These were apparently all lifted from iCloud or whatever.

Dropbox was affected badly by Heartbleed, so it could've been a regular hacker, but they would have had to have massive resources.

Apparently this guy shopped it to TMZ but TMZ didn't take the offer and he's now made $70,000+ on his bitcoin address.

Either way they're going down, whoever did it, and if it was an NSA employee, the blowback will be enormous.

I don't know anything about Celebrity Gate at this point.

Thanks.

Here's one story: http://observationdeck.io9.com/not-a-good-day-for-icloud-1629128840

Another: http://variety.com/2014/biz/news/jennifer-lawrence-kate-upton-ariana-grande-exposed-in-massive-nude-photo-leak-1201295180/

Better Buzzfeed link: http://gawker.com/internet-explodes-over-j-laws-alleged-hacked-nudes-1629093854

The media is talking about Jennifer Lawrence but it's actually affected dozens of high profile actresses and models.

since he is the one that started this NSA mess.

Some are denying the pictures are genuine, to protect their reputation, but if even 10% of them come forward, we're looking at the largest hacking scandal in internet history.

Plus, Weiner was sending unsolicited pics to other people, this is non-consensual (to the public) pics released publicly. An entirely different matter.

If true, somebody is risking not only a good-paying job with government benefits but also prison time.

-Laelth

The original hacker sold the pics to other hackers via bitcoin. Those hackers then sold the pictures to the public, via bitcoin. That took some special care, if you ask me, they are now three ways removed from the hack.

I find it unlikely that iCloud or Dropbox would be hackable for the normal hacker, and think that there may have been an NSA backdoor; if you look at Lavabit, and how they were pressured to provide an NSA backdoor, it's not inconceivable that iCloud or Dropbox were not, as well.

Imagine, young, perverted, NSA employee mainly employed to look for evil terrorists. At their disposal is a search engine with anyone that they deem questionable. They look up a celebrity. Pow, results, lots of data dumped. Then they do it again and again and again, for weeks, then stop.

They quit the NSA shortly thereafter, and then go on to do whatever else, but they still have a several GB dump of celebrity data. What do they do with it? They're NSA. They know if they go direct, they're fucked, but if they sell it to other hackers with bitcoin attacks, they can be several ways removed. There. Done. If one guy got 70k for pics, what, then, might we expect of the original hacker? 700k? Plausible.

Thanks for the thread. This is a big deal.

-Laelth

And from what I can tell he's not the original hacker, he was just someone who bought the pics via bitcoin for a price. And yeah, before I pass out, this will be todays news. It'll be interesting to log in to all the various takes on it.

The NSA is not some all-powerful Godzilla-like organization.

Despite what Snowden wants us to believe.
[hr][font color="blue"][center]Don't ever underestimate the long-term effects of a good night's sleep.[/center][/font][hr]

... if you know what you're doing. Common method is to use a centralized mixer service, where everyone deposits their bitcoins into a single huge pot through an anonymous connection (Edward Snowden said even CIA can't break Tor other than at the nodes where it gets to the clearweb, but such mixers exist entirely in dark web). Then after the coins are sent around through a bunch of internal addresses (tumbled) they are sent back to various people who made deposits, in a way where no one gets the same coins they deposited, or even coins that are linked to their old ones through any transactions. That was there is no way to tell who got who's coins. A newer system that will eventually be implemented by default is called CoinJoin, and doesn't even rely on such a pool (that can run away with everyone's money at any time). In that system, everyone who wants to send money somewhere announces their intention and creates a transaction, and everyone who wants to send money at the same time joins their transaction by adding their own input and output addresses. Once enough people join, everyone verifies that in this massive single transaction their own money is going where they want it to go, and adds their own signature. This bulk transaction is only considered valid by the network if everyone signs, so there is no way for anyone to steal funds, since the most anyone can do is not sign, making everyone else start another CoinJoin transaction. Once everyone verifies and signs, the transaction is confirmed, and everyone's coins are all sent at the same time, and, again, you have no idea who's coins went where, or which received coins came from where.

Point is, the guys selling these pics likely knew what they were doing, and just looking at the bitcoin transaction ledger won't help. They'll have to use the good ol' method of tracing IP numbers, looking for anyone bragging about their skills, spying on private communications, etc.

A lot of the content has been out there in the malicious hacker circles for quite some time. You could only buy into the circle by sharing original content.

And they've been pretty good at keeping it a secret, trading them on the deep web. That is until someone blew the whole thing wide open with their little stunt on 4chan and Reddit. Someone got sloppy. Another got greedy.

Right now the whole thing is one big clusterfuck and more will be revealed once the smoke clears.