We’ve skirted clear of this week’s leak of private photos belonging to more than 100 celebrities: while some were musicians, the story wasn’t really within our digital music industry remit.
But as more information has emerged, there’s a fascinating (but also extremely worrying, if you work with big artists) subplot about how the photos were leaked, and the considerable online forces trying to gain access to private, digital material from celebrities.
And it’s presenting a serious headache for Apple in particular, thanks to its iCloud storage service’s involvement in media coverage of the leaks. The seriousness of the situation was shown by Apple’s decision to publish a rare statement responding to the stories:
“After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet,” said the company.
“None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”
The company is advising all iOS users to turn on two-factor authentication – good advice for any web service, from Gmail to online banking – but journalists are already picking over the details of Apple’s statement.
But TechCrunch notes that Apple’s two-factor authentication does not cover iCloud photo backups and Photo Streams, which are the services being scrutinised following the leaks. Meanwhile, The Guardian has more details on the gang of hackers that has been “routinely” breaking into accounts, then trading nude photos of female celebrities online.
Whether the problem here is use of “brute force” tools to crack passwords or “social engineering” to defraud celebrities to hand over their details, it’s clear just how much online energy is going into this privacy intrusion.
Some remedies are relatively simple: security specialist Graham Cluley suggests that celebrities should stop telling the truth when asked for security questions when signing up for a digital service – “What was your mother’s maiden name / Where was your first job” etc – if those details might be easily looked up online by a hacker.
It’s important not to “victim blame” in this situation, and imply that celebrities taking nude snaps of themselves deserve to have them leaked. There’s a nasty strain of misogyny at work in the way this week’s leaks are focused on famous women rather than men, as well as in some of the coverage suggesting that if they didn’t want naked photos leaked, they shouldn’t have taken them.
Still, this week’s events are a stark reminder that any digital service used by a celebrity will be a target for cybercriminals. Many famous people have their own security staff to prevent physical threats. Perhaps the iCloud scare will lead to more also hiring the equivalent – digital bouncers? – to lock down their privacy in the cloud?