{"id":185691,"date":"2014-09-05T18:42:00","date_gmt":"2014-09-05T23:42:00","guid":{"rendered":"https:\/\/www.panix.com\/~msaroff\/40years\/2014\/09\/05\/law-enforcement-technology-used-to-steal-celebrity-pix\/"},"modified":"2014-09-05T18:42:00","modified_gmt":"2014-09-05T23:42:00","slug":"law-enforcement-technology-used-to-steal-celebrity-pix","status":"publish","type":"post","link":"https:\/\/www.panix.com\/~msaroff\/40years\/2014\/09\/05\/law-enforcement-technology-used-to-steal-celebrity-pix\/","title":{"rendered":"Law Enforcement Technology Used to Steal Celebrity Pix"},"content":{"rendered":"<p>This is we should not create technology allow for unlimited access to our private affairs by the state security apparatus.  Because whatever technologies they develop will <a href=\"http:\/\/www.wired.com\/2014\/09\/eppb-icloud\/\">end up in the hands of criminals<\/a>:<\/p>\n<blockquote><p><span style=\"color: blue;\">As nude celebrity photos spilled onto the web over the weekend, blame for the scandal has rotated from the scumbag hackers who stole the images to a researcher who released a tool used to crack victims\u2019 iCloud passwords to Apple, whose security flaws may have made that cracking exploit possible in the first place. But one step in the hackers\u2019 sext-stealing playbook has been ignored\u2014a piece of software designed to let cops and spies siphon data from iPhones, but is instead being used by pervy criminals themselves.<\/span><br \/><span style=\"color: blue;\"><br \/><\/span><span style=\"color: blue;\">On the web forum Anon-IB, one of the most popular anonymous image boards for posting stolen nude selfies, hackers openly discuss using a piece of software called EPPB or Elcomsoft Phone Password Breaker to download their victims\u2019 data from iCloud backups. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud released on Github over the weekend, EPPB lets anyone impersonate a victim\u2019s iPhone and download its full backup rather than the more limited data accessible on iCloud.com. And as of Tuesday, it was still being used to steal revealing photos and post them on Anon-IB\u2019s forum.<\/span><br \/><span style=\"color: blue;\"><br \/><\/span><span style=\"color: blue;\">\u201cUse the script to hack her passwd\u2026use eppb to download the backup,\u201d wrote one anonymous user on Anon-IB explaining the process to a less-experienced hacker. \u201cPost your wins here ;-)\u201d<\/span><br \/><span style=\"color: blue;\"><br \/><\/span><span style=\"color: blue;\">Apple\u2019s security nightmare began over the weekend, when hackers began leaking nude photos that included shots of Jennifer Lawrence, Kate Upton, and Kirsten Dunst. The security community quickly pointed fingers at the iBrute software, a tool released by security researcher Alexey Troshichev designed to take advantage of a flaw in Apple\u2019s \u201cFind My iPhone\u201d feature to \u201cbrute-force\u201d users\u2019 iCloud passwords, cycling through thousands of guesses to crack the account.<\/span><br \/><span style=\"color: blue;\"><br \/><\/span><span style=\"color: blue;\">If a hacker can obtain a user\u2019s iCloud username and password with iBrute, he or she can log in to the victim\u2019s iCloud.com account to steal photos. But if attackers instead impersonate the user\u2019s device with Elcomsoft\u2019s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages.<\/span><\/p><\/blockquote>\n<p>You can be sure that whatever the NSA is using is light years ahead of this, and that at some point in the next 5 years, it will be available in the criminal underground, along with whatever back doors the NSA has managed to put into our network infrastructure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is we should not create technology allow for unlimited access to our private affairs by the state security apparatus. Because whatever technologies they develop will end up in the hands of criminals: As nude celebrity photos spilled onto the web over the weekend, blame for the scandal has rotated from the scumbag hackers who &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1060,997,1061],"tags":[],"class_list":["post-185691","post","type-post","status-publish","format-standard","hentry","category-computer","category-internet","category-security"],"_links":{"self":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts\/185691"}],"collection":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/comments?post=185691"}],"version-history":[{"count":0,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/posts\/185691\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/media?parent=185691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/categories?post=185691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.panix.com\/~msaroff\/40years\/wp-json\/wp\/v2\/tags?post=185691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}