Security News > 2021 > August > Fake Apple rep amasses 620,000+ stolen iCloud pics, vids in hunt for images of nude women to trade

A California man this month admitted he stole hundreds of thousands of photos and videos from strangers' Apple iCloud accounts to find and share images of nude young women.

Chi, using the online name "Icloudripper4you," worked with other unidentified miscreants to obtain files from Apple customers' iCloud accounts by impersonating Apple customer support representatives in email messages.

Starting in September 2014 and continuing at least through May 2018, Chi obtained victims' Apple IDs and passwords by posing as a tech support rep and used those credentials to scour their iCloud accounts for nude pictures and videos.

In his agreement to plead guilty earlier this month [PDF], Chi confessed he obtained unauthorized access to at least 306 iCloud accounts for people - primarily young women - in Arizona, California, Connecticut, Florida, Kentucky, Louisiana, Maine, Massachusetts, Ohio, Pennsylvania, South Carolina, and Texas.

According to the Los Angeles Times, FBI agents found more than 500,000 emails in two Gmail accounts used for the scheme, with credentials for about 4,700 iCloud accounts.

In order for any such encryption to function effectively, iCloud customers would have to manage a separate decryption key, in addition to their Apple ID and password, to protect against social engineering attacks that dupe them into granting account access to attackers.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/24/los_angeles_county_man_pretended/