Scammer Steals 620,000 iCloud Photos To Find Images Of Nude Women

by | August 25, 2021 | Cybersecurity News

According to the FBI, a scammer from Los Angeles broke into thousands of Apple iCloud accounts and stole more than 620,000 images and videos to find pictures of nude women and share them.

The Scammer Impersonated Apple Customer Support To Gain Access To iCloud Accounts

According to court records, Hao Kuo Chi, 40, of La Puente, has agreed to plead guilty to four felonies, including conspiracy to gain unauthorized access to a computer.

Chi, also known as David, admitted to sending unsuspecting victims emails impersonating Apple customer support staff. He would trick them into providing him with their Apple IDs and passwords, according to court records.

Using this strategy, he gained unauthorized access to at least 306 iCloud accounts of victims across the United States, most of them young women, according to his plea agreement with federal prosecutors in Tampa, Fla.

Chi Hacked Into 200 Victims’s Accounts At The Request Of People He Met Online

Chi broke into approximately half of his victims’ accounts at the request of people he met online. Going by the moniker “icloudripper4you,” Chi claimed to be capable of stealing photos and videos from iCloud accounts.

Moreover, Chi stated that he used a foreign encrypted email service to communicate with his unnamed co-conspirators anonymously. Whenever they would come across photos and videos of nude women, they would call them “wins,” which they collected and shared with each other.

“I don’t even know who was involved,” Chi said Thursday in a short phone conversation.

He expressed fear that public exposure of his crimes would “ruin my whole life.”

“I’m remorseful for what I did, but I have a family,” he added.

His unknown collaborators would ask Chi to break into a specified account, and he would respond with a Dropbox link. The scammer used two Gmail addresses: “applebackupicloud” and “backupagenticloud,” The FBI discovered over 500,000 emails with circa 4,700 iCloud user IDs and passwords sent back by his victims.

Chi’s plot came to an end after he hacked the account of a public figure in March 2018, and the pictures were published on pornographic websites. The FBI found that a log-in to the victim’s account had come from Chi’s house after an investigation.

The scammer has pled guilty to one count of conspiracy and three counts of gaining unauthorized access to a protected computer, and he will be sentenced to up to five years in prison for each one of his crimes.

Not The First Phishing Campaign To Hack Into iCloud Accounts

Chi’s phishing scam resembles a 2014 attack in which hackers gained access to celebrity iCloud accounts through their username and password. Following that incident, Apple improved account security, requiring two-factor authentication and sending emails whenever there’s a new login. Unfortunately, Chi’s victims most likely did not have two-factor authentication enabled.

Apple recommends two-factor authentication for Apple IDs for a more secure account, and it provides a support document with tips on how to avoid phishing attempts such as the one used by Chi.

Avoid Phishing Scams With ATTACK Simulator’s Security Awareness Training

Here, at ATTACK Simulator, we believe that cybersecurity is a serious matter, and the best way for your employees to learn to prevent a phishing attack is to experience one hands-on. Therefore, we will expose your employees to real-life simulations, like Chi’s scam, with the purpose of helping them develop efficient defense mechanisms and acquire valuable decision-making skills.

Here are some perks of choosing our Security Awareness Training program:

  • Automated attack simulation – we simulate all kinds of cyberattacks: phishing, malware, ransomware, spear-phishing, identity theft, online privacy attacks, online scams etc.
  • Real-life scenarios – we evaluate users’ vulnerability to give company-related or pesonal data away using realistic web-pages.
  • User behavior analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
  • Malicious file replicas – our emails contain malware file replicas, to make the simulation as realistic as it can be.
  • Interactive lessons – if employees fail to recognize our traps and fall into one, they will be redirected to landing pages with quick reads on the best security practices.
  • We impersonate popular brands on our simulated phishing pages – the user will be more tempted to click on the URL or open the attachment in the email.

We believe that practice makes perfect, and testing should occur regularly, as cyber threats never cease to evolve. Therefore, we are ready to offer you a long-term security awareness training solution fitted to your business’s needs. Also, our long-running training solution keeps your employees on edge, helping them develop new security-oriented reflexes.

Educate your employees on preventing phishing attacks, like the one where scammers broke into iCloud accounts.

Never leave till tomorrow that which you can do today. Request your quote here.


Los Angeles Times



Feature Image: Photo by Hussam Abd on Unsplash

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.