If celebrities’ ears could burn, the internet would be on fire right now, after a mahoosive cyberattack stole loads of celeb pics and sent them out into the world; and everyone’s talking about it because – and I don’t want to shock anyone here – some of them were naked. What’s really scandalous though is that it happened in the first place, and on such a large scale; so how did it happen and how can you keep your pictures private?
What’s the deal with all these naked people??
Over 100 images of celebrities were stolen and posted on the internet forum 4chan last week. Because some of them were naked pics, obviously the rest of the world has gone madder than a box of frogs about it, either sharing the pics, or denouncing the sharers, or sharing then denouncing… basically it’s a whole big mess. Celebs that have had their pictures laid bare include high profilers like Jennifer Lawrence and Rihanna, as well as some people I’ve never heard of (though that’s not saying much) – what seems to be consistent though is that they’re mostly, if not all, women.
Theories abound as to how the cheeky pics were obtained but it seems likely that they were taken in a brute-force hack from an online cloud storage service (iCloud has had the finger pointed its way several times, as have Dropbox and others). This kind of consumer cloud storage is not to be confused with corporate cloud hosting; and in terms of security risk, with consumer cloud storage you’re sharing a small part of a big cloud, whereas with corporate hosting it’s usually more security-focused and with less – or no – other people.
The post on 4Chan anonymously claimed the pics were taken from iCloud (although this has yet to be confirmed and Apple have kept quiet), and demanded donations in exchange. Mega awks though – they only got 0.2545 bitcoin for their troubles, which is probably less than £100.
The vulnerability has allegedly come from the Find My iPhone service, and used brute-force, which is when malicious script is run repeatedly until it cracks the passwords. The flaw seems to have been patched but it’s still up for debate.
The photos span from Dec 2011 to this month, so another theory is that one hacker had been gathering the photos for a while and then another hacker ‘popped’ their machine and grabbed them, in some hacker-on-hacker action.
How did they worm their way in?
Some theories suggest that it was mostly a clever combination of guesswork, piecing together social information, and using ‘Forgot my password’ routes. Apparently J-Law had mentioned something about using iCloud in an interview, and also something about her address which contained a keyword, which is a big no-no. Sometimes it’s as simple as being seen in public with an iPhone, which indicates to the world that you’re on iCloud. Similarly, it could be a spear-phishing attack, where high profile people are targeted with tailored scams because more is known about them.
Sources seem pretty conflicted at the moment though. Out of those that are blaming iCloud, some are saying that Apple has patched the flaw but some aren’t sure. Others are saying it couldn’t have been iCloud because the way that the password protection kicks in wouldn’t give hackers time to download all the photos. Whatever happened, the consensus seems to be that Apple could have tried harder to protect its customers (assuming it was Apple of course…)!
Luckily the FBI is investigating as everyone seems pretty confused, and until then, anyone sharing the pics online could have charges pressed.
How can you protect yourself?
What’s clear is that we need to be more careful about our personal information, especially as we keep all kinds of things in online storage, often with multiple people across the same accounts.
There are lots of ways to get at your sensitive information, so it’s important to protect all your accounts – including things like iTunes, for example, that you might not always think about – with strong passwords and the highest social media privacy settings: if your Facebook page is wide open, and your birthday or phone number is visible, you can fo’ sho’ be hacked with the information.
If it’s easier to hack into one of your accounts, and you use the same password across multiple sites, than you’re in trouble there too. Encrypt data before storing it in any location if it’s personal or sensitive, and using two factor authentication can also help – or just don’t sync photos and other sensitive things to iCloud or online storage if you’re still nervous.
The word on the street is that most people shouldn’t be worried because the motivation was for ‘high value’ celebrity accounts – and no one cares about seeing the rest of us in the buff – but there’s still no time like the present to start practicing good security habits.
If you have any questions about the security of your solution at UKFast, take a look at our website, call us on 0800 045 4945 or contact your account manager.