Celeb hacker ‘on the run’

 

 

0317-hacked-getty-ex-tmz-credit

 

Celeb hacker ‘on the run’: Mystery man who calls himself ‘original guy’ says he is the thief who stole hundreds of celebrity nude photos as devastated stars contact authorities

By JAMES NYE FOR MAILONLINE and VICTORIA WOOLLASTON FOR MAILONLINE

  • Man claiming to be in charge of group of hackers who stole nude celebrity pictures is on the run
  • Posted early on Monday morning to confirm his part in the hack
  • Then thanked supporters before announcing he was changing location
  • Another man, Bryan Hamade, 27, denied he was the source of the leak on Monday
  • He tried to sell intimate pictures of Jennifer Lawrence in return for Bitcoin
  • He posted images on Reddit and allegedly tried to sell them for $100 each
  • But he was forced to deny that he was original hacker users identified him
  • Admitted he had been an ‘idiot’ and that photo he had tried to sell was fake

By JAMES NYE FOR MAILONLINE and VICTORIA WOOLLASTON FOR MAILONLINE

The chief hacker who organized the theft of private nude pictures of actresses including Jennifer Lawrence and Kate Upton has gone on the run.

The anonymous individual, who sparked the scandal on Sunday after dumping dozens of naked photographs of female celebrities onto the 4chan online forum, took to the ‘deep web’ forum where the images are thought to have first been posted a week ago to say he had to ‘move location’.

In an apparent attempt to evade the authorities, he said he would be relocating as he thanked his ‘supporters’ who apparently shared the images on AnonIB before they were reposted on forum 4chan on Sunday.

Jennifer Lawrence has reported the stolen image to the authorities, and the FBI are thought to be becoming involved in the international hunt for the hacker.

Confirmation: This post is apparently from one of the hackers who stole dozens of nude pictures from actresses including Jennifer Lawrence and Kate Upton

Confirmation: This post is apparently from one of the hackers who stole dozens of nude pictures from actresses including Jennifer Lawrence and Kate Upton

The hacker, who is referred to by other posters as the ‘original guy’, also appeared to confirm that the hacking  was a conspiracy involving more than just one individual and ‘the result of several months of long and hard work’.

In the post thread written just after midnight on Monday, the anonymous hacker said that he will be moving to another location before seeming to threaten to upload more compromising images – asking for bitcoin (BTC) donations from those willing to pay to see.

‘Guys, just to let you know I didn’t do this by myself,’ wrote the deviant hacker.

‘There are several other people who were in on it and I needed to count on to make this happened (sic).

‘This is  the result of several months of long and hard work by all involved. We appreciate your donations and applaud your excitement.

‘I will soon be moving to another location from which I will continue to post.’

Selfies leaked: Jennifer Lawrence was  the victim of a hacker who posted more than 60 revealing images of the actress online

Selfies leaked: Jennifer Lawrence was the victim of a hacker who posted more than 60 revealing images of the actress online

This comes as it was revealed the hacked nude photographs leaked online of actresses including Jennifer Lawrence and Kate Upton have been traded on the Internet for at least a week and could be just the tip of the iceberg of stolen celebrity pictures.

Exchanged on the deep web black market and deviant message boards specializing in stolen ‘revenge porn’ photography, the compromising pictures have been used as a currency of sorts among perverted members of these forums.

Indeed, in the aftermath of Sunday’s mass dumping of naked pictures, these boards have descended into anarchy and infighting, with a civil war erupting between those who leaked the pictures and those furious their sordid, secret game has been thrown into the public eye.

Worringly for the general public is how simple the posters make their privacy theft seem – and raises the frightening prospect that Apple’s iCloud used by millions is not safe for anyone to store sensitive information on.

In the days before the stolen images were uploaded en masse to the 4chan anonymous image-sharing forum on Sunday, the Internet had been awash with claims by web-perverts that they were trading in the embarrassing photographs.

Among these boasts were that the hackers had accumulated pictures of at least 100 celebrities – and were biding their time before releasing them all online.

However, these outrageous claims seemed to originate not on 4chan, but the pornographic image board, AnonIB, which focuses usually on pornographic photographs of non-celebrity women.

During the last week, threads dedicated to Jennifer Lawrence that claimed to contain genuine images of the naked actress began to flood AnonIB – now proved to be real following the actresses confirmation that the pictures are indeed her.

According to those with knowledge of the threads on AnonIB and 4chan, the hacking of the nude pictures from Apple’s iCloud was not a sudden smash and grab raid on the privacy of the women, rather collected over time until the list of their alleged victims stood at 101 in total.

Almost a week ago: These posts taken from AnonIB reveal the beginnings of boasts in updates which refer to Jennifer Lawrence and a 'major win'

Almost a week ago: These posts taken from AnonIB reveal the beginnings of boasts in updates which refer to Jennifer Lawrence and a ‘major win’

Boasts: The posts from one week ago are in reference to Jennifer Lawrence's nude pictures being traded online on AnonIB

Boasts: The posts from one week ago are in reference to Jennifer Lawrence’s nude pictures being traded online on AnonIB

Disbelief: Some posters openly questioned whether the Jennifer Lawrence threads were really genuinely showing pictures of the star

Disbelief: Some posters openly questioned whether the Jennifer Lawrence threads were really genuinely showing pictures of the star

Realization: On Sunday it dawned on users of AnonIB that the images being peddled for the past week online were in fact genuine

Realization: On Sunday it dawned on users of AnonIB that the images being peddled for the past week online were in fact genuine

It also seems that the hacking may not even be down to one individual, but may in fact be the work of a number of people.

Denial: Georgia software engineer Bryan Hamade has claimed he has been falsely identified as the hacker online by reddit

Denial: Georgia software engineer Bryan Hamade has claimed he has been falsely identified as the hacker online by reddit

The first sign that pictures of Jennifer Lawrence might be online was a post from AnonIB user on Tuesday 26 August that claimed a ‘major win’ for hackers looking for nude pictures of the Oscar winner.

However, many other posters on the anonymous board were skeptical that the pictures were of Lawrence, 24, until a slew of claims made by different posters all popped up on the board with the same revealing pictures.

One in particular bragged that he was ‘ripping iclouds’ – which is allegedly how the pictures were stolen.

However, in the posts the individual claims that the pictures have been online for some time – possibly weeks – which adds credence to the claims they possess the nude images of dozens more celebrities.

One person named online as a hacker by reddit users, has already come forward to deny any allegations against him.

Bryan Hamade told MailOnline that he was categorically not behind any hacking of celebrities private pictures and has not released any to the public.

He claims that he was identified after he lied to a reddit user to try and get bitcoins from them with a photoshopped picture of a celebrity.

This lie caused suspicion to fall on him and a huge reddit investigation reminiscent of their incorrect efforts to name the Boston bombers was launched.

‘I am not the original leaker,’ said Bryan to MailOnline.

‘I only reposted one thing that was posted elsewhere and stupidly had my network folders visible.’

Mr Hamade tried to sell intimate pictures of actress Jennifer Lawrence (left) in return for the internet currency Bitcoin. Kate Upton (right) was among the list of victims whose accounts on iCloud were allegedly hacked into
Kate Upton has been named on a list of victims after her account on Apple's file sharing service was allegedly hacked into

Mr Hamade tried to sell intimate pictures of actress Jennifer Lawrence (left) in return for the internet currency Bitcoin. Kate Upton (right) was among the list of victims whose accounts on iCloud were allegedly hacked into

Hacked: Mary Elizabeth Winstead tweeted that nude photographs of her were taken with her husband 'years ago in the privacy of our home'

Hacked: Mary Elizabeth Winstead tweeted that nude photographs of her were taken with her husband ‘years ago in the privacy of our home’

In an effort to cast the blame elsewhere, Bryan said that he believes the images released on 4chan may not have been leaked by the person or persons who stole them.

‘The real guy is on 4chan posting intermittently,’ said Bryan.

Find My iPhone flaw

Reports suggest a specific flaw in the ‘Find My iPhone’ service may have been to blame.

Code was spotted on software development site Github, that would have allowed malicious users to use ‘brute force’ to gain an account’s password on Apple iCloud, and in particular its Find my iPhone service.

Social engineering

The hackers may have also used ‘social engineering’ techniques to obtain Apple IDs and passwords based on other information.

This includes email address, a mother’s maiden name, a date of birth, and more – all of which is easier to find out about celebrities than the everyday user.

If a celebrity uses the same password across accounts, this would be then make it relatively easy for someone to hack if they had the right information.

Google Drive hack

In June, Google announced its Drive service had a flaw that meant private information was at risk from hackers.

Google patched the flaw in June, but the large number of victims in the 4chan leak also suggests that the hack may have begun months ago – at the time of this flaw.

Dropbox flaw

Similarly, in May, a flaw was found in Dropbox accounts that could have given unauthorized access to accounts.

‘He’s most likely the one behind it but it does seem the photos passed around to multiple people before being leaked, so it may just be someone who has them and didn’t hack to get them.

‘I’d never in a million years know how to hack into any of the accounts listed.

‘4chan just attacked me because they like to attack anyone in situations such as this.’

This comes as it was claimed a flaw in the ‘Find My iPhone’ function of Apple’s iCloud service may have helped a hacker to steal nude photos of Jennifer Lawrence and ‘100 other celebrities’, it today emerged.

The hacker claims he or she broke into stars’ iCloud accounts, including those of the Hunger Games actress, Kate Upton and Rihanna, before publishing them on 4chan, the image-sharing forum.

A list of the alleged victims of the hack – 101 in total – has also been posted online; most of whom have not seen any photographs leaked by the hacker.

A spokesman for Oscar winner Lawrence confirmed to MailOnline the photos of her are genuine.

‘This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence,’ the emailed statement read.

Following the publication of the images of Sunday night, experts have voiced their concerns over how the hacker managed to access them. Now, reports suggest that a specific flaw in the ‘Find My iPhone’ service may have been to blame.

Despite the story breaking last night, Apple is still yet to confirm or deny whether its software was the target of the hacking.

These images were reportedly stolen from iCloud accounts and include private images of Jennifer Lawrence and Kelly Brook. It is not clear how the hacker gained access to the images, although reports state a flaw was discovered in the Find my iPhone service that would have left it open to a ‘brute force’ attack

A variety of theories – including a flaw in the ‘Find My iPhone’ service as well as ‘social engineering’ techniques – have begun to circulate in a bid to explain what might be to blame for the hack.

The phone photos, reportedly obtained through the widely-used online service, were published on 4chan, the anonymous image-sharing forum.

A list of the alleged victims – 101 in total – posted by the hacker has also appeared.

Apple has not commented on the leak, but has previously stressed how important its customers’ privacy is.

The firm’s iCloud service secures data by encrypting it when it is sent over the web, storing it in an encrypted format when kept on server, and using secure tokens for authentication.

This means that data is protected from hackers while it is being sent to devices and stored online.

This suggests the hackers were able to obtain the login credentials of the accounts, and pretend to be the user, in order to bypass this encryption.

Earlier today The Next Web spotted code on software development site Github, that would have allowed malicious users to use ‘brute force’ to gain an account’s password on Apple iCloud, and in particular its Find my iPhone service.

Brute force, also known as ‘brute force cracking’, is a trial-and-error method used to get plain-text passwords from encrypted data.

Just as a criminal might break into, or ‘crack’ a safe by trying many possible combinations, a brute-force cracking attempt goes through all possible combinations of characters in sequence.

In a six-letter attack, the hacker will start at ‘a’ and end at ‘//////’

Find My iPhone helps users locate and protect their iPhone, iPad, iPod touch, or Mac – if it’s ever lost or stolen.

The hackers may have also used ‘social engineering’ techniques to obtain Apple IDs and passwords based on other information they could find.

If the leak didn’t come from iCloud accounts, they may have originated from other cloud devices such as Google Drive. In June, Google announced its Drive service had a flaw that meant private information was at risk. The flaw was patched, but the large number of 4chan victims suggests the hack may have begun months ago

This includes email address, a mother’s maiden name, a date of birth, and more – all of which is easier to find out about celebrities than the everyday user.

In May, iPhone and iPad users were being targeted by hackers who were remotely locking their devices and demanding ransom money in return.

Ransomware attacks, in which criminals remotely gain access to a device and hold it hostage, aren’t new, but they have traditionally targeted laptops and PCs.

In this latest mobile attack, the hackers were controlling gadgets by breaking into customers’ iCloud accounts and remotely locking the devices using the Find My iPhone feature.

Be aware that deleting a photo from a device does not mean it has been deleted from your online storage account.

The photos may also appear in photo streams on other devices, and any phone or tablet that is synced with that iCloud account.

This means you should delete photos from all of these areas if you want to get rid of them permanently.

In order to make your private data more secure, you should cherry-pick the data you store in the cloud and know when the data is set to automatically leave your device.

You should also choose a hard to crack password, and not use that password on any other account.

Stefano Ortolani, security researcher at Kaspersky Lab told MailOnline: ‘The leak is still under scrutiny, so it is not clear at this stage if cloud services are to blame, or if those are just files somehow leaked from a private collection.

‘The security of a cloud service depends on the provider.

‘However, it’s important to consider that as soon as you hand over any data, including photos, to a third-party service, you need to be aware that you automatically lose some control of it. This is also the case for when you upload something online.

‘In order to make your private data more secure, you should cherry-pick the data you store in the cloud and know when the data is set to automatically leave your device.’

For example, iCloud’s My Photo Stream feature uploads new photos to the cloud as soon as the device is connected to Wi-Fi; this is to keep photos synchronised across all your devices.

Disabling this option prevents photos automatically being uploaded.

Actress Mary E Winstead confirmed photos on 4Chan were hers, but stressed that she had deleted them ‘long ago.’

But, when photos that have been uploaded to iCloud are deleted from a phone, they are not necessarily deleted from the online storage.

Apart from iCloud, the photos also remain on the user’s Photo Stream, which would also be available on other devices with which the photos streams were share, such as an iPad or iPod touch, or devices synced with the same iCloud account.

If the leak didn’t come from compromised iCloud accounts, they may have originated from other cloud services such as Google Drive, Dropbox or similar.

In June, Google announced its Drive service had a flaw that meant private information was at risk from hackers.

The security flaw occurred when a file was uploaded to Google Drive, was stored in its original format and contained links to third-party websites.

In this instance, if a user clicked on the embedded link, the administrator of that site could potentially obtain information about the URL of the original document – exposing it to hackers.

Google patched the flaw in June, but the large number of victims in the 4chan leak also suggests that the hack may have begun months ago – at the time of this flaw.

Similarly, in May, a flaw was found in Dropbox accounts that could have given unauthorised access to accounts.

The publication of the photographs calls into question the safety of uploading personal data to iCloud, which was launched by Apple in October 2011.

Despite the story breaking last night, Apple is still yet to confirm or deny whether the service was the target of the hacking.