BY AMBER HUNT - CINCINNATI ENQUIRER
SEPTEMBER 5, 2014
Jennifer Lawrence didn’t want you to see her naked. That’s why she hasn’t been naked in her movies. And yet, over the weekend, plenty of people spied Lawrence’s nude form anyway thanks to some thief with programming know-how and too much time on his hands.
I’m no victim blamer. Lawrence is allowed to take nude photos of herself. So is Kate Upton, Kirsten Dunst and all of the other female celebrities targeted in what’s been described as a brute-force hack. I’m not so puritanical to think that other women and men won’t follow suit and take more naked selfies, nor so optimistic to dream of a day when jerks with hacking abilities will lose interest in stealing such images.
(Just Google “revenge porn ” for nauseating proof.)
But this latest hack highlights something we all need to learn, and quickly: We have to start thinking differently about what we store on our phones and in the virtual lockbox that’s known as “the cloud.”
When my dad was young, his front door was always unlocked. People weren’t as guarded back then, and they generally felt safe. As I’ve grown, my doors have always been locked. Somewhere along the way, it became second nature.
We can argue about how sad that is – wouldn’t it be a nicer world if we didn’t feel door-locking was required to feel safe? – but surely most of us agree that it’s better to be safe than sorry.
This is what needs to happen with our online security. When my now-infant son is older, I want to feel foolish and old-fashioned as I tell him, “We didn’t used to worry much about cyber safety.”
“Until companies beef up their security processes, you have to take it upon yourself to keep your account safe, just as you would anything else in your life,” said Andrew Hebert, founder and CEO of AuthEntry , which sells multifactor authentication for $25 a year. It’s one of many products designed to help safeguard your online info – whether it be login credentials protecting your finances or the password that keeps your personal photos private.
When the celebrity hack was uncovered, it was speculated initially that a security flaw in the women’s iCloud accounts had been exploited. Apple dispelled this rumor Tuesday, announcing that it was a brute-force attack. That’s when someone basically just starts spitting out password guesses until he gets it right.
“He just sends out as many pings as (the account) can handle in one day, and eventually, without any two-step authentication or other security measures, for a password or identity credentials that aren’t up to snuff, he’s going to be able to guess,” Hebert said.
It’d be time consuming to attempt so many guesses, but this is 2014 and there’s free software for such shenanigans. By 2026, when my kid is a teenager and likely to have a phone, there will have been a million more breaches with thousands of smarmy hackers whose main purpose in life is to stay one step ahead of the latest technology.
As much as this incident is not the victims’ fault, we’d be foolish not to try to learn any lessons from this. So here we go.
- STARS ARE JUST LIKE US: THEY APPARENTLY HAVE SHODDY PASSWORDS. If you think you’re being clever by using “Password1″ or “LoveYou2″ as all that stands between you and your photos or financial information, you’re dead wrong. Those are just two of the 500 most common passwords – complete with capital letters and numerals – that hackers know to try first. Hebert said that the hacked celebrity accounts likely were vulnerable because of passwords that were way too easy to guess.
- IT’S SAFER TO ASSUME THAT HACKERS AND THEIR SOFTWARE ARE SMARTER THAN YOU ARE. It took me a single Google search to find a webpage with a list of more than 200 additional commonly used passwords. People who want your money or your photos will keep hammering your accounts with guesses. The only way you can stay safe is to either not do anything online or use passwords that they simply cannot guess. Experts recommend a combination of letters and numbers, at least one unrecognizable character, such as #, and a mix of upper- and lowercase. Don’t use combos such as your first initial with your last name followed by the number 1. C’mon, now.
- IT MIGHT REQUIRE A COUPLE OF EXTRA KEYSTROKES, BUT IT’S TIME TO USE TWO-STEP AUTHENTICATION. It’s unclear if it would have helped the starlets, but it increases your defenses if someone decides to target your account. It works by connecting your accounts to your cell phone, and any time someone tries to log into an account from a new computer, cell phone or other device, it sends a code to your phone that the person logging in has to enter. It’s still not foolproof – if someone stole your cell phone and tried to access your accounts, he’d be golden - but that kind of targeting is rare and two-step authentication adds an extra layer of protection.
- CONSIDER PAYING FOR A SERVICE TO HELP KEEP YOUR PASSWORDS SAFE. I know, that’s a bummer. But think of it this way: You already have a lock on your front door. If you’ve got valuables to protect, you’re likely willing to pay for an additional deadbolt or security system, too. You have two choices: Back away from the Internet altogether or accept that you have to take extra steps to protect yourself. The former’s becoming increasingly unrealistic, so it’s time we change how we think about online security.
As Hebert said, companies just aren’t doing enough to keep their customers protected, so it’s up to us to protect ourselves.
“The idea is to stay ahead of the next wave of breaches,” he said. “Folks need to keep themselves safe and not rely on the companies to do it for them. It’s the only way.”