The celebrity nude photo hacking scandal could have been caused by hackers using a sophisticated piece of software designed for government intelligence agencies, together with an open-source password-cracking program.
Apple issued a statement last night confirming that after 40 hours of investigation, the company's engineers had found that no data breach had occurred in any of its systems, including iCloud or Find My iPhone.
However, certain iCloud accounts belonging to celebrities had been compromised by "a very targeted attack on user names, passwords and security questions".
Anon-IB is a popular anonymous internet image board that many hackers use to post stolen nude selfies and members have been advising each other how to use a programme called Elcomsoft Phone Password Breaker (EPPB).
EPPB is a tool created by ElcomSoft, a security forensics firm based in Moscow and it comes in three editions – home, professional and forensic.
"All that's needed to access online backups stored in the cloud service are the original user's credentials including Apple ID or Live ID accompanied with the corresponding password," Elcomsoft writes on the EPPB product page.
"Data can be accessed without the consent or knowledge of the device owner, making Elcomsoft Phone Password Breaker an ideal solution for law enforcement and intelligence organisations."
The professional and forensic versions of the tool, which cost £199 ($328) and £399 respectively, enable the user to gain access to and create a copy of password-protected backups for smartphones and devices running on Apple iOS or BlackBerry.
The forensic tool can also access all content in an iCloud account without needing login or password credentials, but only if the user is using an iCloud-authorised computer, which contains a binary authentication token.
To get around that security measure, hackers on Anon-IB are also educating each other on the use of iBrute, an open-source password-cracking programme that was released on Github last weekend.
The tool was still being used by people to steal photos and post them onto the image board earlier this week, but the iBrute Github project page now reads: "The end of fun, Apple have just patched." So this software might not be available anymore.
Hackers chatting on the /stol/ "obtained pictures" thread on Anon-IB have mentioned that Apple has patched iCloud so that users are locked out after guessing the password of an account wrongly five times, but other anonymous users are offering to hack accounts for free and send the images to other users via Dropbox or MEGA cloud storage folders.
One of the posts reads: "Always free, fast and discrete. Willing to rip anything iclouds - gf/bf/mom/sister/classmate/etc!! Excellent customer service - will email you back right away and let you know how long and also when I start the rip!"
Another post states, in both French and English: "Guess who's back? PERFECTRIPPER! I was offline for a time and now I'm back and ready to rip all icloud accounts you want!
"Send me email + pass; Send me just email (if you want me to hack the account for you). 100% safe and noone except you will see what I got!"