Nude celebrity photo leaks: Cloud expert calls for common sense approach
After news broke of a series of leaked photos of female celebrities on Monday morning, there have been a series of developments – with one expert calling for a common sense approach to cloud data.
Ivan Harris, cloud services development director at Eduserv, explained that “things will happen” despite the best laid plans.
“Nothing is 100% secure,” he told CloudTech. “What you have to do is make best efforts and put the appropriate controls in place.
“More often than not it’s not the infrastructure that breaks down, or the security of the infrastructure. It’s normally people closer to the operations who leaks that information.”
For Harris, who has worked in software for over 30 years, it’s nothing he hasn’t seen before. With various opinion articles hitting the stands speculating over the security of the cloud, he was quick to point out the advantages, and call out the scaremongers.
“You can’t govern for absolutely everything,” he said. “Everything’s about risk appetite and balancing the cost of protecting the confidentiality of an asset versus the likelihood of that asset being compromised.
“It’s always a balancing act to be done; however, I would say that cloud services are inherently more secure than non-cloud alternatives.
“It’s just as probable that information could have been found on a CD that had been dropped in a bin, or somebody’s laptop that they’d end-of-lifed and put out to be scrapped.”
So is it a matter of education for users? Is it a case of knowing the cloud isn’t infallible?
“I think that for general cloud services, you have to make the assumption that the information could leak one way or another,” said Harris.
“It could just be user error,” he added. “You think you’re applying the right settings to make your information secure, but you’re not.
“So I think it is a matter of making people security conscious. Don’t assume that things are secure.”
This is all too salient now. According to the Independent Jennifer Lawrence, who has unwittingly become the spearhead of this leak, told a reporter: “My iCloud keeps telling me to back it up, and I’m like, I don’t know how to back you up. Do it yourself.”
Even though the source of the leaks was originally thought of as being from Apple’s iCloud, according to security experts there is evidence that Dropbox was also used.
Rumours persisted that the hackers were able to find an exploit in the Find My iPhone API to breach the iCloud accounts, although this was something the Cupertino firm denied in an official statement.
“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” the statement read.
“None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find My iPhone.
“We are continuing to work with law enforcement to help identify the criminals involved.”
Apple closed the statement by recommending users employ strong passwords and two-factor authentication. But as Graham Cluley noted in a post for Intego, this might be an issue for celebrities.
With security questions such as asking for your mother’s maiden name, or your first pet, the average user would be assured in having that information to themselves. But for celebrities, whose minutiae and humdrum remarks are splashed on a variety of sources, it could become a goldmine for hackers.
For Harris, the leaks brought a series of regularly seen characters to the surface.
“I think some common sense has to apply, and there’ll always be the scaremongers,” he said. “As technology has evolved, there are always inflection points where technology advances and there are always the naysayers who have something negative to say about it.”
As for perceptions on the cloud itself, we like the analogy security expert Raj Samani told Bloomberg: just think of the data as being on someone else’s computer.
- » Opinion: Sorry, Europe: Data localisation is not the killer app for privacy
- » Organisations are aggressively adopting cloud – but can’t find the right security roadmap
- » Dropbox Android SDK vulnerability revealed, cloud storage provider praised for response
- » The cloud service provider and security vulnerabilities: Three steps to prevention
- » Shining a light on shadow IT - and how to ensure you get it right