clock menu more-arrow no yes

Filed under:

Inside the strange and seedy world where hackers trade celebrity nudes

New, 102 comments

Security researchers say the images that leaked were just the tip of the iceberg

Ian Gavan

When nude photos of more than 100 prominent celebrities began appearing on the internet over Labor Day weekend, people assumed that the leak was intentional: there was a hacker, or hackers, who were posting these images for fun or profit, and they had used recently discovered security flaws in Apple’s iCloud system to break into accounts and make off with these pictures.

A glimpse into a world that prefers to stay hidden

But several deep dives by security researchers into the secretive online world of stolen nudes paints a very different picture. An underground trade in these high-profile images has been going on for years, and continues today. This leak was likely an aberration, a clueless move from a greedy rookie that exposed a long-hidden ring built around stealing and trading private photos of high-profile women. Disturbingly, according to those with knowledge of the trading rings, these leaked photos represent just the tip of the iceberg, an accidental glimpse into a world that would have preferred to stay buried.

kaminsky_screenshot.0.jpg

Screenshot of a conversation forwarded to Kaminsky

lengthy blog post from security researcher Dan Kaminsky has some details on what we’re probably looking at: information trading networks on the so called "darknet" — a term for private networks where connections are made only between trusted peers — where users exchanged nude images of celebrity targets and built up massive collections over years. You couldn’t buy your way into the group or pay to view images, Kaminsky says. According to members he communicated with, to get in you needed to bring your own stolen material, something new and valuable the group didn’t already have.

"There are a lot more people with money than with the ability to get these goods."

"There are a lot more people with money than with the ability to get these goods," Kaminsky explained. He says the same moral code applies more broadly across a wide range of hacker groups. "It is absolutely an ethic of a lot of these communities. You need to be trustworthy, and money alone doesn’t buy that. In fact the perception is that if someone shows up and tries to make a lot of money, they are going to blow everything up." Once inside it was possible to exchange both money and images in trade, but photos were the most valuable commodity.

Security research Nik Cubrilovic, who has spent time immersed in the underground world of celebrity nudes and revenge porn, concurs. "There is still a lot more to be learned here, but the economics are simple — the more famous a celebrity, or the more of a cult following they have, the higher the demand for their nudes. The less nude pictures there are available, the higher the asking price. Conversely, the more widely shared and distributed an image has become, the less valuable it is." Cubrilovic compares the marketplace to baseball cards. "Most of the trading rings work not with cash payments for pictures, but through trading image sets. Users would compare their lists of sets and then come to an agreement to exchange one for another. This way the traders and collectors each build up their image sets over time and they have an incentive to go out and find new sources of rips."

"It appears the intention was to never make these images public."

So who broke ranks and why? Cubrilovic has a well-written theory for how things fell apart. "It appears the intention was to never make these images public, but that somebody — possibly the previously identified distributor — decided that the opportunity to make some money was too good to pass up and decided to try to sell some of the images."

anonIB_photo_sale_screenshot.0.png

Cubrilovic tracked down posts on AnonIB offering high-profile nudes dating back to five days before the story broke into public view, but nobody took the seller seriously until the uncensored proof hit 4chan, after which it spread across the web like wildfire. From there, more and more images began to spill out. "My theory is that other members of the ring, seeing the leaks and requests for money also decided to attempt to cash in, thinking the value of the images would soon approach zero, which lead to a race to the bottom between those who had access to them."

There is a world of pay-to-play hacking, where someone delivers personal data like names, birthdays, emails, passwords, and social security numbers to a hacker who then breaks into the account and steals as much data as possible. This seems to have been common practice on AnonIB, the site where the celebrity nudes first came into public view, but it is a distinct phenomenon from the world of hacking and trading in high-profile images of stars, where it appears money changing hands was less common than pure barter.

"Most members of these rings are not financially motivated."

"Most members of these rings are not financially motivated. That they have been in operation for so long yet not revealed themselves publicly speaks to that," says Cubrilovic. "We only found out about them in this latest case because one member got greedy and decided to attempt to cash in on the latest haul." In fact, not only do these traders not profit, they actually spend money to keep the marketplace up and running. "There are members of the ring who invest their own funds into servers and services that are required to operate the networks —such as paying for personal data lookups using online people and credit-report directories."

There is a certain irony to the idea that there was never much monetary value to these celebrity images, as the people hawking the images on AnonIB found out. A paparazzi photographer can use a telephoto lens to take photos of a bikini-clad Kate Middleton, which are worth six figures, and run them in magazines sold in grocery stores and airport bookshops. Relatively tame photos of Jennifer Lawrence smooching her then-boyfriend Nicholas Hoult reportedly fetched $400,000. But those same tabloids can’t run images obtained through illegal hacking, and they certainly wouldn’t publish images that constitute child pornography, which some of these images do. The leaked pictures were valuable only so long as they stayed hidden within these underground trading networks, where they could be exchanged for a few hundred dollars in bitcoin, other stolen nudes, and access to the community itself.

Far less scandalous images are ironically also more valuable

These invasions are all the more disturbing because they were probably happening long before the victims ever noticed. There was no public market for these images, so they likely circulated in private for months or even years before accidentally breaking into public view. And researchers say there may be a far greater number of images from other celebrities that have yet to be exposed. Messages from some of the underground boards Kaminsky studied mentioned returning to compromised accounts again and again to harvest new photos. "This is one of the major stories in all of information security over the last decade," says Kaminsky. "You don’t smash your way in and make a big noise grabbing everything you can and selling it. You look to establish a persistent threat. That is an important thing for people to realize, you don’t know when you’ve been hit, and they will come back and visit you again and again."