9to5Mac

FBI: California man accessed thousands of iCloud accounts in search for nude photos and videos

By Chance Miller

August 24, 2021

A California man has pled guilty to four felonies after breaking into “thousands of iCloud accounts” in an attempt to steal and share nude images of women, according to a new report from the Los Angeles Times. The man admitted to impersonating Apple customer support representatives, tricking them into providing him with their Apple ID login information.

According to federal authorities, court documents, and an FBI investigation, 40-year-old Hao Kuo Chi gained access to photos and videos of at least 306 victims and built a collection of 620,000 photos and 9,000 videos, which he then hosted on his Dropbox account. He would then organize the images by whether the account “contained a ‘win’ of nude images,” according to the FBI.

The investigation revealed that Chi posed as a technical support agent capable of breaking into iCloud accounts to steal photos and videos. He marketed himself as “iCloudRipper4You” and would oftentimes seek out victims based on requests from other people. That is, Chi would receive a request to break into someone’s iCloud account, then approach that person under the guise of an Apple support employee.

In court papers, the FBI identified two Gmail addresses that Chi used to lure victims into changing their iCloud sign-on information: “applebackupicloud” and “backupagenticloud.” The FBI said it found more than 500,000 emails in the two accounts, including about 4,700 with iCloud user IDs and passwords that were sent to Chi.

Chi’s conspirators would request that he hack a certain iCloud account, and he would respond with a Dropbox link, according to a court statement by FBI agent Anthony Bossone, who works on cybercrime cases.

Things began going awry for Chi in 2018 when he gained access to an unidentified celebrity’s iCloud account, and the images ended up getting posted on a pornographic website. Investigators tracked down the iCloud login to Chi’s house and requested data from sources, such as Apple, Google, Dropbox, Facebook, and Charter Communications.

Investigators soon discovered that a log-in to the victim’s iCloud account had come from an internet address at Chi’s house in La Puente, Bossone said. The FBI got a search warrant and raided the house May 19. By then, agents had already gathered a clear picture of Chi’s online life from a vast trove of records that they obtained from Dropbox, Google, Apple, Facebook and Charter Communications.

Chi has agreed to plead guilty to one count of conspiracy and three counts of gaining unauthorized access to a protected computer. He could face up to five years in prison for each of the charges. In all instances, the stolen images were kept secure on Apple’s iCloud servers, with the account owners handing over the login credentials under the illusion that Chi was an Apple employee. There was no breach whatsoever of Apple’s iCloud security systems. As always, it’s important to never give out your iCloud login information and to enable two-factor authentication on your account to prevent unauthorized access.

You may remember the infamous situation in 2014 where nude photos of many celebrities were posted on Reddit and 4Chan. These photos were also leaked via iCloud, with what Apple called a “very targeted attack on user names, passwords and security questions” affecting “certain celebrity accounts.”

Learn more