Hao Kuo Chi, who lives in California, was found to have conspired with others to unlawfully access the cloud storage accounts of more than three hundreds Apple customers across the US. This campaign extended at least as far back as September 2014.
As noted in a document from the US Department of Justice, once inside, Chi “specifically sought out nude photographs and videos of young women”. These assets were then traded with “conspirators”, some of whom later leaked the content into the public domain.
- Here's our list of the best external hard drives right now
- We've built a list of the best secure drives on the market
- Check out our list of the best portable SSDs available
Although Chi has not yet been sentenced, the joint penalties for conspiracy and computer fraud carry a maximum of 20 years in federal prison. As part of the plea agreement, he has agreed to testify against others involved in the scheme, which may or may not result in a more lenient sentence.
Under the online pseudonym “icloudripper4you”, Chi boasted frequently of his ability to break into iCloud accounts and exfiltrate the images and videos stored therein.
To gain access to iCloud accounts, Chi masqueraded as a member of the Apple customer support team using a series of fake email accounts. Although the court documentation does not specify, victims were presumably encouraged to hand over their login credentials under false pretences.
The documentation also makes reference to instances in which conspirators themselves provided Chi with the Apple IDs and passwords of victims.
Although Chi sold the stolen content to others online, he also maintained a 1TB cloud storage subscription to house a large bank of nude images and footage for his personal collection. In total, this collection is said to have comprised hundreds of thousands of items.
While Chi’s scheme ultimately affected only a tiny fraction of Apple iCloud customers, of which there are thought to be roughly one billion, the duration and sexually-motivated nature of the crime will be cause for concern for many.
TechRadar Pro asked Apple for comment on the steps users can take to shield their iCloud accounts from campaigns of this kind, but did not receive an immediate response.
Apple has since provided a link to a support page designed to help customers recognize phishing messages and other scams.
- Here's our choice of the best identity theft protection services
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.