PBA, Detectives, DA Condemn Newsday
(Long Island, NY) According to Reuters, Apple has released a statement indicating that the malicious hacking of the iCloud service is not the fault of Apple itself in the recent leak of hundreds or even thousands of compromising photos of celebrities; Apple has moved quickly to deny that its systems and software are not the cause of what it calls a sophisticated and “targeted attack” on its systems.
“We have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” Apple said in a statement.
iCloud is a service that allows the storing and saving of digital media as well as contact lists from phones and other Apple devices so that they can be easily reinstalled at a later date, as a backup, or after a user changes devices. The problem is that many people do not know whether it is on or off, and whether or not it is actively storing media, and if so, how much of that media or how else it may be available.
This image of Sports Illustrated shows the cover of the magazine’s 2013 Swimsuit Edition featuring Kate Upton, one of several high profile celebrities who find themselves at the center of this leak and whom could have significant and sizable rights against hackers who have leaked never seen photos of the model. Image credit to Sports Illustrated Magazine.
Users who want to tweak or even turn the feature off completely can check Apple’s official iCloud features setting tutorial. Celebrities who would have done well doing so prior to the Labor Day Weekend when all of this came about include, Jennifer Lawrence, Jenny McCarthy, Rihanna, Kate Upton and scores more.
However, rather than Apple taking the brunt of the blame for faulty software or systems, their statement indicates a vulnerability specifically with passwords and security questions but security experts say the incident is likely due to a compromise from something called a “Brute Force Attack”; a process that allows hackers to generate thousands of log in attempts with multiple username and password combinations until one hits and unlocks the keys to the castle, so to speak.
According to the Washington Post, Security expert Nik Cubrilovic has been highlighting multiple vulnerabilities with the iCloud service since news of the leak hit just days ago.
Apple finally blocked this IP address from hitting access.apple,com. Took long enough.
— nik cubrilovic (@nikcub) September 2, 2014
Cubrilovic further noted that this is about more than just photos, noting texts, address books and more were also accessible. Mr Cubrilovic told the The Sydney Morning Herald victims’ calendars, text messages, address books and any notes stored on their iPhones were also likely accessed by the hackers, but not published he stated. According to Cubrilovic, this hack, and others like it were and are more than likely not meant for the public eye as many of these break-ins are targeted at underground markets where “data is stolen and rarely shared with the public,” he said.
To muddy the waters even further, it was also suggested that users were likely duped into proving information from a process called ‘phising’, where an email is sent and designed to look like an official email from an official service a user is familiar with but is fake and intended to get a user to enter the answers to security questions they have set up previously. With these details unwittingly revealed, hackers are free to use these answers to gain access to ‘lost passwords’.
For the time being, specific answers to the leaks will be speculation at best, Apple routinely suggests users enable two-factor authentication on accounts – but even that is being deemed mediocre at best by technology hub tech-crunch. “Even if all of the people who have had their photos compromised had two-factor enabled, their iCloud backups and Photo Streams would still be accessible.” the site points out.
So apparently, at this time, and for the foreseeable future, the best way to ensure your naked or compromising photography do not make it into the public eye is to not take them in the first place; and if you do, if you feel the need and must photographically document yourself and or your partner in the flesh, use a Polaroid camera, because once these images are digitally released, there is very likely to be no getting them back.