Apple Is Actively Investigating The #Celebgate and We Dived in The Burrow of The Deep Web

After the events of yesterday, Apple has indicated to Re/code that is “actively investigating” the news of the possible violation of various accounts of iCloud that could have resulted in the publication of hundreds of personal photos of intimate character belonging to a multitude of Hollywood actresses, singers and models, among others.

“We take privacy very seriously and are actively investigated this matter.”

As we already at an early stage, a bug discovered in the API of find my iPhone It was designated as the possible path, although more recent reports seem to do it highly unlikely. The vulnerability was released on Friday 29 August during the Chaos Constructions 2014, moment in which was also published on GitHub iBrute, the Python script allowing to perform a service brute-force attack to recover the password of an account.

Apple solved the bug just 48 hours later, during the morning of Sunday September Monday, a record considering the times handled the company in its less bright moments. The #Celebgate was already a few hours as a trending topic so we could think that those 48 hours were everything you needed the hackers to take over accounts of Jennifer Lawrence and the rest of the victims, except for…

iBrute uses a dictionary with the 500 most common passwords obtained from the famous robbery of 32 million accounts suffered the developer RockYou in 2009. Is assumed that dictionary has been leaked by eliminating all passwords that do not meet the safety requirements of Apple when it comes to choosing one, but the truth is that one of these conditions is precisely that, and quote, “It cannot be a common password”.

After tasting a dozen passwords from this dictionary, None has passed the Apple registration form filter. Can any work? Perhaps. One of them used the victims? Everything is possible, but it would still remain a couple of loose ends: How can have achieved celebrity email addresses? It is not precisely as in the public domain, and without that, you can not make any so directed attack.

And more important still, do none of them suspected of nothing? Assuming that they do have their accounts and passwords, the next step to get photos and videos from iCloud account is to set it up on another computer or device to be able to synchronize. The problem is that even if you don’t have active verification of two steps (more recommended), you are still receiving an alert in your current devices notification that is just another to add to your account.

I know nothing about the geeks who are or leave the famous affected (although JLaw I believe me anything, this girl is great) but if something characterized by having enough money to be able to hire the AppleCare Protection Plan without the slightest regard. “Hi? Apple? He has left this on my iPhone and I have no idea what it is. Can you help me? “.” Of course, you can notice all of them have been overlooked, but we continue to accumulate “you can”.

Within the burrow

Remember that the failure to find my iPhone was released Friday and whole thing of the #Celebgate broke out Sunday across 4chan, right? Maybe not, Tuesday 26 already had anonymous of AnonIB, a well-known forum for publication of images for adults, talking about photos of JLaw. Yes, five days before.

A clandestine circle of exchange of photographs of celebrities carrying enough time hidden in the Deep Web

Delving into the matter the thing becomes much more creepy than a simple failure of iCloud, including a clandestine circle of exchange of photographs of celebrities carrying enough time hidden in the Deep Web, the deep Internet made up of pages not indexed by the search engines.

Pulling this thread some things make enough sense, including statements by Mary E. Winstead explaining that for years that it had erased the pictures together with her husband now filtered. The images would not come from a single source, nor a single hack, but a group that probably got the material through very different means and has been exchanging it within this narrow circle in Exchange for pictures and videos recovered by rest.

She is confirmed, the images of the #CelebGate filtration is explained with a newcomer to the circle which would have opted to break the code of the same and publish material that had next to which had gotten into their first exchanges. In view of the uproar, other members of the circle would have published more screenshots (upon payment of bitcoins) the opportunity to do business, but photographs and videos more valuable would still be in the hands of the leadership of the Group.

As you can see, the thing given to write a novel that even his final chapter we.