By Amer Owaida
The man was after sexually explicit photos and videos that he would then share online or store in his own collection
A California man has fessed up to breaking into the Apple iCloud accounts of hundreds of individuals and downloading more than 620,000 images and 9,000 videos while on the prowl for nude photos of young women. He would then share or trade these images online or keep them for his own collection.
Hao Kuo Chi, a 40-year-old
citizen of La Puente, Los Angeles County, pleaded guilty to four counts
including committing computer fraud, according to a report
by the Los Angeles Times. Going by
the online handle “icloudripper4you”, he billed himself as being adept at
infiltrating iCloud accounts and pilfering their content, an activity he
referred to as “ripping”.
According to his plea
agreement, Chi was able to access the iCloud accounts of at least 306 victims
from around the United States. After investigators searched his house, he also
admitted to infiltrating some 200 accounts at the behest of individuals that he
had met online.
“Chi acknowledged in court papers that he and
his unnamed co-conspirators used a foreign encrypted email service to
communicate with each other anonymously. When they came across nude photos and
videos stored in victims’ iCloud accounts, they called them ‘wins,’ which they
collected and shared with one another,” reads the Los Angeles Times report.
To achieve his goal, Chi
contacted his victims and duped them into parting with their Apple IDs and
passwords by masquerading as an Apple customer support agent using various
email accounts. The Federal Bureau of Investigation (FBI) said that it was able
to pinpoint two Gmail addresses that were used to trick victims – “applebackupicloud”
and “backupagenticloud”, which contained in excess of half a million emails.
These included some 4,700 emails with iCloud user IDs and passwords that Chi
received. According to the FBI, Chi had over 620,000 photos and 9,000 videos,
which were partly organized based on whether they contained explicit images or
not.
How to keep
your Apple account secure
Phishing campaigns are one
of the favorite tools in a cybercriminal’s tool bag. Over the years, online
fraudsters have been finetuning their ruses, so much so that many schemes
may be difficult to spot even
for the trained eye. However, there are still multiple steps you can take to
keep your accounts secure:
· If you receive an unsolicited email from a service
you supposedly use, scrutinize the email address; if it didn’t come from an
official support address (in this case Gmail) you’re most probably dealing with
a scam.
· Look out for bad spelling and numerous grammar
mistakes, more often than not, phishing emails are riddled with them.
· Always enable two-factor
authentication (2FA),
which acts as an extra layer of security and makes it harder for cybercriminals
to infiltrate your account even if they have access to your password. Apple
allows you to use one of your Apple devices as an authentication factor by
displaying a verification code on it. Besides trusted devices, you can also set
up trusted phone numbers by following Apple’s handy guide to their 2FA settings.
If you want to take a deep
dive into the tell-tale signs of phishing, read our article on how to recognize
phishing messages. If you’d
like to test yourself on whether you’re adept at spotting the phish, you can
take our phishing quiz.