Scammer Infiltrated Thousands of iCloud Accounts to Find Nude Photos

[szw-mapple fan]

4,700 iCloud user IDs and passwords.
Horrible, are people actually stupid enough to give out their passwords?
Sometimes you lose faith in the human race.

It’s not about stupidity.

For example, it can come in the form of an Apple branded email telling the user their account was recently logged in at location X and immediately reset their password if it was not them. The linked login page that steals their password is typically identical to the legitimate site. Most users simply don’t know enough to know if a email or login webpage is legitimate or forgot to check in a rush to reset their password.

There are lots of ways people can fall for these type of things. Someone who knows what they’re doing can make it look very legitimate, even get an SSL certificate so people who know enough to look for the lock in the address bar are fooled. This is why 2FA is so important.

 

[6787872]

make 2FA mandatory.

 

[jonnysods]

So at trial do they have to show the pics as evidence?

 

[ajfahey]

It’s his “His unknown co-conspirators” that really need to be taken down. Otherwise, he’s just the stupid fall-guy that got conned. Waiting for the second shoe of FBI to fall. if it doesn’t, that fact could be very telling about the FBI and the supposed blindness of our system of justice.

 

[Maconplasma]

"In a phone call with The Los Angeles Times, Chi said that he was "remorseful" for what he did, but claimed he had a family to support. He said that he was afraid public exposure of his crimes would "ruin [his] whole life.""

😂😂😂

 

[velocityg4]

uploading nudies to iCloud has got to be the most moronic computer activity a person can do

I think uploading them to Instagram would be stupider.

 

[JMacHack]

To all the smart alecs on here, not everyone is as tech savvy as you and I. It is an unfortunate fact that some people are easy targets. Victim blaming is not big and it’s not clever, no matter how “dumb” you think the victims are.

Chances are though, they have better interpersonal skills than the lot you and are quite likely just nicer human beings.

People who take obscene pics of themselves get what they deserve.

 

[_Spinn_]

Creep. I’m glad he got caught.

 

[coachgq]

Throw his behind in jail for 100 years. Let him be the example. Got to be some way to keep people from doing this to others.

 

[Michael Scrip]

"...by impersonating Apple customer support staff and sending out emails to trick his victims into providing Apple IDs and passwords. Chi used social engineering and phishing schemes to coerce his victims, and he did not breach Apple's iCloud protections."

Just like with the original Fappening... people are the problem... not the technology.

 

[Morgenland]

It’s not about stupidity.

For example, it can come in the form of an Apple branded email telling the user their account was recently logged in at location X and immediately reset their password if it was not them. The linked login page that steals their password is typically identical to the legitimate site. Most users simply don’t know enough to know if a email or login webpage is legitimate or forgot to check in a rush to reset their password.

There are lots of ways people can fall for these type of things. Someone who knows what they’re doing can make it look very legitimate, even get an SSL certificate so people who know enough to look for the lock in the address bar are fooled. This is why 2FA is so important.

The same is also available from banks, everything looks "totally real". But who reacts to such nonsense. Just stupid people. And some are so stupid that they even don't activate 2FA, as you could read in the article.
People are the problem.

 

[jseymour]

There isn’t enough free porn in the world already?

Apparently his customers wanted photos and videos of specific individuals.

 

[Michael Scrip]

The same is also available from banks, everything looks "totally real". But who reacts to such nonsense. Just stupid people. And some are so stupid that they don't activate 2FA, as you could read in the article.

Exactly.

I remember getting phishing emails from Bank of America.

The URL in the email was bankofamerica.corn

See the problem? Most people wouldn't even notice it.

🤣

 

[Morgenland]

Exactly.

I remember getting phishing emails from Bank of America.

The URL in the email was bankofamerica.corn

See the problem? Most people wouldn't even notice it.

🤣

Right, this is exactly what I was talking about. A drama, this mankind.

 

[bivalvegruff]

Chi's scam fell apart after he hacked the iCloud account of an unnamed public figure in March 2018 and the photos ended up on pornographic websites. The FBI launched an investigation, and found that a log-in to the victim's iCloud account had come from Chi's home.

Oh my god that’s disgusting. The photos ended up on a porn site? I mean there are so many of them though. Which one?

 

[Donoban]

uploading nudies to iCloud has got to be the most moronic computer activity a person can do

Clearly you’re not from the younger demographic.

 

[JMacHack]

Clearly you’re not from the younger demographic.

Just because younguns do it doesn’t make it smart.

 

[centauratlas]

"he was afraid public exposure of his crimes would "ruin [his] whole life."

Yes, that is the plan. Let's hope it works.

Yeah. Of course he didn't think about the "public exposure of his victims" though and what that might do to their lives.

 

[JMacHack]

Yeah. Of course he didn't think about the "public exposure of his victims" though and what that might do to their lives.

My god, now everyone will know that they had the bad sense to upload nudes of themselves! The horror!

 

[jseymour]

It’s not about stupidity.

Having retired from a network-security-related job I have to disagree. Ok, stupidity and/or ignorance. Sometimes willful ignorance.

I did a thing unusual in the I.T. field. Something the vast majority of SysAdmins will insist does not work: I relied greatly on end-user education and cooperation for my employer's defense. To a degree such that it took higher precedence than anti-virus and anti-malware. By any measure it was a successful strategy. In the twenty-five years I was on the job, there was only one significant incident, it was due to a new type of zero-day vulnerability, and the primary vector had actually done everything right.

 

[Donoban]

Oh my god that’s disgusting. The photos ended up on a porn site? I mean there are so many of them though. Which one?

• Hao Kuo Chi, 40, of La Puente, California, pleaded guilty to one charge of conspiracy and three counts of gaining access to unauthorized computers
• The FBI found that Chi had 620,000 images and 9,000 videos from victims across 500,000 emails
• In 2007, a Geek Squad member by the same name was accused of using a phone camera to take a video of a woman in the shower on a house call

 

[macduke]

Someone should tell this guy that the internet is already full of nude photos and it's not even illegal.

 

[JMacHack]

• Hao Kuo Chi, 40, of La Puente, California, pleaded guilty to one charge of conspiracy and three counts of gaining access to unauthorized computers
• The FBI found that Chi had 620,000 images and 9,000 videos from victims across 500,000 emails
• In 2007, a Geek Squad member by the same name was accused of using a phone camera to take a video of a woman in the shower on a house call

Come to think of it, where the hell did he store it all?

Is this why MR always complains about the price of storage on Apple products?

 

[nikhsub1]

Is it really hacking when people are so stupid they are giving you their icloud login and password? This isn't hacking but exploiting idiots.

 

[TMRJIJ]

All that for a piece of ass…