Who Hacked The Nudes? A Working Theory

Everyone likes a good mystery, and the best one around right now involves the leak of hundreds of celebrity nudes onto the internet. The prevailing theory is that some hacker cracked Apple's iCloud service and then uploaded the nudes to the image-based bulletin board 4chan. We suspect that's not what happened, for reasons laid out below. It's a little involved, but the actual story here, as far as we can put it together, is a lot more interesting than it initially seems.

The first thing we're certain of is, obviously, that a person or persons unknown acquired a collection of nude celebrity pictures. When and how they did this, though, are pretty open—and important—questions. Some of the leaked photos were taken fairly recently; metadata in one photo of Kate Upton, for example, dates it to April of this year. Others, though, weren't. Actress Mary Elizabeth Winstead has said that photos of her were taken years ago, and that she'd long since deleted them.

The fact that at least a few of the photos are years old and since-deleted—not to mention that, according to a tipster, most methods of hacking an iCloud account require physical access to a phone—suggests that they were not obtained in a one-time smash-and-grab hack, but were, rather, collected over a period of time, perhaps years. (Common sense also argues against the iCloud hack theory: Even supposing that a master hacker got access to Apple's backend, it wouldn't follow that he could just pull up celebrities' phones via keyword search, and it's not clear why such a hacker would go for nudes rather than market-moving or politically sensitive information from the phones of financiers and politicians. And then there's this intriguing claim that at least one of the hacks may have involved Dropbox, rather than iCloud.) All of this suggests two alternate possibilities for the technique the original hacker(s) used:

  • It's possible, and perhaps likely, that he (or they) went at these phones with sheer brute force, the way Christopher Chaney, the hacker sentenced to 10 years in prison for illegally accessing the online accounts of several famous women, did.
  • The fact that by far the easiest way to acquire these photos would be to have password access to devices on which they were stored, and the fact that they seem to have been collected over a lengthy period, suggests that a person, or people, with access to these devices could be the culprit. Who that might be—a shadow network of disaffected personal assistants? a horndog ring of Apple Store employees? a cabal of pervert agents?—we have no idea.

However the photos were acquired, a tipster tells us that a couple of weeks ago, someone was offering them for sale on Tor sites. (These are anonymously held, secure sites, and the person selling them was apparently asking for payment in untraceable Bitcoin.) This is interesting not least because it would vastly widen the circle of people who had access to the photos. Last night, for example, we told you the curious story of how a couple of weeks ago, a Deadspin reader was offered the very pictures that leaked on Sunday in exchange for nude pictures of his girlfriend. At first, we wondered if this might not have been the original hacker, using the pictures he had access to to acquire more pictures. Since this offer appears to have been made after the pictures were already up for sale online, though, it seems much more likely that he's just a random person who bought or otherwise acquired them, and then used them for his own purposes.

At some point, word of the leak started circulating online, as Gawker documented over here. The earliest mention their investigation turned up was on Aug. 26, about a week and a half after we're told the photos had been put up for sale, and suggests that someone—perhaps the original hacker(s), perhaps someone who'd bought them, or perhaps someone with whom a purchaser had shared them—was circulating them.

Yesterday, as was probably inevitable, the nudes turned up on 4chan. The guy fingered by the internet as the culprit is (fairly plausibly) denying that he did it, but even assuming he did it, there's no real reason to think he's the original hacker. In fact, there's good reason to think he isn't: someone internet-savvy enough to have been the original acquirer of these photos probably wouldn't have left a trail of bread crumbs, and if someone, perhaps the original hacker, was actually selling these, it wouldn't make much sense for him to then go and upload them for free/in exchange for tips.

At any rate, more nude photos are now being teased and posted; it's totally unclear who's doing that, but it's presumably from someone who has a larger photo set, whether that's the original hacker or someone who bought or otherwise acquired a larger original set.

This is what we know. If there's anything you think we should know, or if you have a good theory, we're all ears: tips@deadspin.com.