(no title)

And I'm very curious as to how the fuck this happens.

I haven't seen many theories in general, let alone theories with much evidence behind them about how this could have happened. Other than iCloud! No dropbox! No NSA!

So while I wait for more technical minds to weigh in, I figured I'd take a stab at an alternate theory for people to ponder (or hopefully more likely tear apart!)

tl;dr

Gaining covert access locally via a potential buffet of attack vectors. Feels like this article, but voyeur not espionage (or necessarily China/state-based obviously) http://www.nytimes.com/2012/02/11/technology/electronic-secu...

Theory:

- Original hacker is one w/ privileged network access, &/or proximity to sniff, &/or compromise device(s) physically at a place frequented by celebs over a long period of time(years).

- Hotels, spas, coffee houses, studio lots, awards, etc etc.

- Potential for many attack vectors to match any given skill set. From MITM, to malware, to phishing, to gathering PII for social eng to compromised charging stations.

- And gives a window of time to allow for fast data transfer pillaging via LAN.

- Also gives a window where on same network, at same time and place pry helps to avoid tripping some suspicious access detection alarms.

- OG hacker is prob up to lots of nefarious stuff and someone else popped their personal stash.

-- What lead me there and away from a single platform exploit, a la iCloud?

I tried making sense of what was known and a few assumptions.

- If it was a platform exploit, finding even 20 of these girls' actual login emails from which to locate their accounts on a service is a massive undertaking – unless you have some kind of privileged position to harvest them (hotel desk, gyms, award ceremonies, etc etc) -- I feel like the probability of all these girls having passed through same places – like hotels, spas, sundance, soho house, awards, festivals, etc etc – over the course of 2-3 years is way higher than someone managing to figure out 100 correct login emails for them.

- The attacks appeared to have happened over a long period of time. At least late 2011 to within the last month judging from exif data. So they avoided tons of software and hardware updates for bugs and security patches.

- I assume these celebs have TONS of photos on any of their devices at any given time. Being photographed and taking photographs are part of their lives. So we're talking thousands or tens of thousands. Which takes a lot of time to copy. And like all of us, their photos are unorganized which means it takes a lot of time to find the gems. The longer it takes the attacker to get access and pillage, the more they are exposed. They needed to get in quick and consistently, and get out very fast.

- Given the volume and (alleged) success rate of 100+ celebs, manual social engineering or brute is out.