Keeping Private Data Secure in the Cloud
Back at the end of August, around 200 pictures and videos of over 100 celebrities, most of them female and some images containing nudity, were hacked courtesy of a breach of iCloud, Apple’s cloud services suite. By using a targeted attacks on the clients’ personal account information, especially passwords, the intruders were able to access the information and wreak havoc.
Naturally, amidst the firestorm of commentaries and reactions that followed in the wake of that data being released for public viewing on sites like Tumblr, Reddit, and Imgur, there were the inevitable questions on how could this happen, and what could people do to protect themselves from such invasions in the future?
Let’s take a look at those two questions, and see how they relate to cloud security in general.
How Exactly Did the Hackers Get In?
There’s a load of theories out there, but the most likely scenario is simply guessing passwords or tricking the “I forgot my password” feature, with possible attempts at spear phishing thrown in. Spear phishing occurs when hackers put a backdoor into a victim’s computer by means of a phishing email meant to trick the recipient.
Apple’s security didn’t help the situation, either. Apple kept letting the hackers guess passwords over and over instead of locking them out after a set number of wrong guesses. It also doesn’t help that the same user name and password is used for accessing your iTunes, iPhone, App Store, and iCloud account. You’re talking a lot of password use, so it’s only normal for people to choose simple passwords.
How Can You Be Safe?
In general cloud storage is pretty safe way of storing data. You just need to exercise some common sense and use take some fairly simple measures. For instance:
Don’t Open Strange E-mails. If you don’t know the recipient, then don’t open unexpected e-mails. Even more so, don’t click on a link from such an email if you somehow managed to open it up. Even official-looking e-mails can actually be frauds. I’ve personally received e-mails that were supposedly from my bank, even though the bank has a policy of never conducting serious business (and all of these emails claim to be serious business!) via e-mail.
Bolster Your Passwords and Security Questions. Don’t use easy to guess passwords, and make sure that your security questions are difficult, with answers only you would know. Furthermore, if you can get two-step verification, take advantage of it. Two-step verification gives you a second line of defense instead of having to rely solely on a password. It’s usually a numeric code, like a PIN, that’s normally sent to you as a text message and is valid for a limited time.
Improve Your Cloud Education. If you store information via one of the many cloud services out there, take the time to read the information. See how cloud file storage works, what the settings are, kick the tires a bit. The more you know about the tools you use, the less likely you’ll be to make mistakes with them. Knowing how your cloud service works will also enable you to spot some glaring holes in the host site’s security. If your site allows unlimited password guesses, for instance, you may want to reconsider storing private information there!
A Final Thought
One of the many reactions out there in the wake of this incident (known by names like “Celebgate” and “The Fappening”) was to say “Serves these people right for putting naked pictures of themselves on their phones!”
The problem is, people should be able to do what they want with their mobile devices without having to worry about having their privacy violated by unscrupulous sociopaths. A wise idea or no, it’s the principle of the thing; what you do in private is your business.
But the growing reality is that the mobile computing age is chipping away at the concept of privacy. You could go to a friend’s party, drink too much, make an ass of yourself, and discover to your horror that a video showing everything has been uploaded and has gone viral even before your hangover went away! That’s the age we live in. It’s a wise thing to keep in mind when you are trying to decide how much of your personal life belongs on your phone. Because no matter what measures you can take, you can only hope to reduce the risk; you can never make the risk go away completely.
Oh, and if you do insist on taking nude pictures of yourself, try to keep your face obscured. Plausible deniability is a beautiful thing.