Scam of the day – March 18, 2016 – Guilty plea in celebrity nude photo hacking

I first reported to you about a major hacking of nude photos of celebrities on September 2, 2014.   At that time, news of stolen nude photos and videos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Jenny McCarthy, Rhianna, Avril Lavigne, Hayden Pannettiere, Hope Solo, Cat Deeley, Kayley Cuoco, Kim Kardashian, Scarlet Johansson and others was sweeping across the Internet. The photos were taken from  the Apple’s iCloud accounts of the hacked celebrities as well as their email accounts.  Now the U.S. Attorney for the Central District of California has issued a press release indicating that Ryan Collins has agreed to plead guilty to a felony violation of the Computer Fraud and Abuse Act admitting responsibility for the hackings.

The manner by which Collins accomplished the hacking was simple, but effective.  He sent spear phishing emails to his intended victims that appeared to come from Apple or Google in which under various pretenses he requested the victims usernames and passwords, which he then used to access their email accounts and iCloud accounts from which he stole the photos and videos.

TIPS

There are a number of lessons to be learned from this crime about how to protect our own security.  You should use a unique password for all of your accounts so if any of your accounts are hacked, all of your other accounts are not in jeopardy.  Make sure the password is a complex password that is not able to be guessed through a brute force attack.   Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions that can permit a hacker to gain access to your email account.  It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of  what is your mother’s maiden name.  Also, take advantage of the two-factor identification protocols offered by Apple and many others.  With two-factor identification, your password is only the starting point for accessing your account.  After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account.  Had Jennifer Lawrence and the other hacked celebrities used the two-factor identification protocol, they would still have their privacy.  It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth.  Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones.  However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.

It is also important to resist providing your username and passwords in response to emails and text messages unless you have absolutely independently confirmed that the request is legitimate, which such requests seldom are.

Finally, for people considering looking up these nude celebrity photos on line, my advice is simple.  Don’t do it.   Ethically, it is the wrong thing to do.  However practically speaking, it also is too risky an activity.  You cannot trust any email, text message or social media posting that promises access to these photos and videos.  Many of these will be laced with malware and you cannot know which one’s to trust.  Trust me, you can’t trust anyone.  In addition, identity thieves set up phony websites that promise to provide these photos and videos, but instead install malware on your computer when you click on links in these websites.  Identity thieves are often adept at search engine optimizing so a phony website might appear high in a search from your web browser.

 

Scam of the day – November 25, 2015 – Gigi Hadid being blackmailed after apparent hacking

Victoria’s Secret model, Gigi Hadid is reportedly being blackmailed by hackers who allegedly stole photographs of her  from her iCloud account and are threatening to make them public unless she pays a ransom.  Hadid has indicated that she has no intention of paying anything to the hackers.  This case brings back memories of the hacking and release of nude photos of a number of celebrities including Jennifer Lawrence, Kate Upton and Kim Kardashian in September of 2014.  Although presently it is unconfirmed whether her iCloud account actually has been hacked and, if so, how it was done, it is helpful to look back at how the celebrity iCloud accounts were hacked last year.  Using the “forgot password” link on Apple’s iCloud, it appears in many instances, the hacker answered the security questions and was able to reset the victims’ passwords and gain access to their iCloud accounts.  In other instances, the phones were hacked directly from where the photos were stolen.

TIPS

There are a number of lessons that we all can learn from how easy it was for hackers to gain access to someone’s iCloud account.  And to paraphrase Shakespeare  the fault is most often not “in the stars,” but our own responsibility.   All of us can be targets of hacking and we need to protect ourselves.  You should use a unique password for all of your accounts so if any of your accounts are hacked, the rest of your accounts are not in jeopardy.  Make sure the password is a complex password that is not able to be guessed through a brute force attack.  Check out my book “Identity Theft Alert” for advice as to how to pick a secure and easy to remember password.    Also, even if you are not a celebrity, you would be surprised how much information is available online about you that can be used to come up with the answer to your security questions.  It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of  what is your mother’s maiden name.  Also, take advantage of the dual-factor identification protocols offered by Apple and many others.  With dual-factor identification, your password is only the starting point for accessing your account.  After you have put in your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account.  Had Jennifer Lawrence and the other hacked celebrities used the dual-factor identification protocol last year, they would still have their privacy.  It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth.  Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones.  However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.

Scam of the day – September 20, 2014 – New nude photo scam

On September 2nd I told you about stolen nude photos and videos of more than a hundred celebrities including Jennifer Lawrence, Kate Upton, Jenny McCarthy, Cat Deeley, Kayley Cuoco, Scarlet Johansson and others being posted on the Internet on websites such as 4Chan.  Now nude photos of Kim Kardashian, Vanessa Hudgens and Hope Solo were again put up on 4Chan and Reddit and becoming a prominent topic on Twitter.  In response to the tremendous amount of criticism that 4Chan received over the Labor Day posting of the celebrity nude photos, 4Chan changed its policy on copyright infringement and consistent with its new policy promptly had the new nude photos removed from the website.   Reddit has also removed the photos.  These new photos were probably obtained in the same manner and even, perhaps by the same hacker involved in the massive Labor Day release of celebrity nude photos.  Although the exact manner by which these photographs and videos were hacked and stolen has still not been definitively determined, Apple has strongly indicated that the problem was not a flaw in iCloud security and that is probably accurate.   Anyone who is able to get someone’s email address and password would find it easy to gain access to that person’s iCloud account and download the photographs and videos.  Obtaining an email address is a relatively easy task for any hacker and passwords can be obtained either from other hacked devices or by, as often is the case, by using the “forgot password” link on Apple’s iCloud, as with other accounts.  The answers to the security questions used to obtain the password through the “forgot password” function are generally easy to find for celebrities whose personal information, such as where they went to high school or other information used in security questions is easily found online.

So, I will again ask the question that I asked first on September 2nd, what does all of this mean to you?

This hacking presents two separate problems.  The first is that identity thieves will be taking advantage of the public’s interest in these photos and videos.  You will be receiving emails, text messages or social media postings with links that promise to bring you to these stolen photographs that will download keystroke logging malware when you click on the links.  Once this malware is installed on your computer, smartphone or other portable device, your personal information will be stolen and the information will be used to make you a victim of identity theft.

The second problem is the same problem faced by the celebrities whose accounts were hacked.  How do you keep your accounts secure?

TIPS

Don’t give in to the temptation to view these photos and videos online.  Ethically, it is the wrong thing to do.  However, it also is too risky an activity.  You cannot trust any email, text message or social media posting that promises access to these photos and videos.  Many of these will be laced with malware and you cannot know which one’s to trust.  Trust me, you can’t trust anyone.  In addition, identity thieves will be setting up phony websites that promise to provide these photos and videos, but again will only end up installing malware on your computer when you click on links in these websites.  Identity thieves are often adept at search engine optimizing so a phony website might appear high in a search from your web browser.  As for Kim Kardashian, if you believe you need to see nude photos of her, you can easily find photos she took for a Playboy Magazine spread a few years ago on the official Playboy website.

As for securing your own account, you should use a unique password for all of your accounts so if any of your accounts are hacked, all of your other accounts are not in jeopardy.  Make sure the password is a complex password that is not able to be guessed through a brute force attack.  Check out my book “Identity Theft Alert” for advice as to how to pick a secure and easy to remember password.    Also, even if you are not a celebrity, you would be surprised how much information is online about you that can be used to come up with the answer to your security questions.  It is for this reason that I advise you to use a nonsensical answer to your security question, such as the answer “Grapefruit” for the question of  what is your mother’s maiden name.  Also, take advantage of the two-factor identification protocols offered by Apple and many others.  With two-factor identification, your password is only the starting point for accessing your account.  After you have inputted your password, the site you are attempting to access will send a special one-time code to your smartphone for you to use to be able to access your account.  It is also important to note that merely because you think you have deleted a photograph or video from your smartphone, that may not be the truth.  Smartphones save deleted photographs and videos on their cloud servers such as the Google+service for Android phones and the iCloud for iPhones.  However, you can change the settings on your smartphone to prevent your photos from automatically being preserved in the cloud.