Revealed: Hacked nude celebrity photos had been on 'deep web' black market for a WEEK - and there could be even more to come
- Nude photographs that shows multiple celebrities leaked online
- Obtained through Apple's iCloud and circulated web for at least a week
- Photographs originated on deviant forum called AnonIB - not 4chan
- Individual named online as the hacker denies he is the source
- Bryan Hamade told MailOnline that he did view images but did not trade
- Theft is believed to be the work of a number of hackers - not just one
- They claim to have images of other stars, which have not been posted
- Twitter is reportedly shutting down accounts disseminating the pictures
- Lawrence's spokesman confirmed the nude photographs were published
- Kate Upton's attorney called leaked pictures 'an outrageous violation'
The hacked nude photographs leaked online of actresses including Jennifer Lawrence and Kate Upton have been traded on the Internet for at least a week and could be just the tip of the iceberg of stolen celebrity pictures.
Exchanged on the deep web black market and deviant message boards specializing in stolen 'revenge porn' photography, the compromising pictures have been used as a currency of sorts among perverted members of these forums.
Indeed, in the aftermath of Sunday's mass dumping of naked pictures, these boards have descended into anarchy and infighting, with a civil war erupting between those who leaked the pictures and those furious their sordid, secret game has been thrown into the public eye.
Worringly for the general public is how simple the posters make their privacy theft seem - and raises the frightening prospect that Apple's iCloud used by millions is not safe for anyone to store sensitive information on.
Scroll down for video
Selfies leaked: Jennifer Lawrence was the victim of a hacker who posted more than 60 revealing images of the actress online
In the days before the stolen images were uploaded en masse to the 4chan anonymous image-sharing forum on Sunday, the Internet had been awash with claims by web-perverts that they were trading in the embarrassing photographs.
Among these boasts were that the hackers had accumulated pictures of at least 100 celebrities - and were biding their time before releasing them all online.
However, these outrageous claims seemed to originate not on 4chan, but the pornographic image board, AnonIB, which focuses usually on pornographic photographs of non-celebrity women.
During the last week, threads dedicated to Jennifer Lawrence that claimed to contain genuine images of the naked actress began to flood AnonIB - now proved to be real following the actresses confirmation that the pictures are indeed her.
According to those with knowledge of the threads on AnonIB and 4chan, the hacking of the nude pictures from Apple's iCloud was not a sudden smash and grab raid on the privacy of the women, rather collected over time until the list of their alleged victims stood at 101 in total.
Almost a week ago: These posts taken from AnonIB reveal the beginnings of boasts in updates which refer to Jennifer Lawrence and a 'major win'
Boasts: The posts from one week ago are in reference to Jennifer Lawrence's nude pictures being traded online on AnonIB
Disbelief: Some posters openly questioned whether the Jennifer Lawrence threads were really genuinely showing pictures of the star
Realization: On Sunday it dawned on users of AnonIB that the images being peddled for the past week online were in fact genuine
It also seems that the hacking may not even be down to one individual, but may in fact be the work of a number of people.
Denial: Georgia software engineer Bryan Hamade has claimed he has been falsely identified as the hacker online by reddit
The first sign that pictures of Jennifer Lawrence might be online was a post from AnonIB user on Tuesday 26 August that claimed a 'major win' for hackers looking for nude pictures of the Oscar winner.
However, many other posters on the anonymous board were skeptical that the pictures were of Lawrence, 24, until a slew of claims made by different posters all popped up on the board with the same revealing pictures.
One in particular bragged that he was 'ripping iclouds' - which is allegedly how the pictures were stolen.
However, in the posts the individual claims that the pictures have been online for some time - possibly weeks - which adds credence to the claims they possess the nude images of dozens more celebrities.
One person named online as a hacker by reddit users, has already come forward to deny any allegations against him.
Bryan Hamade told MailOnline that he was categorically not behind any hacking of celebrities private pictures and has not released any to the public.
He claims that he was identified after he lied to a reddit user to try and get bitcoins from them with a photoshopped picture of a celebrity.
This lie caused suspicion to fall on him and a huge reddit investigation reminiscent of their incorrect efforts to name the Boston bombers was launched.
'I am not the original leaker,' said Bryan to MailOnline.
'I only reposted one thing that was posted elsewhere and stupidly had my network folders visible.'
Hacked: Mary Elizabeth Winstead tweeted that nude photographs of her were taken with her husband 'years ago in the privacy of our home'
In an effort to cast the blame elsewhere, Bryan said that he believes the images released on 4chan may not have been leaked by the person or persons who stole them.
'The real guy is on 4chan posting intermittently,' said Bryan.
'He's most likely the one behind it but it does seem the photos passed around to multiple people before being leaked, so it may just be someone who has them and didn't hack to get them.
'I'd never in a million years know how to hack into any of the accounts listed.
'4chan just attacked me because they like to attack anyone in situations such as this.'
This comes as it was claimed a flaw in the 'Find My iPhone' function of Apple's iCloud service may have helped a hacker to steal nude photos of Jennifer Lawrence and '100 other celebrities', it today emerged.
The hacker claims he or she broke into stars' iCloud accounts, including those of the Hunger Games actress, Kate Upton and Rihanna, before publishing them on 4chan, the image-sharing forum.
A list of the alleged victims of the hack - 101 in total - has also been posted online; most of whom have not seen any photographs leaked by the hacker.
A spokesman for Oscar winner Lawrence confirmed to MailOnline the photos of her are genuine.
'This is a flagrant violation of privacy. The authorities have been contacted and will prosecute anyone who posts the stolen photos of Jennifer Lawrence,' the emailed statement read.
Following the publication of the images of Sunday night, experts have voiced their concerns over how the hacker managed to access them. Now, reports suggest that a specific flaw in the 'Find My iPhone' service may have been to blame.
Despite the story breaking last night, Apple is still yet to confirm or deny whether its software was the target of the hacking.
Comment: Mary Elizabeth Winstead took to Twitter to speak about her nude leaked photos
The hacking victim also offered support for other celebrities whose nude photos were leaked
Means: The naked photographs were reportedly obtained via Apple's iCloud service (pictured)
The firm's iCloud service, which was launched in October 2011 and is used by more than 320million people worldwide, secures data by encrypting it when it is sent over the web, storing it in an encrypted format when kept on server, and using secure tokens for authentication.
This means that data is protected from hackers while it is being sent to devices and stored online.
This suggests the hackers were able to obtain the login credentials of the accounts, and pretend to be the user, in order to bypass this encryption.
Earlier today, The Next Web spotted code on software development site Github, that would have allowed malicious users to use ‘brute force’ to gain an account’s password on Apple iCloud, and in particular its Find my iPhone service.
A message has since appeared saying that Apple has issued a 'patch' or fix for the bug.
'The end of the fun, Apple has just patched,' read an update on the post.
Brute force, also known as 'brute force cracking', is a trial-and-error method used to get plain-text passwords from encrypted data.
Just as a criminal might break into, or 'crack' a safe by trying many possible combinations, a brute-force cracking attempt goes through all possible combinations of characters in sequence.
In a six-letter attack, the hacker will start at 'a' and end at '//////'
Owen Williams from The Next Web, who discovered the bug, said: 'The Python script found on GitHub appears to have allowed a malicious user to repeatedly guess passwords on Apple's "Find my iPhone" service without alerting the user or locking out the attacker.
'Given enough patience and the apparent hole being open long enough, the attacker could use password dictionaries to guess common passwords rapidly. Many users use simple passwords that are the same across services so it's entirely possible to guess passwords using a tool like this.
'If the attacker was successful and gets a match by guessing passwords against Find my iPhone, they would be able to, in theory, use this to log into iCloud and sync the iCloud Photo Stream with another Mac or iPhone in a few minutes, again, without the attacked user's knowledge.
'We can't be sure that this is related to the leaked photos, but the timing suggests a possible correlation.'
Rob Cotton, CEO at web security experts NCC Group added: 'Cyber security is not just a technology problem, humans are very much key to its success. In our day-to-day work we see too many cases of employees divulging sensitive information without first verifying the legitimacy of the request.
'People often point the finger at technology when they've been the victim of a cyber attack, but poor password choices or naivety in the face of a seemingly innocent email is regularly to blame.'
Human error, in a variety of ways, said Mr Cotton, often played a part.
Find My iPhone helps users locate and protect their iPhone, iPad, iPod touch, or Mac - if it’s ever lost or stolen.
Despite the claims, it is possible that the photos were not taken via iCloud, but as a result of 'social engineering'.
This form of hacking works by studying which online services your target uses, before compiling as much information on them as possible, such as their email address, a mother's maiden name, a date of birth, and more.
This data can then be used to trick them into handing over their details or guess their password. If a celebrity uses the same password across accounts, this would be then make it relatively easy for someone to hack if they had the right information.
But the sheer number of names on the list makes this unlikely – unless a large number of hackers were taking part, and a large number of celebrities had poor password management.
Is it them? The hacker published what he or she claimed were naked photographs of Kate Upton (left) and Kirsten Dunst (right). Upton's attorney called the photos of his client 'an outrageous violation' of privacy
Did it happen? Cat Deeley was named as a victim whose photographs were stolen, but no supposedly 'nude' images of her have appeared online
Nickelodeon star Victoria Justice wrote on Twitter that her image was faked. She tweeted, 'These so called nudes of me are FAKE people. Let me nip this in the bud right now. *pun intended*'
However, this theory would account for Mary Elizabeth Winstead's claims that the leaked photos of her were taken with her husband 'years ago'.
This amount of time exceeds iCloud's Photo Stream facility, which keeps images for a maximum of 30 days before they are deleted.
Other notable services to allow users to access files remotely include Dropbox and Google Drive, which enable users to keep more of their files close to hand without taking up huge amounts of memory on their devices.
When activated, iCloud automatically stores users' photos, emails, documents and other information in a 'cloud', allowing them to sync the data across a range of platforms. These include iPhones, iPads and MacBooks.
Users can then access their information from any internet-connected device using a log-in and password.
Mysterious: A spokesman denied that nude photographs of Ariana Grande (left) were published. Hillary Duff was named as an alleged victim, though her apparently 'nude' photos have not appeared online
On Sunday, the hacker wrote that he or she is accepting Paypal donations for a video which allegedly shows Lawrence performing a sex act.
The hacker also wrote, 'I know no one will believe me, but i have a short lawrence video
'Is way too short, a little over 2 minutes and you only get to see her boobs
'Anyways, if somebody wants it let me know how i can upload it anonymously (i dont want the FBI over me, and you dont wanna know how I got this video.)'
'Jennifer Lawrence' became a Twitter trend on Sunday afternoon.Meanwhile, Perez Hilton has apologised on Twitter for posting some of the naked photos of Lawrence on his blog.
The celebrity blogger, who has since deleted the photos from the site, told his followers: 'I acted in haste just to get the post up and didn't really think things through. I'm sorry.'
He added: 'Upon further reflection and just sitting with my actions, I don't feel comfortable even keeping the censored photos up. I am removing them.'
A spokesman for Kate Upton sent MailOnline a statement from her attorney, Lawrence Shire, about the leaked photos.
Victims? Nude photos of Selena Gomez (left) and Kim Kardashian (right) were also allegedly hacked and acquired. But no photographs have appeared online
Denial: Victoria Justice said on Twitter that nude photos which claim to show her are fake
'This is obviously an outrageous violation of our client Kate Upton's privacy,' the statement said. 'We intend to pursue anyone disseminating or duplicating these illegally obtained images to the fullest extent possible.'
Actress Mary Elizabeth Winstead, who confirmed she was a hacking victim, wrote on Twitter 'To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves.'
THE 101 ALLEGED VICTIMS OF THE HACK
AJ Michalka, American actress, singer-songwriter, and musician
Alyson 'Aly' Michalka, AJ's sister, also an American actress
Allegra Carpenter, actress, best known for The Fault In Our Stars
Abigail Spencer, American actress
Alana Blanchard, American professional surfer and bikini model
Alexa Jane, model
Angelina McCoy, actress, best known for Enchanted
Ashley Blankenship, actress, appeared in The Wolf Of Wall Street
Aubrey Plaza, American actress and comedian
Abigail 'Abby' Elliott, American actress, voice actress and comedian
AnnaLynne McCord, actress and model
Avril Lavigne, Canadian singer-songwriter
Amber Heard, American actress and model
Rebecca 'Becca' Tobin, actress, singer, and dancer
Brie Larson, American actress, screenwriter, director and singer
Candace Smith, American lawyer, actress, model, and beauty queen
Candice Swanepoel, South African fashion model, best known for her work with Victoria's Secret
Cara Delevingne, English fashion model
Carley Pope, Canadian actress
Cat Deeley, English television presenter, actress, singer and model
Carly Foulkes, Canadian model and actress
Chloe Dykstra, actress and model
Clare Bowen, Australian actress and singer
Dove Cameron, 18-year-old U.S. actress and singer
Elena Satine, Georgian-American actress and singer
Elle Evans, American model and actress
Emily Browning, Australian film actress and singer
Emily DiDonato, model from New York
Emily Ratajkowski, British-born model and actress
Erin Cummings, American actress
Erin Heatherton, American fashion model and actress
Farrah Abraham, TV personality, author and pornographic actress
Gabrielle Union, American actress and former model
Hayden Panettiere, U.S. actress, model and singer
Hope Solo, American goalkeeper and two-time Olympic gold medalist
Heather Marks, Canadian model
Hilary Duff, American actress and singer-songwriter
Jennifer Lawrence, American actress
Jessica Riccardi, model
JoJo, American singer, songwriter and actress
Joanna Krupa, Polish American model and actress
Jennifer 'Jenny' McCarthy, American model and actress
Josie Loren, U.S. actress
Kaley Cuoco, American actress
Kate Upton, American model and actress
Kate Bosworth, American actress
Kelly Brook, English model, actress and TV presenter
Lauren 'Keke' Palmer, American actress and singer-songwriter
Kim West, American TV personality socialite
Kirsten Dunst, American actress, singer, model and director
Krysten Ritter, U.S. actress, musician, and former model
Lake Bell, American actress
Laura Ramsey, film and television actress
Lea Michele, actress and singer, best known for her performance as Rachel Berry on the Fox TV series Glee
Leelee Sobieski, actress
Leven Rambin, American actress
Lisa Kelly, American trucker who appeared in Ice Road Truckers
Lisalla Montenegro, Brazilian model
Lizzy Caplan, American actress
Mary-Kate Olsen, American actress and fashion designer
Mary Elizabeth Winstead, actress and recording artist
McKayla Maroney, artistic gymnast
Melissa Benoist, American actress and singer
Meagan Good, actress
Megan Boone, actress
Michelle Keegan, English actress, best known for playing the role of Tina McIntyre in the ITV soap opera Coronation Street
Misty Treanor, retired American beach volleyball player
Rachel Nichols, American actress and model
Sarah Shahi, American actress
Sarah Schneider, American writer, actress, and comedian
ScarJo (possibly Scarlett Johansson, actress)
Selena Gomez, American actress and singer
Shannon McNally, singer-songwriter
Teresa Palmer, Australian actress and model
Vanessa Hudgens, American actress and singer
Victoria Justice, Nickelodeon actress
Winona Ryder, American actress
Yvonne Strahovski, Australian actress
Alison Brie (U.S. actress) and Dave Franco (U.S. actor)
Most watched News videos
- CCTV catches pedestrian's near-miss moment prior to bus crash
- Man admits intending to cause distress to Sir Chris Whitty
- 'I just killed the wife': Listen to David Maggs' haunting 999 call
- Boris to Ian Blackford: 'I don't know who's been eating more cake'
- Shamima Begum's lawyer releases statement for Maida Vale driver
- Police arrest soldier after missile factory Kalashnikov rampage
- Watch the moment David Maggs is arrested after killing wife
- Chilling moment Artem Ryabchuk surrenders to armed police in Dnipro
- Moment Jewish shop owners suffer 'anti-Semitic attack'
- Jacob Rees-Mogg defends PM: 'Very few people in public life lie'
- Boris: 'Ministerial Code applies to me but I won't resign'
- CCTV shows Ukrainian soldier kill five in rampage at missile factory