iCloud Watch

Naked celebs: Hackers download sext selfies from iCloud #thefappening

Scarlett Johansson, Jennifer Lawrence, Kate Upton... the sad list of naked celebs goes on. But what's Apple doing about it?

scarlett johansson naked selfie 2
Marvel Studios / Paramount Pictures

ICYMI (yeah, right): hackers have downloaded celebrities' sex'ting pictures, to the surprise of few (but to the delight of many teenagers). It would appear that the victims' iCloud passwords were phished (or brute-forced, with the aid of a vulnerability, but Apple denies that).

And, no, I'm not going to tell you where to find the stolen images. #thefappening

In IT Blogwatch, bloggers wonder why 4chan's webserver is melting. Not to mention: ScarJo can't sing

Your humble blogwatcher curated these bloggy bits for your entertainment.

According to Aunty's sub-eds, "cloud" is still a word that needs putting in "quotes":

The FBI is looking into allegations that intimate pictures of celebrities have been stolen. ... About 20 personalities...have had images of themselves leaked over the Internet.

Apple says it is investigating [reports that] iCloud accounts have been hacked. ... [Jennifer] Lawrence, who stars in The Hunger Games films...requested an investigation after a hacker apparently obtained...graphic content, from the mobile phones of numerous celebrities. ... A spokeswoman for the actress said the internet posts were "a flagrant violation of privacy."  

Shaun Waterman desperately tries to avoid prurience: [You'd better avoid it too, else you're fired -Ed.]

The theft of the pictures, apparently from the actress’ own smartphone, is the latest in a series of hacking attacks against celebrities. ... “The FBI is investigating a person or group responsible for computer intrusions of high-profile figures,” said Arielle B. DeKofsky, a spokeswoman for the FBI.

Two photographs of Miss Johansson were posted. ... In one picture, the actress can be seen in a mirror, naked from behind, photographing herself. ... The TMZ Hollywood news service said the hackers who stole Miss Johansson’s photos were also behind a series of other cyberthefts of candid photos of young actresses.  

Charles Arthur takes a break from trolling other writers on Twitter, to write this insightful, in-depth report:

Security experts are warning that there could be many more compromised celebrity iCloud accounts after examining file data...stolen from stars including...Kate Upton. One theory gaining ground is that...pictures had been accumulated by one hacker over a period of time - and were then “popped” by another.

The posting to Github of an exploit against Apple’s Find My iPhone service three days ago, which could use a “brute-force” attack...points to the existence of weak links in Apple’s service. ... The original hack looks to have been done by “chaining” between accounts:..the hacker could access [one] address book and use that to attack others’.

Apple has still issued no statement on how many accounts on its iCloud service were broken into.  

So Kashmir Hill answers this very-FAQ:

Predictably, many people respond to these famous women’s revealing photos going viral by saying they shouldn’t have taken naked photos of themselves in the first place. ... This is the “sext abstinence education” approach to scandalous selfies. [But] it’s not practical advice for most people. The digital age has changed courtship in many ways, and this is one of them. [It's] increasingly part of the sexual repertoire; phones have become sex toys.

If it is Apple’s infrastructure to blame, many of these people may not have realized that their photos were being sent to the cloud. ... Whenever a hack happens, there is a tension between the poor practices of the individuals hacked and the company that was supposed to protect their data.  

And the ACLU's Christopher Soghoian notes three un-sexy issues:

If...account passwords were brute forced, the problem seems to be lack of rate limiting by Apple.

The computer security community doesn't really know how to secure data...with a short, mobile friendly password.

Regular people use the default settings that come with products. We need...better defaults.  

"But," I hear you ask, "What's this 4chan thing?" Terrence McCoy obliges: [Careful -Ed.]

It’s possible you’ve never heard of 4chan. It’s not much to look at. ... Called one the “darkest corners of the Web”...and the “ninth circle of Hell,” 4chan twins the irreverent with the abhorrent.

The exact provenance of the images remains murky, like almost everything involving 4chan. [But] what makes 4chan unique may complicate the [FBI] investigation. ... 4chan users operate with complete anonymity.  

All of which makes Philip Elmer-DeWitt gaze wistfully at his calendar:

It almost doesn’t matter if Apple was to blame for the security leak. ... Says Stratechery’s Ben Thompson, the timing couldn’t be worse:

“The iCloud name is associated with this mess, which is bad enough; [but] Apple is allegedly unveiling a new payment capability with the iPhone 6. That, obviously, requires a high degree of security and consumer trust. ... Close observers know that Apple has never really done the cloud well. However, with this episode, that final point has now moved...to [being] a serious problem for Apple. ... And now, one of Tim Cook’s signature-rollouts is going to be tarnished.”  

Meanwhile, Taylor Swift tweets what all the infosec professions are thinking: [Uh, are you sure that's really Ms. Swift? -Ed.]

Computer security's dirty little secret is how much of the "hacking" people hear about is just brain-dead, color-by-numbers stuff.  MORE

Update: Apple breaks its silence (via Bob Brown):

We wanted to provide an update to our investigation. ... When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. ... We have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions. ... None of the cases we have investigated has resulted from any breach in any of Apple’s systems.  MORE

Update 2: Marco Tabini advises you not to look at his naked body:

Were I to ever start taking nude selfies...the embarrassment of seeing them plastered all over the Internet would pale in comparison to the fear of my address book, banking credentials, and all the other sensitive information that I regularly back up to iCloud being stolen. ... When someone can ruin you financially, take everything you own, and burn down your home...focusing on keeping your naughty bits private [is] missing the forest for the trees.

The solution to our security problems, if there is one, lies at the intersection between technology and usability. The good news is that’s exactly where you’ll find Apple’s greatest ability to make a dent. ... Hopefully, Apple will be able to look at security as a human problem...leading the industry towards a future in which we can all be a little safer.  

And Finally…
A painful reminder that Scarlett can't sing

Copyright © 2014 IDG Communications, Inc.

Shop Tech Products at Amazon