Nude hunt: LA phisherman accessed 4,700 iCloud accounts, 620K photos

Enlarge / The Internet is unfortunately packed full of criminals seeking to steal sexual (or sexualizable) images from privately held cloud backup accounts. (credit: 1905HKN via Getty Images / Jim Salter)

The LA Times reported this week that Los Angeles man Hao Kuo “David” Chi pled guilty to four federal felonies related to his efforts to steal and share online nude images of young women. Chi collected more than 620,000 private photos and 9,000 videos from an undetermined number of victims across the US, most of whom were young and female.

“At least 306” victims

Chi’s plea agreement with federal prosecutors in Tampa, Florida, acknowledged “at least 306” victims. This number may be considerably smaller than the true total, since the FBI found that about 4,700 out of 500,000 emails in two of Chi’s Gmail accounts—backupagenticloud and applebackupicloud at Gmail—contained iCloud credentials that Chi tricked his victims into providing.

According to Chi, he selected roughly 200 of these victims based on online requests. Chi marketed his iCloud break-in “services” under the nom de guerre icloudripper4you. His “customers” would identify an iCloud account for attack, after which Chi would use his sketchily named Gmail accounts to contact the victim, impersonating an Apple service representative.

Read 11 remaining paragraphs | Comments