As pretty much everyone knows at this point, naked pictures of a number of celebrities, indluding Jennifer Lawrence, Kate Upton, Kirsten Dunst, Rihanna, Kaley Cuoco, and everyone this side of (Hopefully) Dick Cheney.
It's called "The Fappening."
We all know that.
What you did not know is that the hackers used technology developed for law enforcement technology to make the hack:
As nude celebrity photos spilled onto the web over the weekend, blame for the scandal has rotated from the scumbag hackers who stole the images to a researcher who released a tool used to crack victims’ iCloud passwords to Apple, whose security flaws may have made that cracking exploit possible in the first place. But one step in the hackers’ sext-stealing playbook has been ignored—a piece of software designed to let cops and spies siphon data from iPhones, but is instead being used by pervy criminals themselves.
On the web forum Anon-IB, one of the most popular anonymous image boards for posting stolen nude selfies, hackers openly discuss using a piece of software called EPPB or Elcomsoft Phone Password Breaker to download their victims’ data from iCloud backups. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud released on Github over the weekend, EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on iCloud.com. And as of Tuesday, it was still being used to steal revealing photos and post them on Anon-IB’s forum.
“Use the script to hack her passwd…use eppb to download the backup,” wrote one anonymous user on Anon-IB explaining the process to a less-experienced hacker. “Post your wins here ;-)”
Apple’s security nightmare began over the weekend, when hackers began leaking nude photos that included shots of Jennifer Lawrence, Kate Upton, and Kirsten Dunst. The security community quickly pointed fingers at the iBrute software, a tool released by security researcher Alexey Troshichev designed to take advantage of a flaw in Apple’s “Find My iPhone” feature to “brute-force” users’ iCloud passwords, cycling through thousands of guesses to crack the account.
If a hacker can obtain a user’s iCloud username and password with iBrute, he or she can log in to the victim’s iCloud.com account to steal photos. But if attackers instead impersonate the user’s device with Elcomsoft’s tool, the desktop application allows them to download the entire iPhone or iPad backup as a single folder, says Jonathan Zdziarski, a forensics consult and security researcher. That gives the intruders access to far more data, he says, including videos, application data, contacts, and text messages.
.....
The fact that Apple isn’t complicit in law enforcement’s use of Elcomsoft’s for surveillance doesn’t make the tool any less dangerous, argues Matt Blaze, a computer science professor at the University of Pennsylvania and frequent critic of government spying methods. “What this demonstrates is that even without explicit backdoors, law enforcement has powerful tools that might not always stay inside law enforcement,” he says. “You have to ask if you trust law enforcement. But even if you do trust law enforcement, you have to ask whether other people will get access to these tools, and how they’ll use them.”
This is why we need to reign in the NSA.
Whatever they develop, the bad guys will duplicate or buy for themselves.