords were brute forced, the problem seems to be lack of rate limiting by Apple, not lack of crypto,” commented Soghoian via Twitter.
In May 2014, cyber criminals targeted a large number of Australian users of Apple’s iCloud with a sophisticated extortion scheme.
Apple users were targeted by the ransomware-like attack which locked iPhone, Mac and iPads through iCloud and a message originating in Apple’s Find my iPhone service that stated “Device hacked by Oleg Pliss”.
Implementing a consolidated extortion scheme, the criminals request to unlock the device by sending up to $100 ransom to a specific Paypal account.
“I went to check my phone and there was a message on the screen (it’s still there) saying that my device(s) had been hacked by ‘Oleg Pliss’ and he/she/they demanded $100 USD/EUR (sent by paypal to lock404(at)hotmail.com) to return them to me,” wrote a victim of the new ransomware on the Apple Support Forum.
In reality, Apple users are not facing a classic infection of their devices by ransomware; the attackers allegedly hijacked Apple’s Find My iPhone feature. In this way criminals remotely lock iOS and Mac devices and send messages demanding ransom money.
The cyber criminals were using compromised iCloud accounts that were likely not using a two-step verification process. For these accounts, hackers are able to gain device access simply by using stolen credentials.
In this attack scenario, the only possibility to recover the device for owners of Apple devices is to reset it in “recovery mode”, but this process will erase all data stored on the device and applications installed.
The hunt for the culprit is open. The developer Bryan Hamade is one of the principal individuals suspected for the data leakage. Reddit and 4chan users speculated on the possibility that Hamade is the culprit because a screenshot posted online appeared to show a series of names connected with a web development company in Georgia.
Figure – Bryan Hamade suspected as culprit of the hack
The man refused the accusation and explained to the media that he only has reported the images.
“I only reposted one thing that was posted elsewhere and stupidly had my network folders visible.”
“I am not the original leaker. The real guy is on 4chan posting intermittently,” “He’s most likely the one behind it but it does seem the photos passed around to multiple people before being leaked, so it may just be someone who has them and didn’t hack to get them. I’d never in a million years know how to hack into any of the accounts listed. 4chan just attacked me because they like to attack anyone in situations such as this,” he said.
Hamade revealed that he his receiving continuous threats from people investigating the alleged iCloud hack:
“It’s been a nightmare and I haven’t slept in 34 hours, now. 4chan users are harassing me with non-stop phone calls and emails. They email me constantly, emailing saying they’ll hack my personal websites and keep calling my phone, calling me a fag and then hanging up. They also said they’ll hack my mom’s site, so I took it down … I regret it so much … I didn’t even get any bitcoin out of it. It’s the stupidest thing I’ve done and I hope it won’t ruin my life, though it probably will since it’s just the biggest news story.”
Cloud storage services are very popular. Users and enterprises store an impressive amount of data on the cloud, and it is important to understand how to improve their protection. First of all, let me suggest to activate two factor authentication for the services that implement it, and choose a strong password, especially when it is the only protection that preserves our data.
To compose hard-to-guess passwords, let me recommend:
Avoid trivial passwords because they are always included in a password dictionary. Passwords should not include your name or Login/User ID. It is important to create complex but easy-to-remember passwords. For example, suppose you’re a big fan of The Simpsons. A good password for your e-mail might be something along the lines of: Ih4teM0ntg0m3ry#Burn5 (if you do not get it, it means “I hate Montgomery Burns”). And for Facebook maybe you can use B4rT#I5#MY#Fr13nD (“Bart is my friend”, with numbers in place of letters and every word beginning and finishing in uppercase). These are not so easy to guess by brute force attacks because of the length, character range (upper- and lower-case, numbers, and symbols), and because knowing that you like The Simpsons does not mean that is easy to derive what you think about The Simpsons characters.
When you use long expressions or phrases as a password, try to use some simple technique to substitute one letter for a different letter: for example, replacing every letter ‘a’ with the symbol ‘per cent’. This helps prevent against dictionary attacks while keeping it easy to remember your pass phrase.
Another possibility for users is to adopt password managers which allow users also to use complex passwords.
Be aware, because not only celebrities are exposed to such risks. No matter if you are a manager or a common individual, your data are a precious commodity in the cybercrime ecosystem. For this reason, it is important to know the main cyber threats and the principal mitigation practices. This could be just the beginning. At this moment there is a lot of confusion on the event, but InfoSec’s Taylor Swift warned that other celebrities may have been impacted:
“_This is just the beginning._ Folders of images with thumbnails visible have been shown, many celebs yet to be impacted who will.”
Apple told Recode on Monday it was investigating the incident to discover if these iCloud accounts had really been hacked and how.
“We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Natalie Kerris .
http://www.zdnet.com/after-alleged-icloud-breach-heres-how-to-secure-your-personal-cloud-7000033177/
http://www.theguardian.com/technology/2014/sep/01/naked-celebrity-hack-icloud-backup-jennifer-lawrence
We've encountered a new and totally unexpected error.
A new tab for your requested boot camp pricing will open in 5 seconds. If it doesn't open, click here .
Pierluigi is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, Professor and Director of the Master in Cyber Security at the Link Campus University. He is also a Security Evangelist, Security Analyst and Freelance Writer.

Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.

Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Your email address will not be published. Required fields are marked *

This is a BETA experience. You may opt-out by clicking here
Opinions expressed by Forbes Contributors are their own.
I write about hackers, breaches and enterprise security.
New!
Follow this author to stay notified about their latest stories.
Got it!
A few days ago a group calling themselves hackappcom posted a proof of concept script on the popular code repository called Github that would allow for a user to attempt to breach iCloud and access a user account. This script would query iCloud services via the “Find My iPhone” API to guess username and password combinations. The problem here was that apparently
Apple
was not limiting the number of queries. This allowed for attackers to have numerous chances to guess password combinations without the fear of being locked out.
This script was an output from a talk that was given by Andrey Belenko and Alexey Troshichev called, “ iCloud Keychain and iOS 7 Data Protection ” at the Russian Defcon Group DCG#7812. Based on the note that they posted after the news of the breach started to circulate, they were rather upset that their script was being used to a malicious end.
In justification I can only mention, that we only described the way HOW to hack AppleID. Stealing private "hot" data is outside of our scope of interests. We discuss such methods of hacks in our's narrow range, just to identify all the ways how privacy can by abused.
For everyone, who was involved in this incident, I want to remind, that today we are living in Brave New Global World, when privacy protection wasn't ever so weak, and you have to consider, that all you data from "smart" devices could be accessible from internet,which is the place of anarchy, and, as result, could be source of undesirable and unfriendly activity.
The law of unintended consequences at its finest.
As a result, some ne'er do wells accessed the accounts of some Hollywood actors and leaked their personal pictures online. So, why were these pictures in iCloud? For those of you who may be unaware, iCloud is a service that is offered by Apple to backup data from a user’s iThinger of choice. This service could allow a person to backup their email, contacts, calendars, notes, passbook, keychain and photos to name a few. In the case of a large group of celebrities their data was breached when attackers gained access to their accounts. An unfortunate outcome to say the least.
I nervously checked the settings on my iPhone after news of this incident broke only to find that no, I was not using the service. No nude photos of me. Trust me, that's a blessing.
While this incident has unfortunate ramifications for the victims it has been a great wake up call for others thanks to the huge amount of press coverage. This is an excellent opportunity for people to clean up their password practices and improve their personal security posture. So, how does one avoid this sort of problem? Well, there are few things that you can do to help to potentially avoid this type of end result. First off you can enable two factor authentication on your iCloud account. Once this is enabled a user would receive a four digit
SMS
message with a code to input in addition to their password. This way, if a password is compromised the attacker would still need an SMS code to gain access to the user account.
A second thing to keep in mind is the use of a strong password. Using one such as “password1” is simply inviting disaster. You’d be better served using a password such as “hGYcq6QE6agG8[N&j+a.” or better still, a pass phrase .
The last piece to take into account is making use of a password manager. This is a piece of software that can manage your passwords for you securely. There are excellent products out there that can do this for you such as 1Password from Agilebits, Keepass and Lastpass to name a few.
It is early in the investigation into this breach but, [entity display="Apple" type="organization" subtype="company" key="apple" ticker="AAPL" exchange="NASDAQ" natural_id="fred/company/280" active="false"]Apple [/entity]managed to quickly patc
Cartoon Network Games Teen Titans
Absoluporn.Com
Real Amature Porn Pics