A 40-year-old man from California has admitted his role in a conspiracy to break into the private digital photo libraries of Apple customers to locate and steal sexually explicit images.
Hao Kuo Chi, a resident of the city of La Puenta in Los Angeles County, pleaded guilty to charges of computer fraud and conspiracy on Friday, October 15.
According to documents submitted to a court in Tampa, Florida, Chi conspired with other unknown individuals to gain unauthorized access to the Apple iCloud accounts of hundreds of individuals across the United States.
In a scheme that went on for years, Chi marketed his services as a hacker online in underground forums. Using the handle “icloudripper4you,” Chi advertised that he was able to break into iCloud accounts and exfiltrate their contents.
During the conspiracy, Chi gained entry to more than 300 iCloud accounts by impersonating Apple employees. To mask his identity, the hacker created fake email accounts that appeared to belong to Apple customer support representatives.
“Chi created email accounts for the purpose of impersonating Apple customer support representatives, and Chi’s conspirators sent Apple IDs and passwords of unsuspecting victims to these email accounts,” said the US Attorney’s Office for the Middle District of Florida in a statement released October 15.
After breaking into a victim’s iCloud account, Chi would search specifically for images in which a female subject was depicted as partially clothed or naked.
“Chi and his conspirators specifically sought out nude photographs and videos of young women, which the conspirators referred to as ‘wins’,” said the US Attorney’s Office for the Middle District of Florida.
Chi shared and traded these images with his conspirators, using a foreign-based, end-to-end encrypted email service. The hacker also admitted that he kept hundreds of thousands of stolen images for his personal collection and maintained a terabyte of cloud storage for this purpose.
A date has not yet been set for Chi’s sentencing. If convicted on both charges, the self-confessed cyber-criminal could be ordered to spend a maximum of 20 years locked up in federal prison with no possibility of parole.