Man Accused Of Leaking Naked Celebrity iCloud Photos Denies Everything

By James Cook | Business Insider – 22 hours ago

0users liked this commentThumbs UpThumbs Down0users disliked this comment

ricky l • a second agoRemove

The statement say :-
"Immediately after the leak of hundreds of nude photos of celebrities, allegedly from Apple's iCloud backup storage system, the internet began investigating in an attempt to discover the hacker responsible."

There are 2 types of backup storage system :-
(1) The older and more commonly used backup system are the tape or catridge system that uses tape drive or autoloader to mount tape or cartridge for backup and retrieval.
But for iCloud - which is a public cloud - where users that store huge data - comprising text, video or images - is tape backup system that likely backup system that are being hacked?
Quitely unlikely in this case as backup tape are run sequentially and will require a backup management system to manage the backup and recovery of files, data, video or image and will need manual or autoloader to mount the correct tape to retrieve the right pictures or videos.

Such tape backup come in 2 mode, non-encrypted (which is the most common mode) and encrypted mode with proper key management system to backup and retrieve the backup data, files image or videos.

(2) Disk storage backup - that uses harddisk - normally cheaper SATA disk to do the backup online using deduplication.

The diskbackup also require a backup managment system and as it is a disk backup, it can be access randomly and not sequentially.

Encryption on the data will be possible by encrypting folders and files for backup and retrieval - if data need to be secured - with proper key management protocol.

Look like in this case, this mode - disk storage backup with deduplication is the likely source of being compromised and hacked without data encryption.

Thus mass hacking of the videos or image become possible because multiple user folders can be copied out wholesale in such diskbackup.

Hackers who are able to hack and acquire the admin password of the Backup management system will be able to retrieve the relevants files, data, images of videos from the user folders whether encrypted or not encrypted - as hackers can decrypt the files if hackers also have access to the encryption key to decrypt the backup files.

Reply

0users liked this commentThumbs UpThumbs Down0users disliked this comment

ricky l • a second agoRemove

Wonder the backup system is out-of-band which is not in-band (whether fiber channel, iSCSi or FCOE) and not accessible via the Internet - how the hackers from Internet able to hack in remotely to take over the backup system?

Quite unlikely right?

Must be someone that have access through out-of-band - if backup storage system are compromised - as the backup storage system does not used the in-band Ethernet network and the backup storage system used another storage network which can be fiber channel, iSCSI or FCOE.

Ha ha - just playing online detective.

0users liked this commentThumbs UpThumbs Down0users disliked this comment

ricky l • a second agoRemove

And if the backup management system is also hosted out-of-band - then how does Internet hackers can hack into the backup management system?

Unless the backup management system is also hosted in-band that can be accessed remotely via Internet? If this is the design - then Internet hackers will have a field day hacking into the public cloud - which I think cannot be right? 

1users liked this commentThumbs UpThumbs Down0users disliked this comment

Lar  •  16 hours ago Report Abuse

Minstrel

A hacker can piggyback on a wifi connection quite easily if they decide to go that route, they can spoof ip addresses, they can hack from other ip addresses that they already own, they can by buy a burner or stolen phone and piggyback off it's data connection. Or if they really don;t want to be caught they can do a combination of all of the above.

@andrew

You should give up with that line after posting it 10 times if no one is laughing that's a good sign that you failed.                                  

0users liked this commentThumbs UpThumbs Down0users disliked this comment

ricky l • a second agoRemove

Hm, if a hacker piggyback through a wifi router, the wifi router will display the hacker device - mac address and the ip address issue by the dhcp server of the wifi router. The mac address which is unique to the hacker device - which is factory-make can help to nab the hacker. So spoofing ip address via the wifi-router is not good enough.

0users liked this commentThumbs UpThumbs Down0users disliked this comment

ricky l • a second agoRemove

Do a show ARP - will display the IP address and the mac-address of the hacker if it piggyback on the wifi devices.

0users liked this commentThumbs UpThumbs Down0users disliked this comment

ricky l • a second agoRemove

The syslog captured by the wifi router - can be used to trace the hacker device.

If the wifi router is another mobile phone that are connected to the Telco via 3G or 4G network, the nearest base station will have captured the IMEI of the mobile phone and will be able to track the owner of the mobile phone.

 

0users liked this commentThumbs UpThumbs Down0users disliked this comment

ricky l • a second agoRemove

IMEI is the unique number that are tie to the mobile user with his/her name and IC number that he/she used to register his/her phone - and the nearest base station that track the IMEI will provide a location-based system to indicate the estimated location of where the hacker is if he used the mobile phone as piggy back to access the Internet.

0users liked this commentThumbs UpThumbs Down0users disliked this comment

ricky l • a second agoRemove

Even if the hackers use public proxy to hide his credential and system info. - it still can be tracked.

The public proxy used can be a IPsec VPN, a Firewall that turn on NAT or PAT, a Web Proxy; - where the external connection to the public - is still a valid public IP address, with MAC address for routing and switching or bridging.

Once this valid public IP address and MAC address are tracked - the public proxy such as IPsec VPN, a Firewall that turn on NAT or PAT, a Web Proxy will have kept a syslog for all the connection - that will reveal the hacker system information such as VPN client, VPN ip address of the hacker in order for the hacker to establish a VPN connection; internal IP address and mac address of the hacker if he/she used the internal interface of the firewall and the hacker web client information if he used Web Proxy.