Advertisement

La Puente man steals 620,000 iCloud photos in plot to find images of nude women

An Apple store logo in Brooklyn, N.Y.
Hao Kuo Chi of La Puente admitted in court papers that he marketed himself online as capable of breaking into private Apple iCloud accounts to steal photos and videos.
(Associated Press)
Share via

A Los Angeles County man broke into thousands of Apple iCloud accounts and collected more than 620,000 private photos and videos in a plot to steal and share images of nude young women, federal authorities say.

Hao Kuo Chi, 40, of La Puente, has agreed to plead guilty to four felonies, including conspiracy to gain unauthorized access to a computer, court records show.

Chi, who goes by David, admitted that he impersonated Apple customer support staff in emails that tricked unsuspecting victims into providing him with their Apple IDs and passwords, according to court records.

Advertisement

He gained unauthorized access to photos and videos of at least 306 victims across the nation, most of them young women, he acknowledged in his plea agreement with federal prosecutors in Tampa, Fla.

Chi said he hacked into the accounts of about 200 of the victims at the request of people he met online. Using the moniker “icloudripper4you,” Chi marketed himself as capable of breaking into iCloud accounts to steal photos and videos, he admitted in court papers.

Chi acknowledged in court papers that he and his unnamed co-conspirators used a foreign encrypted email service to communicate with each other anonymously. When they came across nude photos and videos stored in victims’ iCloud accounts, they called them “wins,” which they collected and shared with one another.

Advertisement

“I don’t even know who was involved,” Chi said Thursday in a brief phone conversation.

He expressed fear that public exposure of his crimes would “ruin my whole life.”

“I’m remorseful for what I did, but I have a family,” he said.

Chi’s agreement to plead guilty comes as Apple is facing criticism from privacy advocates over its plan to scan iPhone photos that customers store on iCloud to flag images of child sexual abuse for potential reporting to law enforcement. The advocates say it risks opening a new avenue for government surveillance of iPhone users worldwide.

In Chi’s case, the stolen images were kept secure on Apple’s servers, but he managed to get victims to give him the iCloud passwords he needed to download their data.

Apple Inc. is racing to contain a controversy after an attempt to combat child pornography sparked fears that customers will lose privacy in a place that’s become sacrosanct: their devices.

In court papers, the FBI identified two Gmail addresses that Chi used to lure victims into changing their iCloud sign-on information: “applebackupicloud” and “backupagenticloud.” The FBI said it found more than 500,000 emails in the two accounts, including about 4,700 with iCloud user IDs and passwords that were sent to Chi.

Advertisement

Chi’s conspirators would request that he hack a certain iCloud account, and he would respond with a Dropbox link, according to a court statement by FBI agent Anthony Bossone, who works on cybercrime cases.

Chi’s Dropbox account contained about 620,000 photos and 9,000 videos organized in part on whether the content contained a “win” of nude images, Bossone wrote.

The scam started to unravel In March 2018.

A California company that specializes in removing celebrity photos from the internet notified an unnamed public figure in Tampa that nude photos of the person had been posted on pornographic websites, Bossone said. The victim had stored the nude photos on an iPhone and backed them up to iCloud.

A man who hacked the Apple iCloud and Gmail accounts of hundreds of people, including celebrities in Los Angeles, from his computer in Chicago has pleaded guilty to computer fraud in federal court, authorities said.

Investigators soon discovered that a log-in to the victim’s iCloud account had come from an internet address at Chi’s house in La Puente, Bossone said. The FBI got a search warrant and raided the house May 19. By then, agents had already gathered a clear picture of Chi’s online life from a vast trove of records that they obtained from Dropbox, Google, Apple, Facebook and Charter Communications.

On Aug. 5, Chi agreed to plead guilty to one count of conspiracy and three counts of gaining unauthorized access to a protected computer. He faces as many as five years in prison for each of the four crimes.

Spokespersons for the FBI and U.S. attorney’s office in Tampa declined to comment.

Advertisement