Advertisement
California

La Puente man steals 620,000 iCloud photos in plot to find images of nude women

An Apple store logo in Brooklyn, N.Y.
Hao Kuo Chi of La Puente admitted in court papers that he marketed himself online as capable of breaking into private Apple iCloud accounts to steal photos and videos.
(Associated Press)
By Michael FinneganStaff Writer 
Share

A Los Angeles County man broke into thousands of Apple iCloud accounts and collected more than 620,000 private photos and videos in a plot to steal and share images of nude young women, federal authorities say.

Hao Kuo Chi, 40, of La Puente, has agreed to plead guilty to four felonies, including conspiracy to gain unauthorized access to a computer, court records show.

Chi, who goes by David, admitted that he impersonated Apple customer support staff in emails that tricked unsuspecting victims into providing him with their Apple IDs and passwords, according to court records.

Advertisement

He gained unauthorized access to photos and videos of at least 306 victims across the nation, most of them young women, he acknowledged in his plea agreement with federal prosecutors in Tampa, Fla.

Chi said he hacked into the accounts of about 200 of the victims at the request of people he met online. Using the moniker “icloudripper4you,” Chi marketed himself as capable of breaking into iCloud accounts to steal photos and videos, he admitted in court papers.

Chi acknowledged in court papers that he and his unnamed co-conspirators used a foreign encrypted email service to communicate with each other anonymously. When they came across nude photos and videos stored in victims’ iCloud accounts, they called them “wins,” which they collected and shared with one another.

“I don’t even know who was involved,” Chi said Thursday in a brief phone conversation.

He expressed fear that public exposure of his crimes would “ruin my whole life.”

“I’m remorseful for what I did, but I have a family,” he said.

Chi’s agreement to plead guilty comes as Apple is facing criticism from privacy advocates over its plan to scan iPhone photos that customers store on iCloud to flag images of child sexual abuse for potential reporting to law enforcement. The advocates say it risks opening a new avenue for government surveillance of iPhone users worldwide.

In Chi’s case, the stolen images were kept secure on Apple’s servers, but he managed to get victims to give him the iCloud passwords he needed to download their data.

FILE - In this Saturday, March 14, 2020 file photo, an Apple logo adorns the facade of the downtown Brooklyn Apple store in New York. Apple’s new iPad brings PC-like trackpad capabilities for the first time, as the company seeks to make its tablet even more like a laptop computer. Apple says the trackpad will offer more precision than fingers in selecting text and switching between apps. (AP Photo/Kathy Willens, File)

Business

Apple races to temper outcry over child-pornography tracking system

Apple Inc. is racing to contain a controversy after an attempt to combat child pornography sparked fears that customers will lose privacy in a place that’s become sacrosanct: their devices.

Aug. 13, 2021

In court papers, the FBI identified two Gmail addresses that Chi used to lure victims into changing their iCloud sign-on information: “applebackupicloud” and “backupagenticloud.” The FBI said it found more than 500,000 emails in the two accounts, including about 4,700 with iCloud user IDs and passwords that were sent to Chi.

Advertisement

Chi’s conspirators would request that he hack a certain iCloud account, and he would respond with a Dropbox link, according to a court statement by FBI agent Anthony Bossone, who works on cybercrime cases.

Chi’s Dropbox account contained about 620,000 photos and 9,000 videos organized in part on whether the content contained a “win” of nude images, Bossone wrote.

The scam started to unravel In March 2018.

A California company that specializes in removing celebrity photos from the internet notified an unnamed public figure in Tampa that nude photos of the person had been posted on pornographic websites, Bossone said. The victim had stored the nude photos on an iPhone and backed them up to iCloud.

A Chicago man used an email phishing scam to trick celebrities into giving up their Gmail and iCloud usernames and passwords, which store photos and videos from iPhones and other devices.

California

Man convicted of hacking Gmail and iCloud accounts of at least 30 celebrities in L.A.

A man who hacked the Apple iCloud and Gmail accounts of hundreds of people, including celebrities in Los Angeles, from his computer in Chicago has pleaded guilty to computer fraud in federal court, authorities said.

Sept. 28, 2016

Investigators soon discovered that a log-in to the victim’s iCloud account had come from an internet address at Chi’s house in La Puente, Bossone said. The FBI got a search warrant and raided the house May 19. By then, agents had already gathered a clear picture of Chi’s online life from a vast trove of records that they obtained from Dropbox, Google, Apple, Facebook and Charter Communications.

On Aug. 5, Chi agreed to plead guilty to one count of conspiracy and three counts of gaining unauthorized access to a protected computer. He faces as many as five years in prison for each of the four crimes.

Spokespersons for the FBI and U.S. attorney’s office in Tampa declined to comment.

More to Read

California
Michael Finnegan

Michael Finnegan is a former Los Angeles Times crime and politics reporter. He covered federal courts in California and state and national election campaigns, including every presidential race from 2000 to 2020. He was previously a City Hall and statehouse reporter at the New York Daily News.

More From the Los Angeles Times

Advertisement