THE celebrities whose naked pictures were leaked on the internet may have been the victims of phishing or a massive “brute force” assault by hackers, according to experts.
The photographs had been stolen by hackers from each woman’s personal Apple iCloud account — a remote storage service.
Apple conducted a 40-hour investigation but claimed to find no breach of the company’s systems, including its iCloud servers, and attributed the leak to a “targeted attack on user names, passwords and security questions, a practice that has become all too common on the internet”.
The pictures were leaked by a member of a large network who had been hacking and collecting the material for months. It followed a wave of phishing emails to Apple users seeking their passwords. Vladimir Katalov, the head of ElcomSoft, a Moscow-based password specialist, said he believed the celebrities were the victims of a phishing attack in which they were sent a bogus email directing them to a fake iCloud login page to steal their details.
He also warned that hackers could potentially steal far more sensitive information than pictures.
Advertisement
“To me, the photographs are perhaps the least interesting pieces of information,” Katalov added.
Although the leak was prompted by a falling-out between members of the hacking network, it also coincided with revelations that a flaw in Apple’s Find my iPhone service could allow a hacker to make multiple guesses at a password without the account holder being notified — a “brute force” attack.
Readily available password-guessing software would then make it easy to access the account, according to Dr David Day, a computer forensics expert at Sheffield Hallam University who advises the National Crime Agency on cybercrime. “Using malicious code, this would allow a hacker to make hundreds of thousands of guesses a second, running through very large lists containing the most commonly used 30m or so passwords,” Day said.
“Most people’s passwords are in these lists and it’s only a matter of minutes — often seconds — before they are found.”
Among the victims were the actresses Jennifer Lawrence and Jessica Brown-Findlay and the model Kate Upton.
Advertisement
The leak could hardly have come at a worse time for Apple, which is expected to launch a larger iPhone 6 on Tuesday. It is also hoping to introduce a smartwatch that will monitor fitness and allow wearers to pay for goods remotely without taking out their wallets.