How Hackers May Have Stolen Celebrity Nude Photos

Which rumour is correct?

By
Head Image
© 2017 Wikipedia

You probably already know that on Sunday, naked and explicit pictures of about 100 famous women (including Jennifer Lawrence) were plastered all over the internet, apparently hacked from their iCloud accounts.

After the initial leak, a 4Chan user claims to have 423 nude photos of different celebrities as well as sharing a print screen of a folder titled “Celebs” on the forum, which allows users to post anonymously. The user who released the first batch of pictures also claims to have an explicit video of Lawrence, which they plan to monetize on by releasing it in exchange for Paypal or Bitcoin payments. He dubs himself a “collector” rather than a hacker, complaining earlier on about the lack of money he had made from the high-profile leak (how devastating): “People wanted s*** for free. Sure, I got $120 with my bitcoin address, but when you consider how much time was put into acquiring this stuff (I’m not the hacker, just a collector), and the money (I paid a lot via bitcoin as well to get certain sets when this stuff was being privately traded on Friday/Saturday) I really didn’t get close to what I was hoping”.

Lawrence has since confirmed that the photos of her are in fact genuine, and Apple and the FBI are currently investigating both who the hacker is and how they managed to get hold of these private images.

Aswell as metadata in the images linking a large amount of the pictures back to Apple devices, Lawrence once stated that she uses iCloud (“My iCloud keeps telling me to back it up, and I’m like, I don’t know how to back you up. Do it yourself”) although there has been zero confirmation of an iCloud “hack” from Apple. Breaching iCloud security itself instead of just an individual smartphone would also be considerably harder, and previous instances suggest that more technology-void routes are often used to steal information. In the 2011 celebrity picture scandal, convicted-hacker Christopher Chaney simply guessed the passwords of specific celebrities like Paris Hilton, who had used her dog’s name.

Some rumours suggest a vulnerability in the 'Find my iPhone app' which apparently isn't protected against 'brute force' programs, meaning that its possible to repeatedly guess random passwords until it finds a match, although other tech observers state that this would involve every celebrity involved having that specific app downloaded, and hackers usually working via a more straightforward approach.

Specific victims may have been targeted through either "Forgot my password” schemes are present on most apps, through phishing (fooling people into entering their login details by using authentic-looking sites), or by monitoring the words that come out their mouth (or fingertips) for password hints.

In a ‘Time’ article Lawrence was once quoted as saying that her email address contained a keyword, and there’s definitely no lack in the abundance of intrusive questions she is asked about her personal life or photographs of her day-to-day routine, family or past - for celebrities, privacy is utterly non-existent. However, Apple already have quite a few barriers set up, for example, when you log in to Photostream with the iCloud username on a new OSX or iOS machine, they will send notifications to your iPhone, iPad, Mac and email to tell you that you have registered onto a new device… causing you to panic, then probably immediately change the password. Stealing iCloud data involves syncing and downloading, and takes a lot longer than changing a password does. However, some of the images involved stem from Android devices (and therefore wouldn't be able to backup via iCloud) leading most experts to dismiss the incident as involving a failure on Apple’s part.

But most worryingly, are the darker issues of society that the scandal has uncovered. Even if there is a fault in Apple’s software - that’s not a criminal offence. Just as taking naked photos of yourself is not a crime, or even anything to apologize for. The hacker (or hackers) themselves are the only people responsible.

On top of this, many people and publications are also suggesting that prosecution may occur for not just the hacker, but also the people actively seeking out and sharing the pictures. Guardian columnist Van Badham wrote that “sharing these images… is an act of sexual violation, and it deserves the same social and legal punishment as meted out to stalkers and other sexual predators”, and that to excuse viewing the photos just because you are able to is absoloutely “deplorable”: “It’s the equivalent of creepily hiding in a wardrobe because a conversation may be taking place [that] you’d be interested, excited or turned on to overhear”.

So while some Twitter users held the internet accountable for the privacy-breach, and other’s blamed the victims themselves, it’s important to remember that the celebrities did not choose to publicize their naked bodies, no matter how easy it was to guess their password. When Ricky Gervais (like many others) reminded his 6 million followers that having your privacy violated and naked body spread over the internet is your own fault for “putting nude pics of yourself on your computer”, it became clear that its not just our online privacy that needs some assessment, its society itself. The ‘don’t take naked photos if you don’t want them online’ argument is the ‘she was wearing a short skirt’ of the web.