“I Was Hacked!” – No, You Were Just Stupid
Media Coverage About Hacking
As a person who reads about technology news and events, I see my share of stories about account hacking and data theft. Even if you’re not a techy like I am, security incidents are so commonplace that you see articles about them everywhere. As of this writing, even TMZ which is definitely not a site for technical people has stories about celebrities being hacked:
News about online accounts being hacked is all over the place and the most recent release of nude celebrity photos has really brought some questions to my mind as far as what really constitutes hacking and how to prevent it.
The fact that the most recent obtaining of celebrity nude photos was tagged as a hack really gives people the wrong impression of what happened and it also places undue blame on Apple instead of the celebrity. People have mental images of some creepy geeky guy slipping a floppy disk into some Apple iCloud server and using some sophisticated password cracking software that he wrote himself. In reality, nothing could be further from the truth. In a Businessinsider article about the leaked photos, the individual who leaked them claimed that some of the images were ones he simply purchased from other sources. In an interview with the Wall Street Journal, Apple CEO Tim Cook stated that the celebrities’ accounts were compromised when their security questions were correctly guessed and then used to reset the passwords on the Apple servers – the same process you’d use if you had to reset your own account. They then restored the latest iPhone backup to their own iPhone. This is something that most people can actually do on their own. Last May, I wrote an article about how security questions are inherently insecure for the average person. It’s even worse for celebrities; what if the security question says, “name of the town you grew up in?” If a celebrity chooses a question like this as their security question, then a quick trip to wikipedia can give anyone on the internet the correct answer.
Saying You’ve Been ‘Hacked’ is a Way of Shifting Blame
I can’t tell you how many times I see a friend of mine on Facebook suddenly post some awkward status like, “pooping at work…” or “I like boobies!” and then a few minutes later they post a comment saying they were hacked because they left their phone unlocked or their computer unlocked and signed into Facebook. Sorry folks that’s not a hack, that’s being stupid. Saying you were hacked when something like that happens is just a way of shifting blame to someone else instead of your own stupidity. Let me repeat…
This is a hack:
This is not a hack:
How to Protect Yourself
When it comes to true hacking where a website or company server has been penetrated by sophisticated coders to steal data, there’s not a whole lot you can do as an individual user other than limiting the amount of useful data you allow to be stored in that location. The truth though is that a lot of successful security breaches are facilitated with the use of phishing and social engineering in order to obtain or reset passwords. Here are some ways to combat these methods:
- Always use secure passwords that either contain a mixture of numbers, letters, and symbols (1qaz.2wsx.3edc) or use passwords that combine at least 4 separate words (greyelephantsfromafrica). Read my complex password article for ideas on creating unique passwords that you won’t forget.
- Use something besides security questions – If a site allows you to use an alternate authentication method such as dual-factor or password reset via email, take advantage of it.
- Try to select security questions that only you could know the answer to and use different questions for each site.
- Some security questions store your answers and are case sensitive so for consistency, either always capitalize your answer or never capitalize it, but don’t mix the two.
- Never forget that everyone knows your mother’s maiden name and that the name of the town you grew up in is probably in your Facebook profile which makes these two the least secure questions you could use.
Most importantly, always assume that things on your phone including pictures, videos, music, and text messages are accessible from anywhere by anyone at anytime. If you don’t want the world knowing about it, it’s best that you just keep that stuff in your head or stuffed under your bed.