By Narayan Sapkota
The moment I logged out, after checking mails on yahoo, my eyes took notice of the headline that screamed Celeb nudes leak after hack. My initial reaction was a blend of disgust and curiosity. Now, it isnt unusual for stars to commit such cheeky acts advertently or inadvertently for whats termed as publicity stunt. But, I sensed something different and disturbing about this. (Jennifer Lawrence couldnt be so cheap after-all!!) Apparently, there had been a massive leak of what appears to be photos and videos of celebrities (not just her) in compromising positions. So, I took the onus of looking up on the Internet, digging information and news portals, blogs and doing tons of research into this incident , which is now enlisted in the Wikipedia as The Fappening (a portmanteau of the happening, and fap, slang for masturbation) and Celebgate (a reference to the Watergate Scandal)”. Here, I present you my findings from a neophytes point of view as to the possible cause of the incident, the aftermath and the remedial measures.
Although widely assumed to be the result of an iCloud security flaw, since Apple hasnt commented on the leaked photos yet, so theres no way of knowing for sure whether the companys iCloud service was to blame. Now, for those non-techy newbies, you might be wondering what is iCloud? It is a cloud storage and cloud computing service from Apple Inc. launched on October 12, 2011. iCloud is connected with a trio of services, that includes Photo Stream, Find My iPhone and Apples password manager, iCloud Keychain. However, thanks to a vulnerability in the Find My iPhone service, malicious users a.k.a. hackers were able to ‘brute force’ a target account’s password using a glitch called iBrute, posted Saturday on GitHub by mobile security firm HackApp. Brute-force attacks consist of using a malicious script to repeatedly guess passwords in an attempt to discover the correct one. In other words, brute-force security attack is essentially a trial-and-error-way of breaking through security, allowing hackers to try out (potentially) thousands of passwords, rather than being locked out after a few tries. The iPhone itself, for instance, will lock you out for a few minutes if you try the wrong security passcode too many times in a row. But apparently Find My iPhone did not have any such limits — until Early Monday, when HackApp reported that Apple had patched the vulnerability.
This incident has raised serious questions about the integrity and security of internet storage systems. No individual and organization is immune to the loss or compromise of confidential and sensitive data. Consumer information, bank accounts’ information, employee records, credit card numbers, proprietary and trade secret information, highly confidential governmental and organizational databases, corporate passwords and intellectual property are all available for the taking if infrastructures are not properly protected. While many businesses and individuals may understand the potential threat they are often not prepared to deal with an incident, or they naively believe it will never happen to them. Many have a misguided sense of security and believe that it is IT’s problem, purely technical in nature. The reality is that everybody must be involved in readiness planning.
Considering that we ourselves could someday be embroiled in similar scandals, theres a dire need to be proactive and the first, albeit a trivial step is to create strong, unique passwords. Security firm McAfee suggests avoiding password words that include personal information, like our birthday, pets name or a favorite color, because theyre easy for hackers to guess. Also, we might want to avoid common phrases and idioms like “icameisawiconquered,” which are easier to guess. But ultimately, a long password made of words could foil hackers who have plenty of time to automatically guess all the shorter possibilities. The best measure to take then is to pick a different password for each account, we use — we wouldnt use the same key in all of your locks, and the same goes for passwords. And, if you still dont feel secure, you can ultimately resort to two-factor authentication. This login verification is like double-locking your door at night to decrease the chances of an intruder breaking in, but it takes an extra step or two to get into your account. Each time you want to log into your iCloud account anew, Apple will send a code to your phone or other Apple device. The code changes after each login attempt, so hackers need to be in physical possession of your iPhone to know the code.
Lets face it, iClouds just one of many.
Needless to say, we are putting ourselves at some degree of risk as soon as we put anything of a personal nature in a publicly facing environment like iCloud, but the other issue it alarmingly raises is the operational security of the individual and the organization. As it is inevitable that at some point our computers will be hacked, it is imperative to understand how to protect our computers from weaknesses and vulnerabilities and prevent hackers.
- Install anti-virus & anti-spyware software such as MacAfee or Norton and keep updated to prevent the likes of Trojan horse that a hacker uses to gain unauthorized access into your computer and send spam or other harmful programs
- Install a root kit remover/revealer that detects root kits installed on the system such as AFX and Vanquish. It attempts to detect root kits that have gained user-level access.
- Keep obscure, absurd, random passwords that dont have anything to do with you and change it often. Short passwords and dictionary words should be avoided. A random combination of letters, numbers and/or characters will do the trick.
- Make sure firewall settings are installed on the computer, such as Windows firewall this prevents hackers gaining access through holes in the system.
- Perform audits and check system logs to see who is attempting to access you computer.
- Ensure your operating system is kept up to date by using Windows updates as this will detect recent security holes and stop hackers from exploiting these vulnerabilities.
- Do not save passwords on devices that are accessible to others. And be absolutely sure you log out on such devices.
- Take extreme care of the contents you save/store in your devices. No one is immune from the security flaws that come alongside internet connected devices. You never know what flaws might be found later.
The author is a Business Development Officer at SoftNEP.