Federal Bureau of Investigation agents have a lead in the celebrity nude photo hacking scandal that rocked the Internet last summer: A pair of homes on Chicago’s South Side.
Investigators have traced the theft of intimate photos of famous actresses like Jennifer Lawrence, Kate Upton, Anna Kendrick, Christina Hendricks to a brown brick bungalow in Brighton Park, according to recently unsealed FBI search warrants and affidavits. The investigators also identified another location, an apartment near Midway airport, as being involved, The Chicago Sun-Times reported, citing court documents.
The “celebgate” hacking targeted Apple’s (AAPL) iCloud, a cloud storage service that backs up users’ data. Celebrities using the service may have been fooled by phishing emails to reveal their account passwords, the search warrant application suggested, citing celebrity victims identified by only their initials.
“Based on victim account records obtained from Apple, one or more computers used at the Subject Premises accessed or attempted to access without authorization multiple celebrities’ email and iCloud accounts over the course of several months,” the report said. The application goes on to say that through June and August of last year, an IP address associated with the house at on South Washtenaw Avenue “was used to access approximately 572 unique iCloud accounts. Many of the accounts were accessed numerous times, and in total, the unique iCloud accounts were accessed 3,263 times from the Subject Premises IP.”
The other document, according to the Sun-Times, reveals that an IP address associated with the South Narragansett apartment accessed 330 different iCloud accounts last summer.
By those counts, the hacking may have involved many more iCloud accounts than had been thought—not just those accounts of the named celebrities. Eventually, the hackers leaked the photos they stole to online forums 4chan and Reddit.
In October, law enforcement eventually raided the one-and-a-half story home in Brighton Park as well as the apartment near Midway, the Sun-Times reported. They confiscated a number of items including and electronics devices such as Samsung and Motorola cellphones, an HP desktop computer, a Compaq laptop, a couple of floppy disks, according to Gawker.
Reporters for the Chicago paper got little information from the occupants of the homes that law enforcement raided. They were unsuccessful in contacting the occupants of the Washtenaw home while a man and woman who answered the front door of the Midway area apartment building declined to comment.
FBI cybercrimes unit special agent Josh E. Sadowsky, author of the affidavit and search warrant application, attributed the suspect IP address traced to the Washtenaw home to a 30-year-old man named Emilio Herrera using AT&T Internet subscriber data. Further public record checks revealed that the home belonged to a man named Jesus Herrera, and that it potentially has two other occupants, the agent wrote in the report.
Fortune has reached out to the listed email addresses of Emilio Herrera and will update the story if he replies. As Sam Biddle at Gawker points out, it seems strange that the attacker or attackers responsible for “celebgate” failed to have obscured their digital footprints using anonymizing tools such as a VPN or, say, the Tor browser, or some other means.
The FBI has confirmed that no criminal charges have yet been filed. Documents related to the search warrant application are available below: