I first reported to you about a major hacking of nude photos of celebrities on September 2, 2014. At that time, news of stolen nude photos and videos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Jenny McCarthy, Rhianna, Avril Lavigne, Hayden Pannettiere, Hope Solo, Cat Deeley, Kayley Cuoco, Kim Kardashian, Scarlet Johansson and others was sweeping across the Internet. The photos were taken from the Apple’s iCloud accounts of the hacked celebrities as well as their Gmail accounts. A few days ago, Ryan Collins, the hacker who had pleaded guilty to the hacking the accounts was sentenced to 18 months in federal prison.
The manner by which Collins accomplished the hacking was simple but effective. He sent spear phishing emails to his intended victims that appeared to come from Apple or Google in which under various pretenses he requested the victims’ usernames and passwords, which he then used to access their email accounts and iCloud accounts from where he stole the photos and videos. Using the same spear phishing tactics two other unrelated hackers in Illinois and Oregon also hacked nude photos of various celebrities with both of these hackers having pleaded guilty.
There are a number of lessons to be learned from this crime about how to protect your own security. You should use a unique password for all of your accounts so if any of your accounts are hacked, all of your other accounts are not in jeopardy. Make sure the password is a complex password that is not able to be guessed through a brute force attack. Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions that can permit a hacker to gain access to your email account. It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of what is your mother’s maiden name. Also, take advantage of the dual-factor identification protocols offered by Apple and many others. With dual-factor identification, your password is only the starting point for accessing your account. After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account. Had Jennifer Lawrence and the other hacked celebrities used the dual-factor identification protocol, they would still have their privacy. It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth. Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones. However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.
It is also important to resist providing your username and passwords in response to emails and text messages unless you have absolutely independently confirmed that the request is legitimate, which such requests seldom are.
Finally, for people considering looking up these nude celebrity photos on line, my advice is simple. Don’t do it. Ethically, it is the wrong thing to do. However practically speaking, it also is too risky an activity. You cannot trust any email, text message or social media posting that promises access to these photos and videos. Many of these will be laced with malware and you cannot know which ones to trust. Trust me, you can’t trust anyone. In addition, identity thieves set up phony websites that promise to provide these photos and videos, but instead install malware on your computer when you click on links in these websites. Identity thieves are often adept at search engine optimizing so a phony website might appear high in a search from your web browser. Merely because a website turns up high in a search engine such as Google does not mean that the website is legitimate.