Today CNET, among other outlets is reporting that the man behind the “CelebGate” ( AKA, “The Fappening” phishing scam that lead to the release of nude photos of celebrities, was sentenced to 18 months in prison. 36 year old Ryan Collins used phishing, a technique to surreptitiously obtain information by posing as a legitimate company or person, to obtain usernames and passwords from unwitting victims. He then used this information to access services such as iCLOUD to obtain the pictures. Him getting caught and convicted is a great thing, our system worked. The question that I pose is what have the rest of us learned, how many secrets do we have hiding in our email and online storage/backup accounts?
One of the biggest, chinks in the armor of online storage is the user. Many people simply are uneducated or willfully ignorant of the risks that online storage can pose. Many users have no idea that those nudes they snapped are being automatically synced to their storage, frequently set as a default option on many phones. Maybe they have emails they sent or received that contain sensitive information and they deleted them but forget that they may stay in archive or trash. It is often preached that if you don’t want something to get out, don’t take the pic in the first place, and certainly don’t upload it anywhere.
Companies have made many strides in recent years in regards to protecting customer data. Introducing various encryption schemes, more complex password requirements and multi factor authentication to name a few. The problem is that the average internet doesn’t understand how these systems protect them, nor do they understand the potential flaws in the system. In addition to that we live in a world where speed is king, we want to accomplish tasks as fast, and in as few steps as is possible. Things like 2FA, CAPTHA and the more secure types of encryption require extra steps that are inconvenient.