A 40-year-old California resident posed as an Apple customer service representative for three years to steal the iCloud accounts of young women, looking for nude photos.
The creepy story, reported by the Los Angeles Times on August 23, 2021, takes place in La Puente, California. On May 19, 2021, the FBI rang the doorbell of a 40-year-old man, Hao Kuo Chi, with a search warrant. This man, who also goes by the name of David, is facing up to 5 years in prison, for which he pleads guilty.
For more than 3 years, this forty-year-old was involved in a network of theft and sharing of nude images – commonly called “nudes” – of young women. Between his personal booty and his exchanges, he got his hands on more than 620,000 photos and 9,000 videos, recovered from thousands of iCloud accounts, Apple’s online storage service.
Authorities identified him following a private investigation. A company that specializes in removing celebrity photos from the Internet had found the nude photos of a local Tampa celebrity on a porn site. The victim had taken them on his iPhone, which was backed up on iCloud. The investigators traced Hao Kuo Chi’s address from the logs (connection history) of this anonymous victim’s cloud space.
A simple phishing for thousands of thefts
To access the victims’ iCloud accounts, the cybercriminal did not use a complicated hack, but simple phishing emails: he admitted to impersonating an Apple customer service employee multiple times. His messages sent from addresses such as “applebackupicloud” and “backupagenticloud”, were intended to trick victims into giving him their Apple ID and password. In the jargon, we speak of typosquatting: the thief uses an address filled with keywords that could be in the address of the organization or the person he imitates.
Once the precious sesame was obtained, Mr. Chi would download the images stored on the online space. Any nude photo was stored in a separate folder, codenamed “victories” and then shared with the entire network on an encrypted message board. Questioned by the press, the defendant claims that he does not know the real identity of his fellow criminals. But he admitted to having made at least 306 victims on the American territory, mainly young women.
Where the case gets even darker is that the thug did not choose his victims at random. In more than two thirds of the cases, he did so at the request of people he met online. Under the alias “iclouddripper4you” (which could be translated as “the iCloud leaker for you”), the 40-year-old would introduce himself on forums and offer his services as an iCloud account “hacker”. His buddies would ask him to hack into a particular account, and the cybercriminal would send them a copy of the content on Dropbox.
In pleading guilty, Chi hopes the case will “not ruin his entire life,” saying he “regrets what he did” and recalling that he “has a family.” The FBI says he sent more than 500,000 emails and would have recovered 4,700 pairs of credentials for iCloud spaces – a figure far higher than the one confessed.