Where did those leaked nude celebrity photos come from? And what is the “deep web?”

iCloud hacked celebrity photos leaked graphic - click to enlarge

The entertainment world is still in shock after hundreds of stolen personal photos of mostly female celebrities were leaked online over the weekend, a huge majority of which feature the celebrities nude or in otherwise intimate settings. Although the authenticity of some of the photos has been called into question, the majority of them are believed to be real. So how did this happen? Where did the photos come from, and how did someone steal them?

From all of the evidence gathered online since the images were first posted via anonymous image boards AnonIB and 4chan on Sunday, it seems the first misconception we need to get out of our head is that this was just one person. There is apparently a ring of online hackers who have been working together, along with non-hacking collectors with money to spend, for years compiling a massive collection.

From Gawker’s very informative “Everything We Know About the Alleged Celeb Nude ‘Trading Ring’ and Leak” post:

Since the leak itself on Sunday, posters on AnonIB—which contains both a “stolen photos” board and a “celebs” board—and 4chan have hinted at some kind of nebulous crew of celebrity-focused hackers involved in trading or selling their “wins.” The multiple dates on the photos and multiple apparent vectors for hacking provide some circumstantial support to this idea. One 4chan poster even outlined what he claims was a years-old “ring” of celebrity-photo traders—a group that you could only join by providing your own nudes, or buying your way in.

As far as how the hackers were able to acquire the photos, the answer to that question appears to have multiple answers as well. Most everyone thinks that the majority of the stolen photos and videos were taken from the celebrities’ iCloud accounts, but after two days of vigilant research, Apple has determined that they were not stolen due to a breach of security or any sort of backdoor hack, but were instead taken after the accounts were logged into with the correct usernames and passwords.

Here is the full statement from Apple:

Update to Celebrity Photo Investigation

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.

Although Apple can say iCloud security was technically not breached, it is thought that the thieves were able to somehow circumvent the usual restrictions on how many times you are able to attempt to log in before being shut out by the system. TheNextWeb.com reported on a bug in the system that could have been what allowed the thieves in:

On Monday, a Python script emerged on GitHub (which we’re not linking to as there is evidence a fix by Apple is not fully rolled out) that appears to have allowed malicious users to ‘brute force’ a target account’s password on Apple’s iCloud, thanks to a vulnerability in the Find My iPhone service. Brute-force attacks consist of using a malicious script to repeatedly guess passwords in an attempt to discover the correct one.

The site updated after Apple’s announcement, but points out that the result of Apple’s investigation “did not address the vulnerability discussed here.”

Another theory was posed by Avast security firm blogger Stefanie Smith on Tuesday that the hackers may have been able to access iCloud and other accounts with information obtained in recent security breaches at other sites:

The hackers could have gained access to celebrity email and password combinations through breaches like the recent eBay breach or Heartbleed, which affected nearly two-thirds of all websites, including Yahoo Mail, OKCupid and WeTransfer. If the celebrities whose photos have been exposed were affected by these breaches and used the same passwords on several accounts, including iCloud, it would have been easy for the hackers to steal their personal photos.

It is believed that not all of the photos were taken via iCloud, which jibes with the notion that this is a group of individuals with a common goal, but completely different resources and tactics.

The FBI released a statement on Monday revealing they are investigating the leaks. “The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter,” the statement said. “Any further comment would be inappropriate at this time.”

Although it is thought that there were also multiple individuals involved in the leak, the initial posting of more than 100 images is believed to be the work of one person known as “Original Guy,” who took to the infamous “deep web” just after midnight on Monday for this post:

Guys, just to let you know I didn’t do this by myself. There are several other people who were in on it and I needed to count on to make this happened.

This is the result of several months of long and hard work by all involved. We appreciate your donations and applaud your excitement.

I will soon be moving to another location from which I will continue to post.

To conclude the post, Original Guy shared two different bitcoin addresses and wrote, “BTC donations there are two we have been using. One on here and another for another forum.”

So what is the “deep web” exactly? It essentially refers the parts of the internet that are not indexed by search engines such as Google, Yahoo and Bing — i.e. “off the radar.” It’s sort of a virtual back alley where nothing is on the record, allowing for all sorts of suspicious and often times illegal activities to take place, especially when it comes to the exchange and selling of digital information such as photographs and videos.

Both Jennifer Lawrence and Kate Upton have both suggested they will be pressing the investigation in hopes of pursuing legal action against the individuals responsible for the leaks, and I can only imagine the other victims will be offering their support as well.

You can see the full list of all the celebrities involved in the photos and videos already leaked, as well as those with unreleased pictures and videos that the hackers claim to be in possession of, here. Also included are the responses from numerous celebrities involved, including Jennifer Lawrence, Kirsten Dunst, Kate Upton, Ariana Grande, Victoria Justice, Becca Tobin, Mary Elizabeth Winstead, McKayla Maroney, Melissa Benoist and Yvonne Strahovski.

web analytics