After naked photos of around 20 celebrities leaked online last night, the internet scrambled to try and figure out exactly how the images became public. In the original 4chan thread where the hacker first posted the images, the consensus was that Apple’s iCloud service was to blame. But how likely is it that Apple’s encrypted cloud service led to the mass hack, and what are the other ways that the nude photos could have emerged?
The original leaker behind the celebrity photos claimed that they accessed the images using the iCloud accounts of various celebrities. It’s unlikely that someone has broken into Apple’s iCloud service. Instead the photos most likely emerged due to a type of hacking known as “social engineering.” This exploit works by learning which online services your target uses, and then compiling as much data on them as possible before using that data to either spoof access, or to simply use their email address and a guessed password to log in to their account.
Jennifer Lawrence is known to use iCloud after she let slip in a red carpet interview with MTV this year that she frequently has trouble with the service, remarking “My iCloud keeps telling me to back it up, and I’m like, I don’t know how to back you up. Do it yourself.”
After discovering the iCloud account of a celebrity, it’s trivially easy to access their online photo backup through Apple’s Photo Stream utility and iCloud photo backups. Analysis of the embedded EXIF data (information about where and how the picture was taken that is frequently appended to digital photo images) included in one of the leaked images shows it was taken a few weeks ago, well within Photo Stream’s limit of 30 days before images are deleted. However, actress Mary Elizabeth Winstead claimed on Twitter that the leaked photos of her included in the hack were taken “years ago.”
To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves.
— Mary E. Winstead (@M_E_Winstead) August 31, 2014
Dropbox or Google Drive
Despite the original leaker claiming to have accessed the trove of photos thanks to an iCloud exploit, the range of devices showcased suggests that another service may have been to blame. Various naked celebrities are photographed taking selfies with Android devices and webcams. Leaked videos could not have originated from the iCloud photo backup service. The range of devices and media may mean that another backup service like Dropbox or Google Drive could be the originator of the leaked photos, with both services offering automatic backup tools for photos and videos imported from cellphones.
Several of the leaked celebrity photos had text overlaid, which indicates that at least some of the photographs were first sent through Snapchat. While Snapchat has struggled with security issues in the past, it’s unlikely that the app was the source of all the nude photos. Rather, it may be that it was either accessed as part of a larger hack, or screenshots of images received through the app were discovered after hacking into a backup service.
A hacked insider
Many celebrities don’t manage their devices themselves, instead they hand them over to an assistant to do all the boring things like backing up photos or managing iCloud accounts. The sheer number of photos involved in this hack suggests that someone has been saving up naked photos for a while. Other than the celebrities themselves, the only other people with access to these photos would be the “insiders” who help celebrities get around from day to day, such as personal assistants and bodyguards. If a well-connected and scheming personal assistant had their personal backup account hacked, it could result in a trove of photos similar to what we’ve seen posted online.
A stolen laptop or phone
The leaked photos seemingly originate from a variety of different devices, and two of the videos of British actress Jessica Brown Findlay were made to send to a friend. Could the leaked photos come not from an online hack, but from the physical theft of a phone or laptop belonging to a well-connected celebrity who had been hording naked photos of their friends? While it may seem unlikely, there’s actually precedent for unfortunate celebrities losing their devices.
In early 2014 it was reported that Lindsay Lohan and her management were doing “whatever it takes” to try and retrieve a stolen laptop that had gone missing during a trip to China. The laptop’s hard drive was reported to contain naked photos of the star, as well as private correspondence with other celebrities such as Lady Gaga and Woody Allen. It’s unclear whether Lohan’s team were successful in reclaiming the laptop, but no leaked photos of the actress have emerged this year.
A hacker collective
The original 4chan thread where the leaked photos surfaced included two different users posting new leaks. It’s possible, then, that the trove of leaked celebrity photos came from not a single hack, but a group of enterprising hackers pooling their resources to try and earn the biggest reward.
The 4chan user who posted the majority of the photos was soliciting for Bitcoin donations in order to publish more leaked snaps. While one figure of $40,000 was claimed as the total value of donations, Bitcoin transaction records show that he received only 0.2 bitcoin ($95).
Could the leaked photos result from a collective gang of hackers sharing their photos in one giant leak in order to maximize the amount of money gained? It’s certainly possible, many of the photos in the batch were proven as fake, meaning that they likely came from a variety of sources with varying levels of access and credibility.
The Emmy Awards
One of the strangest theories surrounding the hack is that a group of celebrities who attended the recent Emmy Awards were somehow hacked using the venue’s Wi-Fi connection. The Black Hat USA conference is often touted as an example of the dangers of using venue Wi-Fi for awards or conferences, with the conference operating a “Wall of Sheep” to showcase the various attendees who have been hacked.