FBI investigates theft of nude photos of actresses and artists

The US FBI is investigating the theft of nude photos of dozens of actresses and artists in the United States. Someone offered the nude photos for sale on 4chan, after which the stolen private photos appeared on the internet.

The FBI is “working on the matter,” the police said in a statement to CNN, among others. Several actresses and artists whose nude photos were stolen and traded have contacted the investigative service to investigate.

In addition to the FBI, Apple tells Re/code it is investigating the matter. Whoever put the photos up for sale on 4chan cited iCloud and “other hacks” as the source of the photos. Based on this, various media wrote on Monday that the photos were stolen through a leak in iCloud, although there is no further evidence. Apple now wants to know what the role of iCloud has been and whether attackers took advantage of an unknown leak in Apple’s web storage service. That’s unlikely: the manufacturer recently patched a leak, in which malicious parties could retrieve passwords via a brute force attack: Apple allowed anyone an unlimited number of attempts to enter the password.

Also, attackers can use forensic tools offered for sale publicly, such as EPPB, one of the tools discussed on the black market where the photos are said to come from. This makes it possible to retrieve iCloud backups without a password. In addition, attackers can guess security questions from publicly available information about famous people, after which they can reset the password.

Because various photos were taken with smartphones other than iPhones, there is a good chance that iCloud is not or not the only source of the private photos. Whoever put the photos up for sale on 4chan is said to have bought them from multiple people on a digital black market, making it difficult to determine the exact source and when the thefts took place.