Just about a year after a plethora of celebrities' nude photos were leaked online, two homes in south Chicago have been raided and investigators have named one of the suspected hackers. As this controversial story and investigation continues to unfold, Avast researchers have come up with a few speculations regarding the origin and motivation behind the initial hack. We’ve discussed the case with one of Avast’s security researchers, Filip Chytry, who has put in his two cents about the situation:
GR: Why might have Apple not flagged or investigated an IP address' 572 iCloud logins and attempted password resets?
FC: "Putting it simply, Apple just doesn’t have security implemented on this level. Even though they might sound large to us, attempting to track this number of logins and attempts to reset passwords is similar to discovering a needle in a haystack when it comes to Apple’s ecosystem. To give you a better idea of what I mean, a group of users who are connecting via a VPN and using the same server will appear under a single IP address. On the other hand, it’s quite common these days for companies to implement an automatic system which is capable of detecting any source(s) of traffic. It could be an automatic system which is able to learn from daily traffic and, using gathered data, detect if there is an anomaly present (such as the one in this case). Another key factor relevant in this attack is the timeframe over which it took place. If the hackers had accessed the various accounts over a much shorter period of time, such as a few hours, it would have undoubtedly been a huge red flag for Apple."
GR: Couldn’t it be that a neighbor or another person in a remote location could have used the two PCs as a bot to execute the hack, similar to what's discussed in the Tweets published within this Fusion article? Could it be that someone took control of the two PCs or the routers they're connected to and used them to perform the hack?
FC: "Although DNS hijacking could very well be the culprit here, the extended period of time over which the hacks occurred makes this possibility less likely. It’s my theory that the suspected hacker(s) could have accessed the login details of a certain database that was uploaded by other users on a warez forum. They could have then used these login details to execute the iCloud logins using a script."
There are a handful of coincidental components present in this investigation, leaving many questions unanswered in terms of finding the true path that led to the celebrities' photos getting leaked. To many of us, the main thing that seems fishy about the malicious attack is the fact that the potential hackers didn’t make use of an IP-masking or anonymizing tool, making them come across as rookies within the hacker world. Since the cybercriminals behind this case didn’t appear to be clever enough to anonymize themselves, it’s even possible that they had ulterior motive for performing the hack in the first place – perhaps to be noticed and/or admired by other individuals or businesses. Based off of the current facts, we're highly interested in seeing which direction this malicious attack's investigation will take next.