A posse of hackers tried to breach Apple’s iCloud service and succeeded big time. Part of the reason for this apparent ease in security violation was the weak in-built defenses of the platform.
Since there were no limitations on the number of times someone could keep on guessing the password to someone else’s account, the end result was that many people’s private stuff got exposed by the hackers.
The script used reportedly belonged to hackapp that was given first by a Russian duo, Andrey Belenko and Alexey Troshichev, that has cleared their names since it was not their fault that an invention bearing their imprint was used for wrongful purposes.
HackApp posted an apology blog on the news that their script was being used by hackers to hack many celebrities personal nude photos. They feel "really sorry that talk given by @hackappcom and @abelenko on local @DefconRussia a group meeting (@chaos_construct event) few days ago have had such nasty consequences. And blackhat community performed such weak, cheap and ungrateful feedback."
They stated that "we only described the way HOW to hack AppleID. Stealing private 'hot' data is outside of our scope of interests. We discuss such methods of hacks in our's narrow range, just to identify all the ways how privacy can by abused."
Their message to all the people who frequent the folds of cyberspace is that since nowadays nothing is safe from the clutches of the nefarious elements of society, extreme care and caution had to be exercised.
"For everyone, who was involved in this incident, I want to remind, that today we are living in Brave New Global World, when privacy protection wasn't ever so weak, and you have to consider, that all you data from "smart" devices could be accessable from internet,which is the place of anarchy, and, as result, could be source of undesirable and unfriendly activity," the statement reads.
The Internet, they said, was an anarchic domain where truly anything was possible. And while this could be for good purposes, it could also work in an evil way.
I have to repeat once again THERE IS NO any evidences, that #ibrute was involved in this incident. If you have any, I look forward— HackApp (@hackappcom) September 1, 2014
"Weak "dictonary" passowrd (like P@$$w0rd), is not the best way to protect yourself in modern world. But it's not your fault, it's the total problem of modern-being, that people use technology, without understanding all the risks and consequences. Not all users are nerds (look - Jim Parsons account was not hacked!)," the blog further states.
The fact that a service such as Apple’s iCloud contained nude photos of celebrities is not the only one of our concerns. An even bigger one is that this way anyone’s bank account or email or personal documents could end up in someone else’s hands.
And that is cause for worry indeed. The ID authenticity is the crux of the matter. It is here that the shield of protection ought to be so tough that the world’s most dangerous hackers will fail to break through it and access what is not rightfully theirs.
Meanwhile, both the FBI and Apple Incorporated are looking into the matter. As they say, two heads are better than one. The celeb photos that have been leaked online include nudes of Rihanna and Kim Kardashian.
“If the celebs’ iCloud account passwords were brute forced, the problem seems to be lack of rate limiting by Apple, not lack of crypto,” said Christopher Soghoian, principal technology at the American Civil Liberties Union.
“Once Apple’s privacy and PR teams respond to the celeb iCloud fiasco, I hope Apple donates several million dollars to usable security research… Blame the tech companies for delivering products with crappy default security settings, not the non-expert users whose accounts are hacked.”
"Even if you have deleted those photos from your phone, often times they've already been uploaded into the cloud," said Clifford Neuman, the director of the USC Center for Computer System Security. "When you deleted them from the phone, they continue to exist."
New arrangements in security protocol will have to be instituted by Apple under the watchful eye of the FBI. Otherwise some class “A” lawsuits will probably get filed by the celebs for this obvious shattering of their confidentiality status.
"The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter. Any further comment would be inappropriate at this time," FBI said in a statement issued yesterday. "We take user privacy very seriously and are actively investigating this report."
The long list of celebs whose nude photos leaked by 4chan includes such illustrious names as:
and not to mention many others. Many celebs have reacted on this hacking. See the responses of some celebs below.
Jennifer Lawrence's rep: "This is a flagrant violation of privacy. The authorities will prosecute anyone who posts the stolen photos."— Jennifer Lawrence (@JLdaily) August 31, 2014
"This is obviously an outrageous violation of our client, Kate Upton's, privacy," Kate Upton's attorney, Lawrence Shire, said in a statement. "We intend to pursue anyone disseminating or duplicating these illegally obtained images to the fullest extent possible."
These so called nudes of me are FAKE people. Let me nip this in the bud right now. *pun intended*— Victoria Justice (@VictoriaJustice) August 31, 2014
to every1 going on about my "nudes" & my "m&g prices" neither are real! my lil ass is a lot cuter than that lmao & tour details r comin soon— Ariana Grande (@ArianaGrande) September 2, 2014
but forreal tho whoever thought those were actually me...... love u but I'm praying for u— Ariana Grande (@ArianaGrande) September 2, 2014
To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves.— Mary E. Winstead (@M_E_Winstead) August 31, 2014
Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this. Feeling for everyone who got hacked.— Mary E. Winstead (@M_E_Winstead) August 31, 2014
the fake photos of me are crazy!! was trying to rise above it all, and not give "the creator" the time of day.. BUT.. pic.twitter.com/hceQcOxYkJ— McKayla Maroney (@McKaylaMaroney) September 1, 2014
Thank you iCloud— Kirsten Dunst (@kirstendunst) September 1, 2014