Apple Support Technician Impersonator in La Puente Steals 620,000 Photos From iCloud Accounts in Phishing Scam

Sophie Webster, Tech Times 29 August 2021, 04:08 pm

(Photo : GettlyImages/ Justin Sullivan) iPhone 12 phone

Apple announced that a California man who impersonated one of their representatives has pled guilty to four felony charges.

The said man broke into numerous iCloud accounts and stole more than 620,000 pictures and 9,000 videos.

Apple Representative Impersonator Imprisoned

According to the Los Angeles Times, the 40-year-old assailant named Hao Kuo Chi was accused by the Federal Bureau of Investigation or the FBI of gaining access to photos and videos of 306 iPhone users.

The man, who resides in La Puente, California, was searching for nudes.

Chi stated that he hacked into those accounts because he gets requests from hundreds of people online. He told some people online that he can hack into iCloud accounts and steal pictures. He then received several requests to break into accounts to look for sexually explicit photos or videos to be leaked online.

Also Read: Apple Latest Security Update Patch Has No New Features; Is There Apple Cyberattack?

Chi admitted to the FBI that he impersonates an Apple customer support representative. He would send an email to the victims to persuade them to give him their IDs and passwords. He would then go through their iCloud accounts.

Through his scam, he was able to create a massive library filled with stolen pictures and videos. All of the content is hosted on his personal Dropbox account.

Those that have nude images or videos of women were labeled "Win." The data would then be shared among a group of co-conspirators that the FBI has not named.

The FBI retrieved two different email addresses that Chi used to trick his victims into changing their passwords.

After retrieving the emails, they discovered more than 500,000 emails, with around 4,700 containing iCloud user IDs and passwords sent to him.

Chi added that co-conspirators would ask him to hack a certain account, and they would pay him a certain amount. He would then provide them Dropbox links containing the images and videos that they requested.

Images and videos of iPhone users are always stored on Apple's secure servers. But what Chi does is get the victim's logging credentials so he can gain access.

Therefore, it can't be counted as a breach of Apple's iCloud security systems, according to KTLA.

Chi's phishing scam technique is one of the reasons why people have voiced their concerns regarding Apple's CSAM feature that will scan pictures before it gets stored in iCloud.

Another concern of security experts is Apple's plan of launching security verification via selfies, pointing out that it could violate the user's privacy.

Chi's Scam

Chi's scam was discovered back in 2018. He got access to the iCloud account of an unnamed celebrity. He then posted the pictures that he stole to a pornographic website, according to iMore.

A company based in California that specializes in removing celebrity pictures from the internet was able to remove the images of the said celebrity and trace the activity back to Chi's house. The FBI was able to get a search warrant and immediately raided Chi's house on May 19, 2018.

According to the Los Angeles Times report, the FBI had already gathered enough evidence to know what Chi does online. They got records from his Google, Apple, Facebook, and Dropbox accounts, as well as Charter Communications.

Chi is now facing up to 5 years in prison for each of the four felony charges. He is now facing one count of conspiracy and three counts of gaining unauthorized access to a protected device.