5 Scary Truths Learned From Hollywood’s Nude Photo Hacking Scandal

From police hacking tools being used against us to shady Bitcoin dealings, the darker side of technology threatens everyone

A slew of the world’s biggest female celebrities were victimized Sunday when unauthorized nude photos of them leaked onto the Internet.

Jennifer Lawrence, Kate Upton, Ariana Grande, and Kirsten Dunst were among the targets of the diverse group which ranged from Oscar-winning actress to cover models to top-selling music artists.

Some celebrities such as “Victorius” star Victoria Justice insist the photos are fake, while others including “Smashed” actress Mary Elizabeth Winstead have confirmed the authenticity of at least their own photos. Regardless, every name on the list which surfaced on the web is now a victim of an unknown cyber-criminal.

Also read: Apple Denies iCloud Security Breach in Hollywood’s Nude Photos Leak

As TheWrap previously reported, the federal government and Apple — the company behind the iCloud software believed by some to be the hackers’ means of entry — are both conducting investigations into how and why these crimes were committed, but have reached no conclusions yet.

Meanwhile, there’s a great deal of alarming information TheWrap has gathered.

1. Celebrities are pointing fingers at Apple’s iCloud, but the tech company isn’t taking any responsibility.

One of the first targets of celebrity scorn was iCloud, Apple’s cloud computing storage system with over 300 million users.

“Thank you iCloud” read a tweet from Dunst, which was accompanied by a vulgar emoticon.

It’s unsurprising Apple’s cloud computing storage system has been implicated, given the service boasts that it has a membership of over 300 million and that several of the released selfies were taken with an iPhone in hand. But there’s no proof the hackers used the Apple service to gain entry into the private photo library of celebrities, despite the fact that some of them have boasted they did just that.

Nevertheless, the massive tech company has distanced itself from culpability. “After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” Apple said Tuesday in a statement.

“None of the cases we have investigated have resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

With the company set to announce the iPhone 6 and possibly even an iWatch on Sept. 9, Apple can ill afford any bad publicity at this time.

Also read: Hollywood Nude Photo Hacking Scandal Under Investigation by FBI and Apple

2. The Internet’s dark underbelly protects, if not encourages, illegal photo-trading and illicit behavior.

AnonIB and 4chan are two of the Internet’s most popular image-based message boards and also its most notorious. Part of their popularity lies in their anonymity, which makes them a prime breeding ground for illicit behavior.

These message boards often have dedicated sub-forums, like AnonIB’s “/stole/” (i.e. “stolen”), dedicated to trading unlawfully obtained images of anyone from world-famous celebrities to a user’s ex-girlfriend. According to most reports, this batch of hacked celebrity photos first appeared on one of those two sites.

As early as Friday Aug. 26, anonymous users posted messages claiming they had successfully hacked various celebrity iClouds, boasting they’d obtained nude images of many. The pictures didn’t circulate the mainstream Internet for several more days, but it’s possible the hacker or group of hackers were holding on to their illegal treasure trove in the hopes of getting paid.

Here’s a screenshot of one of their conversations, obtained by Gawker.

Jennifer Lawrence message board trading3. Criminals are profiting thanks to anonymous payments in the form of Bitcoin.

There are conflicting explanations of how and where these private photos first became public. Some Internet sleuths insist they were freely “dumped” on to 4chan or AnonIB, while others say the hacker or hackers responsible sold them for Bitcoin, a popular digital currency with previous ties to illegal Internet dealings.

Various reports show that Bitcoin account “18pgUn3BBBdnQjKG8ZGedFvcoVcsv1knWa” requested payment on message boards for the hacked photos and received 0.257666 BTC (currently valued at around $122) in total. Due to the anonymous nature off the virtual currency, however, it’s unclear precisely what that means.

Is the account holder the person who hacked and shared these photos, or is he or she merely an opportunist who found the pictures and attempted to make a buck by re-purposing them?

Also read: Two More Former News Corp. Journalists Charged in Phone Hacking Scandal

4. Police tools meant to combat hacking are being used against us.

Elcomsoft Phone Password Breaker (EPPB, mentioned in the conversation captured above) is a police tool often used to recover forensic data from hacked phones. But AnonIB is reportedly filled with hackers who boast that they can actually use the tool for their own nefarious purposes.

“EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on iCloud.com,” writes Wired’s Andy Greenberg. “And as of Tuesday, it was still being used to steal revealing photos and post them on AnonIB’s forum.”

5. This isn’t the first time celebrity photo accounts have been hacked and there’s little reason to believe it will be the last.

Christopher Chaney hacked into several celebrity email accounts from late 2010 to early 2011, including Scarlett Johansson, Christina Aguilera and Mila Kunis, stealing personal photos and then publishing them online. He was arrested in 2011 and sentenced to 10 years in prison in 2012, but not before the damage was done.

One of the more disturbing aspects of Chaney’s case was the relative lack of sophistication required to commit the crimes. According to the Department of Justice, he gained access to his victims’ email accounts by clicking on the “Forgot your password?” feature and then resetting them by correctly guessing the answer to the security question based on information that’s often readily available, at least for public figures.

It’s not yet known whether Sunday’s hacker employed a similar technique, but it’s clear female celebrities continue to be targeted by Internet criminals. There’s little reason to believe they will stop now.