Staying Safe Online

This week there’s going to be a lot of talk about what you should and should not do with your digital device and cloud services.

In the wake of one of the most high profile hacks of personal files in recent memory, it’s easy to jump to some conclusions that nothing you can do will keep you safe. Not even being a celebrity helps! Well, I’m here to say there are some steps you can take to keep your personal information safe online.

The first thing to bear in mind with this most recent hack was that it is believed to have happened via Apple’s iCloud / Apple ID system, through a flaw which has now been closed. The accounts that were hacked all had two things in common (that we know so far – Nothing has been officially commented on):

  1. The hackers had the private email address (thus users names) for the celebrities in question
  2. The passwords were in a list of the most popular 10,000, if not all in the most popular 500 list

Email addresses get everywhere. That’s why we have spam taking up 80% of email traffic globally. There are some fairly generic steps that can be taken though to help keep the hackers at bay, so, Ms Lawrence, Ms Dunst and everyone else, I hope these help.

Tip 1: Better Passwords

The humble password has always been one of the weakest parts of any security system. From CIA servers to magic caves with hidden doors, the password has been a stopgap for too long.

The vast majority of data incursions happen when someone’s password has been revealed. Be this through phishing tactics through emails and websites or even simpler, someone guessing correctly. The latter happens in two ways; One, you’re using a predictable password that a someone who knows you could guess with ease or Two, you’re using a very generic password that has been hastily entered and thus is not very original.

Think for a moment if you will, you will have a password and there’s a good chance you use it in more than one place, unchanged. If you’re really on it with security, it may have capital letters, numbers and maybe symbols.

Now for some magic…

Is it: P@55w0rd by any chance?

If it is, sorry! I didn’t mean to scare you, but perhaps it’s time for a change! As posted in an XKCD cartoon on this site a long time ago said, ‘Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.’

At the moment, the belief is that very fast guessing is what was used in this recent attack. A piece of software took a list of email address and then tried to access a section of iCloud (Find My iPhone) by trying to log in with a list of about 10,000 common passwords. Now, this site usually stops logins after 5 incorrect attempts, but there had been fault in the site which let the program make as many attempts as it liked.

And there you have it, having a simple password that’s easily guessed by a person or software will allow access to your files quicker than you can do it legitimately!

For stronger passwords, consider using memorable words in a non standard order.

Test your password strength with How Secure Is My Password and see how your passwords stack up. (The good one contains spaces. Something many modern systems can accept.)

Tip 2: Two Stage Authentication

This may sounds very ‘spy movie’ and, well, it is a bit, but it is one of the most sure fire ways of keeping your data that’s stored on a service safe.

The idea is simple,  you have your normal username and password, but when entering it on a computer or device, you’re prompted for a code that verifies that it’s you that’s access in the account. For instance, had the attacked parties had this turned on, the hackers would not have gained access to their accounts.

To set this up for an Apple ID, follow this guide.

To set this up for a Google Account, follow this guide.

Doing this will put an extra line between you and digital theft and help keep you safe online. When you go through this process, you’ll also generate some backup ‘keys’ which are codes that you should keep somewhere safe and can should you lose them, you can generate new ones at any time.

Tip 3: Who Has Your Data?

As mentioned above, the people that had their accounts hacked had their email addresses leaked long before the photo hacking. When you trace this situation back, questions will be asked of Agents, Companies and friends about their digital security. If there has been a lapse in security by, say, someone’s talent agency, all of the personal data required for this hack could be done. Just like in the 90s/000s when newspapers would buy lists of phone numbers of the rich and famous in a bid to hack in to their voicemail messages.

When it comes to staying safe online, it’s very much a team effort, Like the Spartans who would shield the person next to him and so on, the best way to protect yourself is by protecting someone else.

Tip 4: Where Is Your Data?

“On my phone!”

Well, you’re half right. As we and our devices become more connected, the information on them ceases to exist in just one place. The Photostream function on the iOS platform is currently taking the brunt of the blame for the images that have leaked. Those images are stored on a data centre in a place you don’t know and couldn’t ever get access to without a warrant. Just like Google Drive, Dropbox and Facebook, anything you upload, no matter the privacy settings is stored on a computer you do not own and can not directly access.

Now, a lot and, I do mean a lot of people online have been calling out the people affected by this leak with phrases like “Well if you didn’t want it leaking, you should never have taken it!” and “You should never take a picture you wouldn’t want the world to see!”.

This is frankly nonsense. It’s like saying that someone’s house is going to get robbed because you had the audacity to have stuff in there! Our digital devices are our digital homes and the privacy we have in one, we expect in the other. The safety of the contents of both is the responsibility of the owner. You lock your front door to keep your things safe, the person that owns the data centre should make sure all their doors are locked to make sure someone can’t sneak in.

Round Up

To finish up, this recent hacking event has been traumatic for the people involved and take my word for it, the authorities will be hot on the heels of the people that purported it. You can’t break in without leaving digital footprints.

So, to stay safe online:

  • Pick better passwords
  • Enable two-factor authentication where possible
  • Help others stay safe online

 

[UPDATE]
02/09/2014 – 19:45 GMT – Apple have issued a statement the hack:

“We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

Source