2_Spicy_2_Impeach t1_izc2g7d wrote
Reply to comment by TimeWastingAuthority in Apple announces plans to encrypt iCloud data on its servers, including full backups, photos and notes. by [deleted]
It’s encrypted with Apple’s keys. That was social engineering and lack of 2FA.
qwerty12qwerty t1_izdaqd2 wrote
I’ve always found that just didn’t sit right, mainly because it just seemed too coordinated. I would understand maybe a few celebrities. Maybe a couple dozen photos. Spread out over months. Instead we got 500+ pictures dropped in a single night of every mainstream celebrity from Emma Watson to Avril Lavigne, even Vanessa Hudgens and Jennifer Lawrence. Then months later, got a second drop of a few hundred more. There were 4 fappenings total, the pirate bay showing a 7.2 GB zipped file.
I don’t discount the social engineering aspect of it, it’s just that you would have to have behind the scenes at least a dozen people with the charisma of Ted Bundy to pull this off in the time frame all these photos were hacked. That could have all happened though.
But compare that to the alternative. Some hackers exploit a flaw in iCloud and drop the fappening. Until Apple patched the security flaw, even if it was only a few days, people now knew there was a flaw, and exploited it
2_Spicy_2_Impeach t1_izdc4dp wrote
People are dumb and adding 2FA wasn't nearly as big for the general public in 2014. You get one celebrity, then you check their contacts to springboard from there.
If you found a flaw in iCloud that would allow you to pull anyone's iCloud backups, you wouldn't waste that on celebrities. You'd start looking at government officials and/or sell the exploit to a nation that's not the US for a king's ransom.
Social engineering works. That's why it's still so popular.
PaperclipStrategy t1_izdtmi6 wrote
>"...You'd start looking at government officials and/or sell the exploit to a nation..."
maybe if your a state-actor but i recall when that U.S. pipeline management software got infected with ransomware, the russian hackers practically shit themselves when they realized the impact of their effect on international geopolitics --At least as i understood it.
2_Spicy_2_Impeach t1_izebjr9 wrote
If you were a state sponsored, you’d never waste your time on celebrities with an exploit like that. Again, if you had an exploit like this, you could charge whatever you want. It’d eventually leak as well since you would be offering iCloud backup access to almost anyone for a fee. Even at trial for the guy at the center of this, they found it was phishing emails that got his 100+ victims.
Viewing a single comment thread. View all comments