Several hours ago nude and risqu photos of many celebrities leaked online the work of a hacker who it is alleged successfully breached Apple s iCloud service and copied the photos. While some celebrities have disputed the authenticity of the images Jennifer Lawrence and others have confirmed that theirs are genuine.
The current breach represents a serious crime and violation of privacy I certainly sympathize with the victims and hope that the perpetrators of this crime are apprehended and adequately punished. Celebrities are people with feelings.
There are however several important lessons that we should all learn from this incident
1. It is unclear whether the celebrities did not properly protect their accounts if a vulnerability was found in iCloud or something else occurred. But either way if you take nude photos think twice before storing them in the cloud. In fact think hard before storing any sensitive materials in the cloud. As I have stated many times cloud providers suffer from an inherent problem they make good targets. Hackers know how to reach the various cloud services know that celebrities and businesses have valuable files on many of the providers systems and know that a single breach can potentially lead to a treasure trove of material from numerous parties. Breaching a cloud file storage provider can be the hacking equivalent of hitting the jackpot. Additionally there remains the risk that the security of your sensitive material is ultimately not in your hands and that if a provider is breached its interests and yours may not align. (Edward Snowden claimed that NSA personnel would share nude images gathered by its online surveillance regardless of the veracity of that claim do you think a cloud provider will keep your materials from the NSA if it demands them ) So even if a cloud provider is more professional in handling security than you are be aware that there may be risks and that orders of magnitude more attacks may be launched trying to steal your files from the cloud than from a machine sitting in your house.
2. If you must store sensitive material in the cloud encrypt it and preferably not with tools provided by and hosted at the cloud provider. Hackers who breach the provider may gain access to methods of decrypting if the decryption system is run by the provider. (There may be providers where this is not a problem due to the way encryption is implemented but for others it may be a serious risk. So consult an expert if you plan to use a cloud provider s encryption to secure sensitive files.)
3. Make sure to properly secure any accounts that you have. Strong passwords are a must. The answers to challenge questions are almost always weak (think about it the answer to a challenge question is a simple password about which the asker is also giving the person being asked a strong hint). If you reuse passwords remember to do so with careful consideration a breach at one site can become a breach at others.
4. While this may seem counter intuitive unless you are a celebrity you need to be more careful than celebrities. Despite any laws or rights to the contrary it seems clear that law enforcement the media and technology vendors treat the leakage of sensitive material belonging to celebrities far differently than they do breaches of other people s privacy. If you are using a free service do not expect great cooperation you may not receive it. I have been impersonated on social media and dealt with one provider who responded very quickly and another who did not respond for weeks. Within hours of the breach today Twitter announced that it is suspending accounts that share the celebrity nude photos do you really think that you will get the same treatment Also consider that the leakage of nude photos may be less likely to adversely impact the careers or relationships of entertainers than your own.
5. Make sure not to share materials online that you do not wish to become public. Security settings should not be relied upon to protect material that must not leak as hackers may successfully undermine security. Learn from Kate Upton who ironically said in an interview earlier this month that she does not pose for nude pictures by great fashion photographers because with social media and the Internet and not so great blogs and the attention like that I don t think that my pictures would be received in the way that I d want them to be received. That s why I ve stayed away from them. I really appreciate those photos and I think those women are beautiful but I think social media and the Internet has prevented me from putting myself out there like that. Once stored on the Internet images that are intended to be private may become public and may remain online forever. Of course this also raises concerns about storage in cloud systems as well. (Disclaimer SecureMySocial which I founded is producing technology that warns people if they are posting potentially problematic material on social media.)
Of course the best place to store sensitive material is on machines not hooked up to the internet. If such a scenario is impractical at least keep the machine secure with proper security software encryption passwords etc.
One more recommendation Even if you choose to ignore the prior ideas if you have sensitive photos or other materials stored on iCloud I would remove them ASAP at least until all the dust settles regarding whether a vulnerability exists and was successfully exploited. You don t want to find out the hard way.
Want to be notified of great articles that can benefit you
Follow me on Twitter at JosephSteinberg
No comments:
Post a Comment