Posted on 09/02/2014 12:26:51 AM PDT by Citizen Zed
Apple's iCloud storage service and other parts of Apple, along with operations at several large banks, run inside A.W.S. (Amazon Web Services), say people familiar with the service who spoke on the condition they not be named so they could sustain relations with the powerful cloud company.
But Apple is usually obsessed with micromanaging every aspect of its technology and services. So some of its users might be surprised to learn that they're storing their backups and other personal data not on Apple servers, but on ones rented from Amazon. It's not totally clear that anyone should care about that, but you never know.
Of course, iCloud is also in the midst of a big transition, as it preps new consumer-storage services as part of Mac OS X Yosemite and its CloudKit service designed to provide cloud storage for iOS apps. And Apple has been building out data centers at a furious pace, with the latest one slated to start up sometime this year in Prineville, Ore.
(Excerpt) Read more at readwrite.com ...
Actually, no, you're wrong. Apple doesn't use such information for "marketing purposes." Here is the privacy statement from the iCloud User Agreement:
Apple (iCloud) Privacy PolicyYou understand that by using the Service, you consent and agree to the collection and use of certain information about you and your use of the Service in accordance with Apple’s Privacy Policy. You further consent and agree that Apple may collect, use, transmit, process and maintain information related to your Account, and any devices or computers registered thereunder, for purposes of providing the Service, and any features therein, to you. Information collected by Apple when you use the Service may also include technical, statistical, or diagnostic information related to or resulting from your use that may be used by Apple to support, improve and enhance Apple’s products and services. For more information please read our full privacy policy at http://www.apple.com/privacy/. You further understand and agree that this information may be transferred to the United States and/or other countries for storage, processing and use by Apple, its affiliates, and/or their service providers. Please note that personal information regarding individuals who reside in a member state of the European Economic Area (EEA) is controlled by Apple Distribution International in Cork, Ireland.
It's quite different from Google's.
Google’s doesn’t say anything about allowing hackers to post your private pictures everywhere.
Google accounts have been hacked in the same social engineering way as well before, by Phishing, or finding the passwords. As have other services where people who've used weak passwords. That's what apparently happened here. . . and at this point the guy who posted them on boards.4chan.org originally is now claiming he doesn't really know where they actually came from. He claimed iCloud because he thought it sounded plausible.
Reddit users on Monday claimed to have learned the identity of the leaker and circulated these images of Bryan Hamade, a 27-year-old from Georgia. Hamade vehemently denied being the leaker in an interview with BuzzFeed.
“I am not behind this. It was so stupid — I saw a lot of people posting the actual leaks and bitcoin addresses and I’ve read a lot about bitcoin and how they’re are valuable and I thought, oh cool I’ll get free bitcoins,” Hamade told BuzzFeed. “I am just an idiot who tried to pull one over on 4chan and lost big time and stupidly left this identifying information. They took my proof and back traced it — it isn’t remotely true. I am not a hacker. I have no idea how the hell someone could hack into all those accounts,” he said.—Source Buzzfeed
Examination of the metadata of the celebrity photos reveals that there're photos from Apple devices, Android devices, Windows PC webcams, Tumblr, and apparently other sources, unlikely to be uploaded by Apple devices. Some of the selfies show Android phones taking the pictures.
The creator of the script claimed to have been used was interviewed and claims it works on many services:
"We discussed the tool with its creator, Hackapp, over Twitter, who said “This bug is common for all services which have many authentication interfaces” and that with “basic knowledge of sniffing and reversing techniques” it is “trivial” to uncover them. When asked if the method could have been used in the celebrity hack today, Hackapp said “I’ve not seen any evidence yet, but I admit that someone could use this tool.”
So, at this point it is not an absolute fact they came from Apple iCloud, although it is possible. I'm waiting for more facts.
The three weeks before any major announcement from Apple is historically FUD Season. . . and this period is proving to be no different than any FUD Season in the past. Just look at this thread: why is it news that Apple may contract for some server space for overflow with Amazon or Microsoft when Apple is already building the largest distributed server farm network anyone has seen? I find it quite amusing.
By-the-way, both Apple and Google say they’re not responsible if you have weak passwords. LOL. I don’t blame them. I use pass phrases.
Reddit got the Boston Bombers identities wrong too.
http://nation.time.com/2013/04/23/inside-reddits-hunt-for-the-boston-bombers/
Without the filter that news organizations have traditionally used to sort good information from bad, or the ability to confirm facts with reliable law-enforcement officials, Reddit’s hive mind is often abuzz with misinformation. None of the photos of potential suspects circulating the Internet in the days immediately following the bombing picked out the Tsarnaevs.
Except this guy admits he's the one who posted the photos on board.4chan.org. He is now claiming he's not the guy who broke into the accounts and stole the pictures. He admits, though, that he was trying to sell access to the more salacious photos. He may be disingenuous about not being the hacker, because it was pointed out to him that some guy in Florida is now doing ten years in a Federal prison for ONE hacking and stealing just two nude pics of a nobody. and publicly posting them.
He admitted he REpoxsted the photos. He denied sourcing them.
The original posting of all these photos was on the website board.4chan.org, where HE admits posting them. That’s where it all started. That’s the epicenter of this Internet quake. No one has found any earlier postings despite all his flurries of disclaimers, that he saw “people downloading them and he just saw an opportunity to make some bit coins.” No body has found the “people.” He’s it. He is essentially the “patient zero” of the infection, so to speak. . . and he had the files on his computer as the original source. He posted a shot of his computer screen showing blocked out un-posted racier pictures he would sell for bit coins. He only started to deny he “hacked” the accounts and downloaded them after the criminal nature of his acts was brought to his attention. He found out he might be looking at 5 years in the slammer for EACH violation of a FEDERAL HOMELAND SECURITY LAW. . . That’s 5 years imprisonment for each and every photo and video as a separate offense. If I were he, I’d want to distance myself from the hacking and downloading as well! I’m not sure if the moon would be far enough.
Paradise, I think he’s trying to cover his ass. Of course he’s denying sourcing them. . . But he originally was bragging he was the source.
The fact is that he NOW claims he wouldn’t “know how to do this,” and is not competent to do anything like that. . . but, Paradise, he’s a systems administrator level IT guy, an assistant SUPERVISOR, no less. He’s got a degree in computer engineering and systems administration, and he’s claiming he doesn’t know how to do pretty basic data-base security stuff? RIGHT! Sure. And I’m the Pope.
Daily Mail and others said they were on a site called anonib a week PRIOR to the 4chan posting.
But keep clinging to a myth.
And for what it’s worth, Perez Hilton shared the photos on his site and then took them down. Think he’ll be prosecuted as the lawyers for the actresses are threatening against ordinary citizens?
I agree we need tough treatment for hackers that are caught. Problem is, millions of k9ds have computers and the ability to hack. curiousity can’t be stopped by stong sentences.
And all our systems are out there waiting to be checked. Apple admits to flaws. even the death penalty ain’t gonna stop it. ever heard of White Hat hackers ?
I'm not the one clinging to a myth, Paradise.
It turns out the guy offering the pics had them up on 4chan for at least five days as well. But you're right. . . They were also on anon.ib. . . But the story is a lot more complex than that. Here is a blog written by a guy who dove into the cesspool of the guys who ARE behind this, including this guy. . . I just posted this on FR. Very interested reading. The people behind this had never intended it to go public. They've been finessing their way into celebrity accounts for years, which explains the strange mix of real and fake images, Apple and non-Apple photos, etc. They simply are not a dump from all iCloud accounts but some are.
According to some of the news accounts (which included screencaps before the public free release) they were attempting to sell them (conflicting accounts if they wanted bitcoin or paypal transactions).
And the theory is that it was a group effort not a single hacker.
Wired had an article (Wired is not permitted on FR by request of the publisher) about the software that was used to crunch the passwords. Seems it is intended for use by government/law enforcement agencies.
Ultimately some blame does fall on Apple for not flagging repeated failed efforts to brute force break a login password. I’ve got accounts that won’t let me easily log in even if I get the name and password correct but I am using a different ISP or computer.
Internally they do. That's how Apple knows that IBrute was not the modality of attack through FindMyiPhone. There simply were no brute force attacks on passwords on those accounts.
Apple doesn't bother users with extraneous data about failed attempts that would cause them worry. It's all about user experience for Apple and worry is not a good experience. GRIN.
That, surprisingly, turns out to be part of the proof this was not a hack of iCloud. These photos were being shown on both anon.ib and 4chan for about five days, and not getting any traction because people thought they were fakes and old stuff.
That was four or five days BEFORE IBrute was released into the wild. . . and Apple closed the vulnerability twelve hours later. With the release of iBrute, the guy pushing the sale of the pictures started claiming he'd "cracked" iCloud to steal them—a claim he'd recant when told it was a Federal crime with a five year per picture prison sentence—and the pictures suddenly had a provenance. . . and people started looking and realized they were real, or at least some of them were. . . and havoc broke out.
But the upshot is, the pics existed BEFORE iBrute was released to be used to get them.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
