Man admits impersonating Apple support staff to steal 620,000 photos from iCloud accounts

A 40-year-old man has agreed to plead guilty to US court charges that he broke into thousands of Apple iCloud accounts and stole hundreds of thousands of images and videos of young women.

According to court records, Hao Kuo Chi, from La Puente, California, collected over 620,000 private photos and videos from his unsuspecting victims after advertising his services online.

In a plea deal with federal prosecutors, Chi admitted accessing the photos and videos from at least 306 victims – with approximately 200 of the victims selected at the request of others who had requested the images online.

Chi, who used the online hacker-for-hire handle “iCloudRipper4You”, advertised himself as someone who could gain unauthorised access to iCloud accounts.

Most of Chi’s victims were young women, who were tricked into handing over their iCloud login credentials after the hacker posed as an Apple support employee.

Using Gmail addresses such as “applebackupicloud” and “backupagenticloud”, Chi duped the unwary into sharing their passwords. When later examined, the email accounts were found to contain more than 500,000 messages, including about 4,700 of which contained usernames and passwords that had been sent Chi.

In addition, law enforcement unearthed approximately 620,000 photographs and 9,000 videos on Chi’s Dropbox account, with some labelled as “profit” if they contained nudity. Chi would share a Dropbox link to a specific folder related to a victim’s account with his conspirators, so they could access the stolen content.

Interestingly, Chi is said to have come to the attention of the authorities in the wake of an infamous breach which saw scores of celebrities have their private and often nude photographs leaked onto the internet.

A Californian company that provides a service to celebrities who wish to have nude photographs removed from the internet, found an image of an unnamed individual on a pornographic website, and managed to link it to the victim’s iPhone and Apple iCloud account.

Investigators were then able to discover that the victim’s iCloud account had been accessed from an IP address linked to Chi’s home in La Puente, which was subsequently served with a search warrant.

Chi, who has expressed remorse for his actions, has agreed to plead guilty to four charges, including conspiracy to gain unauthorised access to a computer. He faces up to five years in prison for each of the four crimes.

All users storing sensitive information in the cloud would be wise to not only be wary of phishing attacks designed to steal credentials, and choose strong, unique passwords to protect their accounts, but to also enable multi-factor authentication where available to further harden security.

For further advice on how to better secure your cloud storage accounts, check out this article.