Man claimed to work at Apple and stole ‘nudes’ on iCloud

A California man confessed that he stole a few hundred thousand intimate photos of women using social engineering to gain access to iCloud accounts. The man was identified as Hao Kuo Chi, but was called David, the boy is 40 years old and, despite living in California, the boy was indicted by Florida state prosecutors for conspiracy and cyber fraud.

Chi had “icloudripper4you” as his username on online forums, and would not have worked alone in hacking Apple customers’ iCloud accounts. To get in touch with his victims, he forged fake emails, posing as an Apple support representative, in order to gain access to accounts, mostly from young women.


iCloud Home Screen
Hao Kuo Chi claimed that he was an Apple technician to steal women’s ID and password to gain access to their iCloud accounts. Credit: Chris Messina/Flickr

The robberies took place at least between September 2014 and May 2018, with the victims’ Apple IDs and passwords in hand, Chi was digging through iCloud accounts and looking for intimate photos in which the women appeared naked. When he found this type of content, he shared it with others using an end-to-end encrypted email service.

In a plea bargain with the prosecution, Chi confessed that he was able to access at least 306 iCloud accounts for women, mostly young, from Arizona, California, Connecticut, Florida, Kentucky, Louisiana, Maine, Massachusetts, Ohio , Pennsylvania, South Carolina and Texas.

Data collected was treated as “wins”

In the confession, Hao Kuo Chi said he and others were looking for pictures and videos of nude women on iCloud accounts, and when they found them, they referred to that material as “victories.” The “wins” were collected and shared via email. Chi’s modus operandi was not only used by him, and everyone who used this scheme to break into accounts used to exchange photos with each other.

Read more:

The scheme was discovered in May this year, when federal agents searched Chi’s home. At the time, more than 500,000 emails were found in two Gmail accounts used exclusively for the scam, with credentials of around 4,700 iCloud accounts. The stolen material was stored in a Dropbox account, which would have 620,000 photos and 9,000 videos.

Via: The Register

Have watched our new videos on YouTube? Subscribe to our channel!