September 5th, 2014
A big news story like the recent iCloud hack, and leaking of naked celebrity photos can result in:
- concerns over your own security arrangements (e.g. “Are my naked photos of enough interest to hackers for them to get me in the news?”)
What is the iCloud hack?
As someone who doesn’t worry himself too much with “celebrities” or “news”, I’m not sure whether this story is of more interest to tech journalists. They have certainly enjoyed pointing out how many people have got this thing all wrong (i.e. it’s not just Apple’s iCloud which is under the spotlight).
Still, on the off chance that you missed the story, it boils down to this: the ‘cloud’ (see below) accounts of certain celebrities have been broken into. These online accounts have been used to store personal photos, and images compromising the integrity and privacy of said celebrities have been released (for a fee) onto the Internet. They first appeared on the usual websites: 4chan and, later, Reddit.
Definition: A ‘cloud’ account is one which stores all data on the Internet, rather than on your computer. The term cloud comes from network diagrams, where your internal network was represented in detail, while the external connection to the Internet was symbolised with a cloud (to demonstrate just how little you could know about what went on out there. Think of it a bit like the Fog of War).
So, a security breach? *Another* security breach!?
In a manner of speaking. However, no technical security measures were overcome. The leakers simply found out the usernames and passwords of each account, and put them into the respective websites. No ‘security bugs’ were exploited (though Apple has added a security feature to make this harder in future).
So in this sense it’s not like the eBay, LinkedIn, LastPass, Adobe or Yahoo password leaks. The important thing to remember, and which a lot of people have missed, is that it wasn’t just an “iCloud hack”; other similar services are vulnerable to this problem too.
The vulnerability of celebrity
Many analysts have pointed out that, as these victims were all famous, it’s likely that the perpetrators picked their victims deliberately, expending all their energies on a just a few accounts.
Also remember that, due to their fame, the answers to their security questions (e.g. mother’s maiden name) might be readily available online too. That’s another reason that you, as a dull non-celebrity, are a little more secure.
(Jennifer Lawrence, one of the victims, also casually mentioned that she used iCloud in an interview, which we mere mortals are unlikely to do.)
Still, beware of phishing emails which try to get you to voluntarily reveal your details.
Why did someone steal these nice peoples’ photos?
To make money, simple as that.
The photos were offered for sale on the sites concerned, and although they’ll inevitably be freely available at some point (I wouldn’t know myself, having not tried to look for them, obviously…).
Although a lot of hacks are done ‘for the lulz’ (that’s “the laughs”, kids) or for bragging rights, this one probably took a lot of effort, and was mainly worthwhile for the profit it would bring in.
For that reason, you’re no more at risk from having your account hacked, if you’re the man-or-woman in the street, than you were before. I’m sorry to break it to you, but your photos are not worth anything.
However, it’s a timely reminder that some of your digital data is worth money, and should be protected as strongly as a celebrity must protect their assets.
Should I do anything, then?
As I said, nothing’s changed in terms of the security level of your accounts, but the same rules apply as always:
- choose a strong, long and memorable password;
- check websites are legitimate before typing them in;
- use different passwords for each account;
- limit how many accounts automatically hoover up your phone’s photos, contacts, text, data etc. This is all about knowing what your gadgets are doing, and not letting them take control of your info.
Here are a few things that you should check up on:
- iCloud (on Apple iPhones, iPads and iPod Touches);
- Dropbox (on PCs, laptops and all phones);
- Google Drive (on Android phones mainly, but also iPhones and desktops and laptops)
- Google Plus (on Android phones, which backs up everything on your phone)
- iTunes (on Apple devices, which backs up everything when you connect your phone or iPod to your computer)
These are the things which might suck up your data automatically, but you should also check up on anything else you’ve installed. It’s not an easy or fun way to spend an afternoon, but that doesn’t make it any less important.