Cyber attackers recently posted nude photos of a number of celebrities, most notably Jennifer Lawrence. The hack set the media ablaze and sparked widespread victim blaming. Many media personalities said that if celebrities didn’t want intimate photos leaked, they shouldn’t take them at all. Those who are calling for an “abstinence only” approach to sexually explicit photos are missing the larger point.
The vulnerabilities that allowed hackers to obtain celebrity photos could also allow access to photos of families and their children. The real question isn’t whether people should snap nude photos; the question is whether anything is safe in the cloud. Fortunately, with a few simple precautions, most people can keep their images safe.
How the Hack Occurred
An image forum called 4chan was born in the early days of the Internet. By 2006, 4chan was a hotbed for hackers and child pornography. In August 23, 4chan’s own users launched a DDoS attack against the site. Many users migrated to a new image forum called AnonIB to post explicit material, including celebrity pornography and child pornography.
The FBI raided the forum’s administrators and servers, putting the site out of commission for a while. In early 2014, the forum reappeared, and users started posting again. One AnonIB board, called /stol/ board, became a meeting place for iCloud hackers. They posted about breaking into iCloud accounts and using file-retrieval software to download sensitive photos. Attackers gained access to iCloud accounts by guessing both user passwords and answers to users’ security questions. They copied photos and then shared them on AnonIB’s stolen photos board.
Here’s Where Things Get Creepy
This most recent round of celebrity photo leaks has raised serious questions about cloud computing security. However, stronger passwords and smarter security question answers would have prevented the leaks from happening. The photos were traced back to an account that went by the user name “OriginalGuy.” According to posts made to AnonIB, the users behind OriginalGuy worked as a team to obtain these photos. They viewed themselves as collectors charged with obtaining and disseminating celebrity pornography.
The OriginalGuy team stole celebrity photos, but other attackers are much more interested in things like bank account numbers and intellectual property. When someone uses the same password on both an iCloud account and an online banking account, they make themselves vulnerable to losing far more than their sensitive photos. Instead of blaming the victims, it’s time for consumers, businesses, and the media to get serious about password security. People who are especially vulnerable to hackers, like celebrities, should also start using more secure cloud service providers.
How to Keep Photos Safe in the Cloud
When consumers and businesses use a product en masse, hackers can gain a lot by attacking the product. That’s why celebrities, according to security experts, should avoid consumer-grade services like iCloud and Dropbox in favor of more advanced cloud service providers with a top-notch cloud security infrastructure. For less appealing targets like the rest of us, securely storing sensitive images isn’t too difficult. A few simple precautions should ensure that photos stay safe in the cloud:
- Picking a good password. Anyone who uses a cloud service — and everyone does, whether they realize it or not — should choose a unique, secure password for every online account. Secure passwords contain a mix of upper and lower-case letters, numerals, and symbols. “Password” is a bad password. So is “123456.”
- Using not-so-straightforward security answers. Even if someone’s favorite cat is named Fluffy, Fluffy might not be the smartest answer to security questions. Instead, users should consider more complex answers, like “FluffyLives1808” or something both unusual and easy to remember.
- Ensuring encryption. Encrypting files on devices and in the cloud makes them inaccessible to potential hackers. Additionally, people who enjoy sexting as part of their intimate lives can sign up for an upcoming app called Glimpse, which will encrypt messages so that only recipients can see them and then delete messages from its servers after transmitting them.
People should always remember that photos don’t just stay on mobile phones. They usually sync automatically both to the cloud and to other linked devices. In addition to taking security precautions, people should review and delete photos from iCloud. They can encrypt them and store them locally on a hard drive, USB drive, CD-ROM, or encrypted device.
Jennifer Lawrence image by MingleMediaTV from Wikimedia Commons