How Einar Stangvik foiled iCloud hacker

Share this article

Computer expert Einar Stangvik
12:58 CEST+02:00
Computer expert Einar Stangvik tells The Local how he identified Conservative politician Tor Johannes Helleland as the man responsible for hacking into young girls iCloud accounts, stealing nude pictures and posting them on a porn site.

How did you catch Helleland? What was the most important lead?  

There was no single thing that lead to his identity being revealed, but a series of clues that combined together connected him pretty solidly to the intrusion. Despite various people calling me a 'hacker', I would at no point venture too far into 'stealing' his identity.

What was your main strategy? 

I'll summarise the process as luring various self-proclaimed "iCloud-hackers" into revealing their IP-address, by having them visit a fake porn site I built ad-hoc. These IP-addresses were compared with addresses collected (by various forms of convincing) from forums and their operators. When I got a match - which was due to equal measures of luck and persistence on my part - I started communicating with the culprit. Through discussions with him, where I played the role of a young kid who wanted to hack his step sister's iCloud, I got an impression of the extent of his operation, as well as how he operated. He revealed clues such as him purchasing software meant for restoring SMSes, notes and other content from stolen iCloud backup data, as well as that he often tried linking the email accounts of his victims with his own accounts, to secure "infinite" access.

Eventually I were able to suspect a small number of people, based on information he gave, and mutual friends the various victims seemed to have. Among these I found a specific person (the politician), who I at that point started focusing on. I was able to secure a solid link between his confirmed e-mail address (listed on political pages) and his hacker-persona's email account. This was done through an oversight on Microsoft's part, which allowed me to "see through" an encrypted version of his real e-mail address, as this was used as the password restore target.

After verifying the link between the two, I continued connecting the dots between the personas for months, using various constructed characters which requested various information from both the hacker and the politician. I also collected indications and evidence that the politician himself had bought the software mentioned above.

How was he hacking people's iCloud accounts? 

He was for the most part guessing their iCloud security questions through Facebook and other communicatio . I've also seen indications that he used phishing strategies to have people give him their passwords, security answers and so on through emails.

Did he know the women who he targetted? 

Yes, most of them.

How big a problem is this kind of photo mining?

It's big. There are entire internet communities dedicated to finding and exploiting these targets, and there's been a mentality shift towards wanting to exploit those who aren't themselves seeking attention. A few years ago most of the content passed on was from girls (and boys) who in a weak moment took pictures or videos of themselves and published that on social media or closed forums. These days the drive seems to be to steal stuff never meant for publishing(and often not even passed on to significant others. In this case several of the girls never kept the images outside of their own phones, or even there - the hackers can in many cases restore deleted pictures and content.

Share this article

From our sponsors

Last chance to vote absentee in the US elections

Election Day in the U.S. is less than a month away, and time is running out for Americans living overseas to vote absentee. Here's what to do before it’s too late.


Popular articles