After private photographs of some of the most famous women in the world were posted online, journalists, PR representatives and curious internet users alike scrambled to figure out how a nameless hacker had gained access to the cell phones of the rich and famous.
When shocked internet users on underground forums tracked down the person believed to be behind the leak, his explanation was startingly simple: iCloud.
After hundreds of private photographs were posted online, many commenters struggled to believe that someone had gained access to tech giant’s online service. Apple’s online storage and backup service is praised by the company for its simplicity, for the fact that it “just works.” And the hack could not have come at a worse time. On Sept. 9, Apple will stage the biggest event of its year: the launch of iPhone 6, a smartwatch, and a new operating system for its Macs, all of which are likely to have new features linked to iCloud.
As leaked photographs continued to be posted online, theories emerged regarding their source. Some claimed that a “brute force” hack recently unveiled by Russian security researchers was to blame, while some internet commenters wondered whether venue Wi-Fi at the Emmy Awards had been compromised. But the truth is far more disturbing: The leaked celebrity photos don’t originate from a single hack, but instead from a collector who gradually added to his collection over months before suddenly deciding to post them online.
This is the story of that collector, who goes by the screenname “OriginalGuy.”
AnonIB: The offshoot hacker community
Anonymous online forum AnonIB was launched in May 2006 as an offshoot of the notorious image board 4chan. By mid-2006, 4chan’s infamous /b/ forum had become a hostile mess of child pornography, Anonymous hackers and online trolls. On Aug. 23, 4chan came under a DDoS attack launched by its own users, and many frequent posters left the site to seek alternative messageboards. A group of long-time 4chan posters arrived at AnonIB, which offered a near-identical service.
As AnonIB grew in popularity, the site’s administrators relaxed the rules. Child pornography and other illegal content was frequently posted on AnonIB, which eventually led to a series of FBI raids on the forum’s servers and administrators. After years of upheaval, the site reappeared earlier this year, and the users returned to continue posting.
iCloud hacking ring
As well as hosting vast amounts of pornography, AnonIB also plays host to a ring of skilled hackers who have learned how to obtain naked photographs of women by breaking into iCloud accounts.
The /stol/ board on AnonIB (short for “Stolen” or “Obtained Photos”) serves as the global meeting hub for iCloud hackers. Using specialist password cracking tools and guessing targets’ security questions through Apple’s iForgot password reset form, AnonIB hackers are consistently able to gain access to iCloud accounts with only an email address.
Once inside, the hackers get to work to extract photographs as quickly as possible, using file retrieval software to download photo backups.
“OriginalGuy” the porn collector
The leaked celebrity photos weren’t the result of a single hack, but were instead hoarded over a period of months by one well-connected figure in underworld porn forums. As the Daily Mail reports, anonIB user “OriginalGuy” has been identified as the source of the leaks, and posts seen by Business Insider on both AnonIB and 4Chan indicate that he regularly contributed to celebrity porn threads on both sites. But despite knowing the identity of the user who leaked the trove of images, we still don’t know the identities behind the hackers.
In a post on AnonIB shortly after the main leak of celebrity photos, OriginalGuy explained to other users how he had built up a collection of photos so explosive that image boards were struggling to keep up with page views.
The post above makes it clear that the naked celebrity photographs were assembled over a period of months by a team of collectors who specialised in valuable celebrity pornography.
On Tuesday, Apple released a statement that appears to confirm that the exploit favoured by users of AnonIB was used to hack into celebrity iCloud accounts. Within the statement, Apple blames “a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.”
AnonIB hackers use email addresses, password cracking software and weak security questions to hack accounts, making it almost certain that the tactics of the hackers at AnonIB were used to gain access to the celebrity photos.
The nuclear option
One of the most puzzling parts of the celebrity photo leak is why OriginalGuy decided to share his collection at all. Built up over months, the collector claimed to have spent his own money on images of big-name celebrities. Why, then, were photos posted online on a quiet Sunday afternoon before Labour Day?
Pornography hoarders themselves are not inherently valuable. They don’t often possess skills or talents that they can use online. Instead, hoarders are defined by the content they keep.
One of the internet’s most legendary digital hoarders was “Freezer,” a poster on invite-only torrent networks who repeatedly taunted other users with details about the rare music he owned. After his death, it was discovered that Freezer had taken his horde to the grave, asking his family in his will to destroy all the tapes. Whether it’s pornography or music, the knowledge that you possess content nobody else does can be a powerful intoxicant.
So if porn collections are so valuable, why did OriginalGuy post his? It seems that OriginalGuy had a sudden realisation that his collection wasn’t so valuable after all.
Rumours of “major win” had circulated online for weeks before the leak. “Win” is a term used to refer to naked or sexual images of women found through hacking their online accounts. It’s possible that part of OriginalGuy’s collection had, against his knowledge, been sold to somebody else.
OriginalGuy admitted to paying “a lot via bitcoin” for a portion of the images when they were being traded between celebrity porn collectors on Friday and Saturday. As Deadspin reports, photographs had been shared online for weeks before OriginalGuy purchased them, potentially rendering his collection of little value.
Hours before the photos emerged, posters on AnonIB caught wind of an incoming leak of celebrity images. While you might expect pornography fans to react with excitement over the coming leak, many were terrified of what would happen next.
OriginalGuy knew that leaking his collection would have dire consequences for the iCloud hackers at /stol/ and the celebrity porn fans at 4chan. Whether he was angry over discovering that his collection was already online, or disappointed to learn that around 30% of his images were fake, OriginalGuy took to AnonIB on the afternoon before Labour Day to begin sharing his collection.
The first site that OriginalGuy visited was AnonIB, his online “home.” Censored versions of the leaked photographs were posted first to convince users to donate Bitcoin in order to see the full versions.
OriginalGuy seemed aware that his actions were going to bring down the iCloud hackers and celebrity trading ring, remaking that the “bubble is going to burst soon.” His posts became increasingly frantic as he either expressed frustration over a lack of Bitcoin donations, or thanked users for sending him the digital currency.
After posting photos of Jennifer Lawrence on AnonIB, it seems that OriginalGuy has trouble connecting to the site. Commenting after the hack, OriginalGuy gave an insight into what happened as he was leaking the images:
“I didn’t take the money and run. Shit got weird once I started posting samples. AnonIB must have IP blocked me. I was spending all of my time trying to find proxies, and then when I could get on the site, was being hammered by everyone and I couldn’t even post. I got some private requests through email, but none ever came through. People wanted shit for free. Sure, I got $US120 with my Bitcoin address, but when you consider how much time was spent acquiring this stuff (I’m not the hacker, just a collector), and the money (I paid a lot via Bitcoin as well to get certain sets when this stuff was being privately traded on Friday/Saturday) I really didn’t get close to what I was hoping for. Mainly because of the extra Bitcoin spammers spamming their own address…I proved I had shit, but people wanted more and more for free…When I posted samples, someone was tracking me, trying to find me. My ISP kept cutting out. Weird emails were coming in. It kinda freaked me out and I had to leave for a couple of hours.”
It’s unclear whether OriginalGuy then visited 4chan to continue posting his images, or whether someone else with access to the collection, sensing that OriginalGuy had decided to cash in, began posting instead. Either way, once the images appeared on the more popular message board, the leak quickly attracted thousands of internet users. A Reddit live thread was created to catalogue and archive the images as they appeared, although it later buckled under the traffic it received.
After OriginalGuy “dumped” his collection, many experienced iCloud hackers and celebrity photo traders declared the industry over. Following the hack, posters on AnonIB discussed the repercussions for their industry.