by Marlow Stern
NOTICE: THIS WORK MAY BE PROTECTED BY COPYRIGHT
YOU ARE REQUIRED TO READ THE COPYRIGHT NOTICE AT THIS LINK BEFORE YOU READ THE FOLLOWING WORK, THAT IS AVAILABLE SOLELY FOR PRIVATE STUDY, SCHOLARSHIP OR RESEARCH PURSUANT TO 17 U.S.C. SECTION 107 AND 108. IN THE EVENT THAT THE LIBRARY DETERMINES THAT UNLAWFUL COPYING OF THIS WORK HAS OCCURRED, THE LIBRARY HAS THE RIGHT TO BLOCK THE I.P. ADDRESS AT WHICH THE UNLAWFUL COPYING APPEARED TO HAVE OCCURRED. THANK YOU FOR RESPECTING THE RIGHTS OF COPYRIGHT OWNERS.
More leaks… and no end in sight. This time, supermodel Cara Delevingne, actress Anna Kendrick and more have been targeted by hackers.
Just one day after FBI Director James Comey criticized Apple and Google for marketing lines of new smartphones equipped with improved encryption designed to thwart potential hacks, yet another online dump of hacked nude photos of various celebrities has hit the web.
On Friday afternoon, download links surfaced on Reddit and 4chan boards that led to presumably hacked private photos of supermodel Cara Delevingne, actress Anna Kendrick, and others. Kendrick is clothed in all 87 of the photos leaked online, although they appear to be private images off her phone that show the actress partying in a series of revealing outfits. Other women targeted in the leak, which online commenters have referred to as “The Fappening 3,” include: three-time Olympic gold medalist Misty May-Treanor, soap opera star Alexandra Chando, actress Kelli Garner (Going the Distance), TV presenter Brook Burns, and actress Lauren O’Neil. A video and images of actress Briana Evigan of the Step Up films also leaked.
The problem with the iCloud’s security, as many online commenters on Reddit and 4chan boards sharing the stolen photos have pointed out, is that the iCloud lets you try an unlimited number of security question attempts...
Earlier this week, photos of Masters of Sex star Lizzy Caplan, former The View co-host Jenny McCarthy, and others hit the web. All these leaks follow in the wake of Monday’s leak of Rihanna, Amber Heard, and others; Saturday’s leak of Kim Kardashian, Scarlett Johansson, etc.; and the first big leak of Jennifer Lawrence and more. Thankfully, an online countdown clock—EmmaYouAreNext.com—which alleged it would leak nude photos of Harry Potter actress Emma Watson when the clock hit zero, presumably in retaliation for her moving speech on feminism at the United Nations, turned out to be an awful hoax perpetrated by a fake marketing firm dubbed Rantic Media hell-bent on shuttering 4chan.
Having spent a few weeks on various Reddit and 4chan boards and read numerous posts about the hacking—or “Fappening,” as online pervs have so crudely labeled it—the issue seems to come down to security flaws within Apple’s iCloud online storage system.
From Jump Street, online posters (and their victims) have alleged that the leaks have happened by hackers penetrating the iCloud, and Lawrence and others contacted the FBI, who claimed to be working with Apple to ramp up security. Apple, as is their wont, denied claims of an iCloud security breach in a Sept. 2 press release, stating:
“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”
This statement, really, says nothing. The problem with the iCloud’s security, as many online commenters on Reddit and 4chan boards sharing the stolen photos have pointed out, is that the iCloud lets you try an unlimited number of security question attempts. Most sites lock you out after, say, ten failed attempts. But not the iCloud. This security problem seemed to be confirmed on Wednesday, when The Daily Dot claimed to have uncovered email correspondences between Apple and a security researcher, Ibrahim Balic, informing the company of the weakness of the iCloud’s security and alleging it’s very susceptible to “brute force” attacks—cracking passwords by exhausting thousands and thousands of key combinations. Balic claimed that he was allowed to try over 20,000 password combinations on a given account. The email exchange between Balic and Apple began in March and continued through May, with the Apple official questioning Balic’s findings—all of which he reported via Apple’s online bug submission platform.
Reddit commenters have pointed out an interview that Lawrence gave with MTV News back in May while promoting X-Men: Days of Future Past. In it, she discusses her issues with the iCloud. “Does that say iCloud backup?” she asks MTV host Josh Horowitz. “Because my iCloud keeps telling me to ‘back it up’ and I’m like, ‘I don’t know how to back you up! Do it yourself.’”