Some are already calling it the biggest celebrity hacking scandal in history, 4chan is blowing up and doesn’t give a fuck and neither the FBI nor Apple knows how this happened. Just like a meme this topic -which 4chan users celebrate as “The Fappening”- went viral. The actual boost this time wasn’t the pictures or videos, gaining and mis-using the public fame of celebrities pushed this news into the headlines. For those who aren’t familiar, 4chan and especially /b/ is known for hacking peoples life and manipulating polls, such as the Google trends list or the TIME 100 list.
What we knows far is that Deadspin was aware of this a weeks ago, we also know this could have been a brute-force-attack and not a hack. Just a few hours after the first leaks appeared on 4chan threats a script called “iBruce” which should be responsible for the security breach was quickly pulled down from GitHub. The script can be found here.
Meanwhile Apple has issued a statement:
"After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.
None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone.”
So far the investigation has not pointed to an iCloud breach, assuming that Apple’s investigation isn’t complete yet; Apple doesn’t know what the fuck is going on because currently the company is the only one on the field who could be guilty.The FBI wasn’t able to make any stable statement.
Reddit claimed to have identified 2 individuals, one of them Bryan H. a 27-year-old from Georgia has gave a interview to BuzzFeed telling it was a scheme to make some easy BitCoins, which made him to a victim for 4chan users. This is not the first time, back in 2012, Christopher Chaney, 36, was arrested in Florida and sentenced to 10 years in prison for hacking into the email accounts of more than 50 people in the entertainment industry in order to gain access to nude photos and private information, but Chaney’s targets and the current ones don’t intersect.
According to a recent article on Mashable, Einar Otto Stangvik, a security expert from Norway, had listed some potential attack methods:
- iTunes phishing scams
- Compromised phones or computers
- Celebrity passwords/emails as part of a larger password dump (such as the Adobe hack)
- Mobile-phone or computer-repair individuals abusing access
- Password reset questions guess
- Brute force
On September 1 the MailOnline posted the pseudonym of the alleged hacker/leaker who goes by the name “OriginalGuy”. As multiple theories began to confuse peoples minds, Gawker again claimed that this allegedly enormous cache of nude celebrity photos likely comes from the work of several hackers who have been involved in a deep-web celebrity image-trading network that may have existed for years but the only known and in 2012 arrested hacker so far is Christopher Chaney. While Apple is trying to play it down with the by stating “targeted celebrity attack”, the creator of the iBruce script even published a slide show crashing Apples statement and claiming to have exposed a security whole in the iCloud system. A compiled article on hackappcom involvement can be found here.
Until now, none of the victims claimed to have been a victim of a phishing attack and if Apple continues to deny any security breach, it leads the questions; Who else beside the users has access to this files?