In the world of cybercrime, some hackers steal credit cards for financial gain. Others deal in a different type of currency: private information like nude celebrity photos, used to buy the admiration of fellow hackers.
Alleged intimate photos of dozens of celebrities including Jennifer Lawrence and Mary Elizabeth Winstead appeared online this weekend. The thefts are the product of a small, malicious subset of the hacker community -- but it reflects the braggadocio of the hacker culture at large.
"Stolen data is incontrovertible proof of a certain level of skill for a hacker," Dave Aitel, the CEO of security company Immunity Inc., said in an interview Tuesday. "Hackers are braggarts. It's just a natural part of the culture: 'Look what I can do.'"
While it's not yet clear how the photos were obtained, Aitel said they could have been floating around a small subset of the hacker community for years, passed between a group like trading cards.
"It starts with someone saying 'Here's what I did, I got Kate Upton!' Someone else says, 'Oh yeah? Check out this photo of Jennifer Lawrence,'" Aitel said. "Stuff like this gets traded around. It's a way to assert your dominance as a hacker."
Intimate photos that belong to celebrities are especially attractive currency in those trading rings. And in the case of the hack that emerged this weekend, hackers may have scored a hit on another big target: Apple.
After reports surfaced that the stolen photos were taken from Apple's iCloud cloud storage service, the FBI and the company itself said they were investigating. Later on Tuesday, Apple confirmed that "certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions."
But none of the cases "resulted from any breach in any of Apple's systems including iCloud," the company said.
While the details of the theft are unclear, the fact that the hacks involved Apple accounts make it a "two-for-one win" for the hacker or hackers, said Jonathan Klein, the president of MicroStrategy, the maker of mobile identity platform Usher.
"Now you're not only hacking celebrities' private photos, you're also also exposing a flaw in a major well-known system," Klein said.
And when the system belongs to Apple, success is even sweeter: "The motivation behind a particular hacker is not something you can completely generalize, but there's a common thread: It's a badge of honor to get through defenses."
That part of hacker culture isn't new, Aitel, the Immunity CEO, pointed out. He recalled trading rings sharing celebrities' phone numbers — he once called Angelina Jolie's and heard her outgoing voicemail message, he says — when numbers were the only bits of intriguing mobile information stored in the cloud.
"The difference is now it’s all your information in the cloud: texts and photos and all sorts of data," Aitel said. "This type of thing is unignorable. If someone defaces your website, you can fix it and move on. But someone publishes your naked pictures, there's no way get that back."
In that respect, Klein said, celebrities are "ordinary people.They fall prey to the same dangers the rest of us might."
Stars' private data is simply more effective currency for garnering headlines — and cybercriminal street cred.
First published September 2 2014, 12:28 PM