FacebookTwitterGoogle+RedditEmail

Hackers Used Government Spyware to Data-Rob iCloud

by

One sensationally reported incident this week exposes a dual threat: your data isn’t safe on a corporate-controlled “cloud” and spying software made for police and government agencies makes it completely accessible.

The leaking of celebrities’ photos, most compromising and some nude, from Apple’s iCloud storage system shows how silly we can be about nudity and celebrity and what our media thinks is important in the world. These were self-shot photos nude people and nudity is something we can all see in the mirror!

There is, however, a very important point to the entire affair and, unlike the naked photos, it’s worth talking about.

Apparently, according to Apple, this wasn’t a breach; there was no break-down in the security system for the company’s giant storage service. Instead, the hackers used what is called a “brute force attack” — a password-guessing method that uses software readily available to hackers to guess and test passwords to access a private account.

In the last couple of days, however, experts have become almost sure that the software used to capture the iCloud user data is a program designed for use by police and government surveillance. The program is called EPPB or Elcomsoft Phone Password Breaker and it’s made by a Russian outfit called Elcomsoft. Elcomsoft specializes in selling it to government authorities but it will sell it to anyone willing to pay the price. Apparently these hackers got a hold of that program and maybe, indeed, have done so through legal purchase.

The scenario goes like this: a hacker uses a program called iBrute which is a brute-force password guessing program for the iPhone. Yeah, there is actually such a program. It’s available free on line. With that, you can acquire certain types of information. But if you manage to get the user’s password with iBrute, you can then use EPPB to capture the user’s entire storage — everything they have on the iCloud and nobody will know.

The instructions appear on hacker message boards. “Use the script to hack her passwd…use eppb to download the backup,” wrote a hacker on the Anon-IB message board (or forum). “Post your wins here ;-)” That’s what they call data theft: “wins”.

This appears to be what these hackers did and, as of this writing, they’re still doing it. Data is currently still being stolen from iCloud. Apple appears unable to stop it.

The company points out that it offers a two-part verification system; you need to get a code emailed to you in addition to your username/password. This means that most people really aren’t vulnerable, it says. Apple called the hack “very targeted” to a few celebrities and claimed it had ended. Given the information about EPPB and the continuous theft of data from iCloud accounts, that statement seems highly questionable.

We’ve all seen movies about nefarious types stealing a nuclear weapon. What a disaster! Here is a case of criminal hackers using, apparently legally, a government spying weapon. The movies are frequently cautionary tales; maybe having those bombs isn’t such a good idea. Well, we have proof that giving governments and police the ability to completely steal data from a citizen is an equally bad idea — besides being a complete trashing of people’s legal rights.

Still, raising this as an issue is a lot like discussing what kind of clothing to wear while walking through a hurricane. Why do you need to know? Or, applied here, why are you storing your personal (and private) data — or any data for that matter — on some company’s computer?

That is what the “cloud” is. When the double-talk of marketing and the razzle-dazzle of product announcement is stripped away, this “cloud” is nothing more than a group of storage devices (big computers) that hold data — just like your computer. There is no difference in the basic technology; it’s a bunch of hard drives.

There are some differences in that cloud technology moves your data (in pieces) among thousands of storage devices and brilliantly unites it before your download it. So that your essay can end up being on six different computers, in pieces, and the storage software will pull it together when you need it. This is called “resource sharing”.

But you don’t need resource sharing on your personal computer and movement activists and organizations certainly don’t need to store their info on computers they have no control over. They information — always partial and often inaccurate– from agents and informants who would spend months sitting in on your meetings can now be accurately and quickly downloaded in minutes.

The safest and most secure place for your data is on your own computer’s hard drive. The safest place for your office network’s data is on a computer that is part of that network. Your data should never be stored on a device you cannot trust.

To be sure, there are some real benefits to having a storage cloud (as I always disclaim when called for: we at May First/People Link have such a service). But those benefits can be wiped out by the cloud company’s data practices.

To wit, are you sure your data won’t be given up or used? Google has a cloud system that will give up your data to the government immediately upon receipt of an order and processes some of that data to develop user profiles for marketing. Apple’s service doesn’t even have to turn it over; the government can use that EPPB software.

You’ll never know your data has been stolen.

In the end, maybe all this isn’t worth thinking about. Why should we be surprised that, in a society that celebrates the quick buck washed with the waters of scary nihilism, techie-thugs steal data? Or should any of this shock us when the companies protecting us from those hackers give up your data to the government and then downplay the amount of data stolen?

What’s worth thinking about is this: Are you willing to take this kind of chance with your data?

Alfredo Lopez writes about technology issues for This Can’t Be Happening!

Alfredo Lopez writes about technology issues for This Can’t Be Happening!

More articles by:
June 29, 2016
Diana Johnstone
European Unification Divides Europeans: How Forcing People Together Tears Them Apart
Andrew Smolski
To My Less-Evilism Haters: A Rejoinder to Halle and Chomsky
David Rosen
Birth-Control Wars: Two Centuries of Struggle
Sheldon Richman
Brexit: What Kind of Dependence Now?
Yves Engler
“Canadian” Corporate Capitalism
Lawrence Davidson
Return to the Gilded Age: Paul Ryan’s Deregulated Dystopia
Priti Gulati Cox
All That Glitters is Fearsome: Whatever Happens, Don’t Blame Jill Stein
Franklin Lamb
About the Accusation that Syrian and Russian Troops are Looting Palmyra
Binoy Kampmark
Texas, Abortion and the US Supreme Court
Anhvinh Doanvo
Justice Thomas’s Abortion Dissent Tolerates Discrimination
Victor Grossman
Brexit Pro and Con: the View From Germany
Manuel E. Yepe
Brazil: the Southern Giant Will Have to Fight
Rivera Sun
The Nonviolent History of American Independence
Adjoa Agyeiwaa
Is Western Aid Destroying Nigeria’s Future?
Jesse Jackson
What Clinton Should Learn From Brexit
Mel Gurtov
Is Brexit the End of the World?
June 28, 2016
Jonathan Cook
The Neoliberal Prison: Brexit Hysteria and the Liberal Mind
Paul Street
Bernie, Bakken, and Electoral Delusion: Letting Rich Guys Ruin Iowa and the World
Anthony DiMaggio
Fatally Flawed: the Bi-Partisan Travesty of American Health Care Reform
Mike King
The “Free State of Jones” in Trump’s America: Freedom Beyond White Imagination
Antonis Vradis
Stop Shedding Tears for the EU Monster: Brexit, the View From the Peloponnese
Omar Kassem
The End of the Atlantic Project: Slamming the Brakes on the Neoliberal Order
Binoy Kampmark
Brexit and the Neoliberal Revolt Against Jeremy Corbyn
Doug Johnson Hatlem
Alabama Democratic Primary Proves New York Times’ Nate Cohn Wrong about Exit Polling
Ruth Hopkins
Save Bear Butte: Mecca of the Lakota
Celestino Gusmao
Time to End Impunity for Suharto’’s Crimes in Indonesia and Timor-Leste
Thomas Knapp
SCOTUS: Amply Serving Law Enforcement’s Interests versus Society’s
Manuel E. Yepe
Capitalism is the Opposite of Democracy
Winslow Myers
Up Against the Wall
Chris Ernesto
Bernie’s “Political Revolution” = Vote for Clinton and the Neocons
Stephanie Van Hook
The Time for Silence is Over
Ajamu Nangwaya
Toronto’s Bathhouse Raids: Racialized, Queer Solidarity and Police Violence
June 27, 2016
Robin Hahnel
Brexit: Establishment Freak Out
James Bradley
Omar’s Motive
Gregory Wilpert – Michael Hudson
How Western Military Interventions Shaped the Brexit Vote
Leonard Peltier
41 Years Since Jumping Bull (But 500 Years of Trauma)
Rev. William Alberts
Orlando: the Latest Victim of Radicalizing American Imperialism
Patrick Cockburn
Brexiteers Have Much in Common With Arab Spring Protesters
Franklin Lamb
How 100 Syrians, 200 Russians and 11 Dogs Out-Witted ISIS and Saved Palmyra
John Grant
Omar Mateen: The Answers are All Around Us
Dean Baker
In the Wake of Brexit Will the EU Finally Turn Away From Austerity?
Ralph Nader
The IRS and the Self-Minimization of Congressman Jason Chaffetz
Johan Galtung
Goodbye UK, Goodbye Great Britain: What Next?
Martha Pskowski
Detained in Dilley: Deportation and Asylum in Texas
Binoy Kampmark
Headaches of Empire: Brexit’s Effect on the United States
FacebookTwitterGoogle+RedditEmail