9to5Mac

FBI: California man accessed thousands of iCloud accounts in search for nude photos and videos

By Chance Miller

August 24, 2021

According to federal authorities, court documents, and an FBI investigation, 40-year-old Hao Kuo Chi gained access to photos and videos of at least 306 victims and built a collection of 620,000 photos and 9,000 videos, which he then hosted on his Dropbox account. He would then organize the images by whether the account “contained a ‘win’ of nude images,” according to the FBI.

The investigation revealed that Chi posed as a technical support agent capable of breaking into iCloud accounts to steal photos and videos. He marketed himself as “iCloudRipper4You” and would oftentimes seek out victims based on requests from other people. That is, Chi would receive a request to break into someone’s iCloud account, then approach that person under the guise of an Apple support employee.

In court papers, the FBI identified two Gmail addresses that Chi used to lure victims into changing their iCloud sign-on information: “applebackupicloud” and “backupagenticloud.” The FBI said it found more than 500,000 emails in the two accounts, including about 4,700 with iCloud user IDs and passwords that were sent to Chi.

Chi’s conspirators would request that he hack a certain iCloud account, and he would respond with a Dropbox link, according to a court statement by FBI agent Anthony Bossone, who works on cybercrime cases.

Things began going awry for Chi in 2018 when he gained access to an unidentified celebrity’s iCloud account, and the images ended up getting posted on a pornographic website. Investigators tracked down the iCloud login to Chi’s house and requested data from sources, such as Apple, Google, Dropbox, Facebook, and Charter Communications.

Investigators soon discovered that a log-in to the victim’s iCloud account had come from an internet address at Chi’s house in La Puente, Bossone said. The FBI got a search warrant and raided the house May 19. By then, agents had already gathered a clear picture of Chi’s online life from a vast trove of records that they obtained from Dropbox, Google, Apple, Facebook and Charter Communications.