FBI Investigates 'Cloud' Celebrity Picture Leaks

September 02, 2014

The FBI is looking into allegations that intimate pictures of celebrities have been stolen and posted online.

About 20 personalities, including the US actress Jennifer Lawrence, have had images of themselves leaked over the Internet.

It is understood some of the images were obtained from services such as Apple iCloud that back up content from devices on to the internet.

Apple says it is investigating whether iCloud accounts have been hacked.

Ms Lawrence, who stars in The Hunger Games films, has requested an investigation after a hacker apparently obtained photographs, with graphic content, from the mobile phones of numerous celebrities.

A spokeswoman for the actress said the internet posts were "a flagrant violation of privacy".

An FBI spokesman told the Associated Press news agency that it was "aware of the allegations" and was "addressing the matter".

Apple spokeswoman Nat Kerris was quoted by Reuters as saying in an email: "We take user privacy very seriously and are actively investigating this report."

Experts have raised concerns over the security of "cloud" storage sites.

"It is important for celebrities and the general public to remember that images and data no longer just reside on the device that captured it," said Ken Westin, security analyst at Tripwire.

"Although many cloud providers may encrypt the data communications between the device and the cloud, it does not mean that the image and data is encrypted when the data is at rest.

"If you can view the image in the cloud service, so can a hacker."

Images of the celebrities were leaked on image posting website 4Chan.

The user posting them - who defined him or herself as a "collector" rather than "hacker" - said more images of different celebrities would soon be posted.

While some of the celebrities said the images were fake, others have confirmed their authenticity.

Actress Mary Elizabeth Winstead posted on Twitter: "To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves.

"Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this."

Winstead's comments would suggest iCloud was not at play, as pictures on Apple's service are only viewable online for 30 days.

Raj Samani from Intel Security said: "Almost every service used online requires a password, and to ensure your passwords are secure, they must be complex."

But more often than not, it is human weaknesses that give hackers the simplest route to compromising accounts.

"Phishing" people - meaning to trick them into giving up their password - is considered perhaps the simplest and most targeted way hackers gain access to accounts.

(BBC)