Ryan Van Velzer

The Republic | azcentral.com

The latest case of hacking and subsequent publication of nude celebrity photos has brought to light secretive websites where anonymous users request, trade and steal such photos without the consent or knowledge of the victims.

It's known as non-consensual pornography. Users on anonymous image boards such as Anon-IB.com use social media, public records and hacking to track down and steal nude photos, not just of celebrities but everyday people, and share them on the Internet.

Unlike revenge porn, which ordinarily targets ex-girlfriends and boyfriends, non-consensual pornogrpahy targets anyone, though most often young women.

On such websites as Anon-IB, every state has its own forum devoted to sharing non-consensual pornography. On the Arizona page, like all the other pages, users anonymously post images of local women in the nude, in underwear or fully clothed, then ask other users for help in finding more photos and videos of that person.

In addition to photos, users often include a woman's first name and location in their post and, at times, other information that may help users find more photos, including age or school attended, despite the website's terms of service stating that users are not allowed to post personal information.

While hacking personal information is clearly illegal, sharing photos that are already on the Internet isn't necessarily and can depend on state laws, said Dennis Ogorchock, a detective with the Computer Crimes Unit at the Maricopa County Sheriff's Office.

Anon-IB is one of many image boards modeled after such sites as 4chan.org, which describes itself as "a simple image-based bulletin board where anyone can post comments and share images."

Although similar in format, Anon-IB is used specifically for tracking down nude and non-nude photos of women. Men are rarely targeted.

On July 23, Arizona's revenge-porn law took effect to prevent disgruntled ex-lovers from sharing naked pictures of their exes on websites such as the now-defunct isanyoneup.com.

Statute 13-1425 states: "It is unlawful to intentionally disclose, display, distribute, publish, advertise or offer a photograph, videotape, film or digital recording of another person in a state of nudity or engaged in specific sexual activities if the person knows or should have known that the depicted person has not consented to the disclosure."

So far, the Maricopa County Attorney's Office is not aware of anyone who has been prosecuted under the new statute, said Jerry Cobb, public information officer for the office.

The website itself cannot be prosecuted for material posted by a person, Cobb said. In order for someone to be prosecuted, police would have to obtain a warrant to get that person's Internet Service Protocol (ISP) information.

Arizona Rep. J.D. Mesnard, a Chandler Republican and lead sponsor of the revenge-porn bill, said he believes that, under the new state law, it's possible to prosecute Anon-IB users who disseminate photos.

However, in order to make a case, a victim would need to come forward and say, "I did not give my consent," Mesnard said.

Ogorchock has doubts as to whether the new law will cover non-consensual pornography because the law includes the wording "intentionally" disclose victims' photos, which may count as a motive.

Currently, the Computer Crimes Unit charges people with harassment, a misdemeanor offense, and/or computer tampering, which includes hacking.

The FBI's Phoenix division and the Arizona Department of Public Safety said they are aware that these types of websites exist but have not made any arrests under the revenge-porn law. The Attorney General's Office and the County Attorney's Office said they were unable to comment.

Some users stalk women through social media and public information. Others use illegal means, including password phishing, website vulnerabilities and programs that steal data from cloud servers, personal computers and smartphones. These types of programs are rumored to have been used to steal photos and videos from Jennifer Lawrence and other celebrities, according to Wired magazine.

Some programs exploit weak passwords to guess a user's iCloud account information, said Christian Schreiber, information-security officer at the University of Arizona.

That, combined with other software, allows hackers to download the iCloud user's backup data, including images and videos, Schreiber said.

Apple's internal investigation found no evidence of a breach on iCloud and said the celebrity accounts were compromised as the result of a "very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet."

As of Thursday, Anon-IB.com said it was down for "scheduled maintenance" and expected to have service back in a few days. It also said "thank you J.L.," a not-so-veiled reference to Jennifer Lawrence and the attention the website is now receiving. However, it has a backup counterpart, AnonIB.com, that is still active.

Holly Jacobs, executive director of the Cyber Civil Rights Initiative from Tampa, had much of her life exposed by Anon-IB users. It started in 2009, when someone hacked into Jacobs' Facebook account and changed her profile picture to a nude photo of her. By 2011, her pictures were all over the Internet, including a subsection on Anon-IB devoted to women from Boston College, the school where Jacobs was an undergraduate.

Users posted her pictures, e-mail address, where she went to school, her college degree, thesis topic and when she was going to give her next presentation, she said. The harassment culminated in users posting the information for her next professional conference and encouraging each other to meet her in person and solicit her for sex.

Jacobs canceled the conference and changed her career.

"That (Anon-IB) was one of the worst sites I was posted on," Jacobs said. Jacobs e-mailed Digital Millennium Copyright Act takedown notices to more than 300 websites, but Anon I-B refused to take the pictures down.

HOW TO PROTECT YOUR DATA

Question: What is the cloud?

Answer: The cloud is a way of storing photos, documents, e-mail and other data on computers located elsewhere, so you're not using space on your computer, phone or other device. Amazon, Apple, Google and Microsoft all offer cloud-based storage. Smaller companies like Dropbox and Evernote do, too.

Q: Is it secure?

A: For the most part, yes. Companies invest a lot of money to ensure that people's private information stays private.

"The short answer is the cloud is often more secure than other storage," said Rich Mogull, CEO of security research and advisory firm Securosis.

But that doesn't mean it is completely immune.

Q: How can individuals make their data more secure?

A: You need passwords to access your accounts, so choosing a strong one is important.

Another way to make your information harder to hack is called multifactor, or two-step, identification. That means the first time you log on to an account from a new device, you are asked for a second form of identification. Usually, that involves getting sent a code as a text on your phone or an e-mail. A hacker who has your password would still need physical possession of your phone to get the text.

Q: How can I tell if my phone or computer is uploading information to the cloud?

A: You had to have signed up and agreed to the cloud services' terms of services, but that might have happened long ago, as you were setting up your device.

If you are not sure if you have opted in, check your phone's settings.

Q: Is my financial information at risk?

A: Yes, if you use the same password for online banking that you do for other sites and if you don't have multifactor identification on your banking website.

But, generally, financial information is among the most protected online. Information is encrypted, or scrambled, in transit. You can tell if a site does that if you see "https" rather than "http" before the website address.

Q: Will my photos and other information remain on the cloud even after I delete them?

A: They should not. Settings vary for different cloud services, but most of them delete information from the cloud when you delete something from your phone or computer, at least once the device has had a chance to sync with the online service.

You can check online, however. All the cloud storage providers have websites you can sign into to check out what information is being stored.

Q: How do I opt out of cloud storage?

A: Check your phone or computer settings if you don't want your photos and documents stored online. There are other ways to store information, including using an external hard drive or your device's own storage.

— Associated Press