Celebrity nude photo hack puts focus on Internet 'cloud'

Wednesday, September 03, 2014

Print this page Email A Friend!

WASHINGTON, United States (AFP) — If actress Jennifer Lawrence and model Kate Upton knew little about the Internet "cloud", they would not be alone, but the recent theft of their intimate photos has served as a wake-up call.

Hackers have boasted of stealing nude pictures of dozens of celebrities — including singer Avril Lavigne, actress Hayden Panettiere and United States soccer star Hope Solo.

And, while some of the pictures appear to have been faked, several A-listers denounced an invasion of their privacy after pictures popped up on anonymous online bulletin boards.

Hackers appeared to access photos stored in Apple's service called iCloud, which backs up photos and other documents from iPhones. As a result, the private pictures of the female celebrities became public and spread across social media, starting with the image-sharing service 4chan.

Apple, in its first public statement on the incident, said celebrity accounts were compromised in a "targeted attack" to gain passwords, but maintained that it found no breach of the iCloud or other Apple systems.

"Many iPhone owners are possibly oblivious to the fact that every time they take a photo, it is invisibly and silently uploaded to iCloud in the background," says computer security consultant Graham Cluley in a blog post.

The private pictures of Lawrence, Upton and others appeared to have been stored in these cloud servers, even if they were deleted from the phones or other devices used to take the pictures.

Major services like Apple's iCloud and Google Drive use encryption to secure data. But Rob VandenBrink at the SANS Internet Storm Center said a flaw in Apple's "Find My iPhone" app lacked protection against "brute force attacks" from hackers.

"And of course once an account password is successfully guessed, all iCloud data for that account is available to the attackers," VandenBrink said in a blog post.

"So no rocket science, no uber hacking skills. Just one exposed attack surface, basic coding skills and some persistence."

The comedian Sarah Silverman tweeted recently: "I got a text from apple privacy security saying my iTunes id has been compromised -- How do I know they're not the scam? Help!"

Narang said these kinds of hacks are likely to continue because many people fall for the scams.

"Users should also be wary of e-mails or text messages claiming to be from Apple support, security or protection groups. Don't click on any links in these e-mails and never send your Apple ID credentials in a text message," he said.




1. We welcome reader comments on the top stories of the day. Some comments may be republished on the website or in the newspaper � email addresses will not be published.

2. Please understand that comments are moderated and it is not always possible to publish all that have been submitted. We will, however, try to publish comments that are representative of all received.

3. We ask that comments are civil and free of libellous or hateful material. Also please stick to the topic under discussion.

4. Please do not write in block capitals since this makes your comment hard to read.

5. Please don't use the comments to advertise. However, our advertising department can be more than accommodating if emailed: advertising@jamaicaobserver.com.

6. If readers wish to report offensive comments, suggest a correction or share a story then please email: community@jamaicaobserver.com.

7. Lastly, read our Terms and Conditions and Privacy Policy

comments powered by Disqus



Today's Cartoon

Click image to view full size editorial cartoon