hacker who, it is alleged, successfully breached Apple’s iCloud service and copied the photos. While some celebrities have disputed the authenticity of the images, Jennifer Lawrence and others have confirmed that theirs are genuine.
The current breach represents a serious crime and violation of privacy; I certainly sympathize with the victims and hope that the perpetrators of this crime are apprehended and adequately punished. Celebrities are people with feelings.
There are, however, several important lessons that we should all learn from this incident:
1. It is unclear whether the celebrities did not properly protect their accounts, if a vulnerability was found in iCloud or if something else occurred. But, either way, if you take nude photos, think twice before storing them in the cloud. In fact, think hard before storing any sensitive materials in the cloud. As I have stated many times, cloud providers suffer from an inherent problem: they make good targets. Hackers know how to reach the various cloud services, know that celebrities and businesses have valuable files on many of the providers’ systems and know that a single breach can potentially lead to a treasure trove of material from numerous parties. Breaching a cloud file-storage provider can be the hacking equivalent of hitting the jackpot. Additionally, there remains the risk that the security of your sensitive material is ultimately not in your hands and that if a provider is breached, its interests and yours may not align. (Edward Snowden claimed that NSA personnel would share nude images gathered by its online surveillance; regardless of the veracity of that claim, do you think a cloud provider will keep your materials from the NSA if it demands them?) So, even if a cloud provider is more professional in handling security than you are, be aware that there may be risks and that orders of magnitude more attacks may be launched trying to steal your files from the cloud than from a machine sitting in your house.
2. If you must store sensitive material in the cloud, encrypt it and, preferably, not with tools provided by, and hosted at, the cloud provider. Hackers who breach the provider may gain access to methods of decrypting if the decryption system is run by the provider. (There may be providers where this is not a problem due to the way encryption is implemented, but for others, it may be a serious risk. So consult an expert if you plan to use a cloud provider’s encryption to secure sensitive files.)
3. Make sure to properly secure any accounts that you have. Strong passwords are a must. The answers to challenge questions are almost always weak (think about it – the answer to a challenge question is a simple password about which the asker is also giving the person being asked a strong hint). If you reuse passwords remember to do so with careful consideration; a breach at one site can become a breach at others.
4. While this may seem counterintuitive, unless you are a celebrity, you need to be more careful than celebrities. Despite any laws or rights to the contrary, it seems clear that law enforcement, the media and technology vendors treat the leakage of sensitive material belonging to celebrities far differently than they do breaches of other people’s privacy. If you are using a free service, do not expect great cooperation; you may not receive it. I have been impersonated on social media and dealt with one provider who responded very quickly and another who did not respond for weeks. Within hours of the breach today, Twitter announced that it is suspending accounts that share the celebrity nude photos; do you really think that you will get the same treatment? Also, consider that the leakage of nude photos may be less likely to adversely impact the careers or relationships of entertainers than your own.
5. Make sure not to share materials online that you do not wish to become public. Security settings should not be relied upon to protect material that “must not leak,” as hackers may successfully undermine security. Learn from Kate Upton who, ironically, said in an interview earlier this month that she does not pose for nude pictures by “great fashion photographers” because “with social media and the Internet and not so great blogs and the attention like that, I don’t think that my pictures would be received in the way that I’d want them to be received. That’s why I’ve stayed away from them. I really appreciate those photos and I think those women are beautiful, but I think social media and the Internet has prevented me from putting myself out there like that.” Once stored on the Internet, images that are intended to be private may become public and may remain online forever. Of course, this also raises concerns about storage in cloud systems as well. (Disclaimer: SecureMySocial, which I founded, is producing technology that warns people if they are posting potentially problematic material on social media.)
Of course, the best place to store sensitive material is on machines not hooked up to the internet. If such a scenario is impractical, at least keep the machine secure with proper security software, encryption, passwords, etc.
One more recommendation: Even if you choose to ignore the prior ideas, if you have sensitive photos or other materials stored on iCloud, I would remove them ASAP, at least until all the dust settles regarding whether a vulnerability exists and was successfully exploited. You don’t want to find out the hard way.
No comments:
Post a Comment