iCloudy with a chance of pictures.

iCloudy with a chance of pictures.

So, after women being already the main target of social engineering, street harassment, cyber harassment, workplace harassment, sexual harassment, or revenge porn, and all the other creepy forms of gender orientated attacks, the online world has recently assisted to the leak of hundreds of intimate pictures of celebrities, such as Jennifer Lawrence, Kristin Dunst, Rihanna and Kim Kardashian.

Well, the word ‘leak’ might not be the most suitable, considering the outlines of the situation… Theft, break-in, hacking, privacy violation, online assault or pirating are far more realistic expressions.

So what happened, really?

Someone – who I just cannot help but picturing as a disgusting and sexually frustrated slobbering pervert with no sense of civility – accessed the iCloud accounts of some targeted celebrities and disclosed their personal pictures online. 1)For those who might not be aware, the Cloud is a storage and back-up system which enables users to keep personal information. As the data is kept online, it allows users to save space in their computers, smartphones or tablets, while being able to access them from any device and from anywhere. Companies as Apple, Google, Microsoft and Amazon, just to name a few, all provide cloud-based storage.

What do all the victims have in common? Well, to start with, they all are worldly known for some reason… and all are women.

I really cannot understand why someone would be tempted to access intimate pictures of women against their consent, even celebrities, when the internet is full of websites with pictures of women who willingly or professionally display their naked selves.

It was an evident gender orientated attack, which seems to be a usual and sick practice on the Internet nowadays, intended to publicly expose and shame the victims. As far as I am aware, men are not usually targeted by such endeavours.

Anyway, the central hubs for the displaying and divulgation of the links to the pictures were the websites Reddit and 4chan. The photos then have spread across the Internet like wildfire and the case has been inimitably nicknamed as ‘Celebgate’.

This incident has leaded the public attention to an immediate question: how could attractive young women even dare to take pictures of them or let themselves to be photographed in erotic or sexual poses or situations? For a vast – and scary – amount of internet users, the victims are therefore the major culprits for their own violation. Being celebrities (or should I say women?) they should have known better than to take pictures intended to remain private or only to be shared with whoever they wanted.

On a second thought, this occurrence lead the internet users to reflect on how really private is our private information. A very legitimate concern considering the revelations of Edward Snowden, the recent data breaches news regarding American retailers, as Target and Home Depot, and the hacking conducted on Chinese hospitals’ medical record.

But the incident has put the spotlight on the online security in general. After all, it is very likely that hackers gained access to much more sensitive data than pictures and videos. And if celebrities’ accounts can be hacked, it can happen to anybody, right?

Apple denied having suffered a data security breach and insisted that none of the material was obtained from the company’s servers directly. In a released statement, it affirmed having discovered; instead, that the hacking seemed to be the result of a brute-force attack on users names, passwords and security questions.

Notwithstanding, while the poor choice in passwords and the non implementation of Apple’s two-factor authentication might have been a hinder in terms of security, the vulnerabilities on the security software were undeniable. For instance, iCloud specific backup system did not implement adequate safeguards against brute-force attacks. 2)Brute-force attacks refer to repetitive attempts to break into a user’s account by trying possible combinations of letters, numbers and symbols in order to discover the correct password.

Apple’s announcement that it will strengthen its security measures for its cloud storage platform iCloud thus might not come as a coincidence. Tim Cook informed that users will receive an alert when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time. Moreover, Apple intends to broaden its use of an enhanced two-factor authentication security system.

Despite the unfortunate implications for the victims, it has drawn the very much needed attention and raised awareness – as no other incident so far – to how people share, store and secure their personal and sensitive data.

There are valuable lessons to learn from this incident. The apparent ugly truth is that if someone with the proper time, knowledge and means wants to access your personal data, they will try to and might get it if the proper security measures are not taken. So it is better to assume that nobody is safe from a similar assault.

It is therefore necessary to improve our personal security posture and implement all the available tools to prevent the success of potential future attacks.

To start with, you must be aware if you use services that automatically backup your data and choose if it is convenient for you to keep that feature on or to turn it off. If you intend to use a cloud service, choose one which will encrypt your data.

Secondly, it is very important to implement strong login credentials. A multifactor authentication and the use of a complex and unique password for each online account are usually highly recommended. You can go even further and use passphrases instead of passwords. A password manager will allow you to achieve a deeper protection. 3)The two factor authentication implies two elements: something you know and something you have. Therefore, besides the password (what you know), you will asked for a second form of identification the first time you log onto an account from a new device. It normally involves being sent a code by text message (what you have/can access).

These are some basic and well-known measures but the ‘Celebgate’ is here to remind us that everybody, and not only women, needs to take a better care of their online selves. Women might be the main target of hacking intended to publicly humiliate them, but anybody can be a target of hacking with all intends and purposes, with more or less serious and far-reaching consequences: to creepily spy on friends or family or the girl that rejected them; for ‘intellectual’ challenge; to steal services and valuable files, namely regarding intellectual propriety; to collect credit cards details or engage in other forms of credit card fraud; computer take-over; identity theft; mail hacking to disseminate spam…

Some might prefer to judge the victims and to look at their pictures. But the big picture to look at is: use whatever devices and services you want, but use them knowingly and safely. Nobody will protect you online better than yourself.

References   [ + ]

1. For those who might not be aware, the Cloud is a storage and back-up system which enables users to keep personal information. As the data is kept online, it allows users to save space in their computers, smartphones or tablets, while being able to access them from any device and from anywhere. Companies as Apple, Google, Microsoft and Amazon, just to name a few, all provide cloud-based storage.
2. Brute-force attacks refer to repetitive attempts to break into a user’s account by trying possible combinations of letters, numbers and symbols in order to discover the correct password.
3. The two factor authentication implies two elements: something you know and something you have. Therefore, besides the password (what you know), you will asked for a second form of identification the first time you log onto an account from a new device. It normally involves being sent a code by text message (what you have/can access).