'RipSec' goes to Hollywood: how the iCloud celeb hack happened
TV starlet offers iCloud access, photoshopped nudes, to bait voyeur hackers
The chief hacker behind the infamous iCloud celebrity hacks has revealed in a documentary how the group dubbed RipSec shook Hollywood by plundering thousands of naked photos and financial data of Tinsel Town icons.
The hacker broke silence and spoke to Canadian tech and producer Travis Doering who provides information security consultancy services to film producers, Hollywood stars, and businesses.
Doering told Vulture South he obtained access to the secretive group and says he was able to establish the real identities of some of the iCloud hackers.
He says he will not reveal the identities of the hackers.
That access was obtained in the wake of the celebrity hacks after one major TV star agreed to offer Doering access to her iCloud account. The Register has agreed to suppress the identity of the actress to avoid making her a target of hackers.
From there he photoshopped fresh photos of the actress on a naked model, with consent, to trick the black hats into believing he had hacked access.
"I contacted some of the celebrities and she gave me access to her account," Doering says. "From there I baited them (the hackers)."
Doering gained access to scuppered crime forums Hell and the RipSec iCloud hacker group where he investigated operational security flaws to discover the real identities of some of the black hats.
He says there is a lot more sensitive iCloud data on celebrities that was not released. "It is worse, a lot worse," Doering says.
As of August this year RipSec had breached 11,372 iCloud accounts of which more than 700 belonged to celebrities.
The RipSec group only expanded in number and sophistication after nude celebrity leaks made headlines around the world.
Doering says the group was a collective of hackers who plundered iCloud accounts for differing reasons, including blackmail, fraud, and voyeurism, and became a hierarchical group of largely unskilled hackers led by the skilled system administrator.
One user even sold plundered photographs of children to child exploitation sites, the admin says.
Speaking to Doering for the documentary Vulnerability under the condition of anonymity, the RipSec boss known as Blackhat explains how the group used the iLoot tool with stolen or guessed iCloud login credentials to gain access to photos, financial information, and other sensitive data.
The tool masquerades as an iDevice allowing hackers to download device backups from iCloud.
In a clip for the as-yet unreleased documentary Doering says an unnamed Canadian TV network was unwilling to run, Blackhat chastises Apple for what he claims are weak security controls including an absence of geographic restrictions.
That meant attackers could log into an iCloud account from any country regardless of historic patterns without tripping fraud detection.
Apple failed to send email alerts to users when the hackers restored iCloud backups using iloot, a feat that gave them access to the media domain directory that the admin says contains photos from MMS messages.
Images remain in that directory within iCloud backups even if it is erased from user phones, he claims.
Doering urges Apple to open a bug bounty program to help close its information security vulnerabilities. ®