> The user reset questions were socially engineered
Yep, you're right. My point, perhaps poorly stated, is that if Random Hacker X can figure out the answers to the iCloud reset questions, so can a law enforcement agency. Then they can log into that account. Impersonating someone this way is legal -- or at least has not been ruled to be illegal -- as long as it's done under court supervision under the Wiretap Act or similar legal authority authorizing prospective surveillance.
Possibly related: I disclosed last year that the Feds have demanded that major Internet companies divulge targeted users' stored passwords, and in some cases the algorithm used and the salt:
http://www.cnet.com/news/feds-tell-web-firms-to-turn-over-us...
> if Random Hacker X can figure out the answers to the iCloud reset questions
Answers about very famous people. Wikipedia will not tell me your mothers maiden name.
Also, as much as I sympathise with the women whose accounts were breached, actors aren't always the sharpest tools in the shed, and phishing schemes are a common tool for gaining access to other peoples accounts. One of them (I don't remember which) publicly claimed iCloud backup for her iPhone was "too complicated" a while ago. Given that it's as complicated as "turn it on, and make sure it gets plugged into power with Wifi every so often", I don't doubt some of them would fall victim to even a very simple phishing scam.
Yep, you're right. My point, perhaps poorly stated, is that if Random Hacker X can figure out the answers to the iCloud reset questions, so can a law enforcement agency. Then they can log into that account. Impersonating someone this way is legal -- or at least has not been ruled to be illegal -- as long as it's done under court supervision under the Wiretap Act or similar legal authority authorizing prospective surveillance.
Possibly related: I disclosed last year that the Feds have demanded that major Internet companies divulge targeted users' stored passwords, and in some cases the algorithm used and the salt: http://www.cnet.com/news/feds-tell-web-firms-to-turn-over-us...