Investigators from the FBI and Apple Inc. (NASDAQ:AAPL) are still trying to determine exactly who is responsible for leaking hundreds of nude photos belonging to A-list celebrities including Jennifer Lawrence, Kate Upton and many others. One possible suspect, Bryan Hamade, has already come forward while a network of others have reportedly built up a pool of illicit images over a number of months.
Hamae, 27, is an American software engineer who used the alias “BluntMastermind” to brag on Reddit that he was responsible for the hack while offering to provide access to the trove of nude pictures to anyone willing to pay in bitcoin. That plan backfired when Reddit users noticed that Hamade forgot to scrub personal information from his post, making it easy for them to find out who BluntMastermind was.
An embarrassed Hamade denied to media outlets that he was the one responsible, saying in a BuzzFeed interview that his faulty decision-making skills have ruined his life.
“I am just an idiot who tried to pull one over on 4Chan and lost big time and stupidly left this identifying information,” he said. “It's been a nightmare and I haven't slept in 34 hours, now. 4Chan users are harassing me with nonstop phone calls and emails. They email me constantly, saying they'll hack my personal websites and keep calling my phone ... "
While there's little reason to doubt Hamade's innocence, the result of his stupidity is evidence that the people who infiltrated the celebrity accounts aren't kidding around. The loosely affiliated group congregated at AnonIB, a 4Chan forum that includes both a “stolen photo” thread and a “celebs” thread, which required anyone who wished to join to either submit a nude photo of himself or make a donation in bitcoin.
“Guys, just to let you know I didn't do this by myself. There are several other people who were in on it and I needed to count on to make this [happen],” wrote one Anonymous poster. “This is the result of several months of long and hard work involved. We appreciate your donations and applaud your excitement.”
Authorities have yet to determine the identity of the hackers who posted nude photos of hundreds of celebrities, but many of the candid shots have been circulating on the popular image board 4Chan for some time. A security flaw in Apple's Find My iPhone software, since fixed, has been blamed as the entry point, with the Next Web reporting that cybercriminals may have used a “brute force” hack that involved using malicious software to repeatedly guess an individual account's password until finding the correct answer. For example, a hacker could have focused that malware on Kim Kardashian's iCloud account, using an unlimited number of password guesses until being granted access.
No less compelling is the question of motive: Why would someone want to humiliate someone else in such a public manner? Along with the obvious profit potential (multiple outlets have reported that TMZ had knowledge of the hack and made a financial offer for some of the photos), the high-profile nature of the release would be an enviable addition to a hacker's resume.
Members of the black hat subculture are often known to each other and regularly commit crimes online to raise their own profile. The Anonymous hacker movement began as group of 4Chan members who used the discussion threads to prank each other before deciding they'd be better served to describe themselves as freedom fighters.
Reports have also indicated that once word spread about the AnonIB thread the number of leaked celebrity photos increased. The sheer size of the security breach, believed to include more than 100 celebrities, lends credibility to this idea, with more and more unknown hackers attracted to the idea of victimizing celebrities at least in part by the idea that they can boost their own standing.