The backlash against "The Fappening" has shifted tone. While the two main camps of opinion can be vaguely summed up as DON'T LOOK AT THEM! and people blaming the celebs for taking the photos in the first place, now the threat of nude selfies entering the public domain has knocked at the iCloud accounts of us norms.
Yes, many people have photos on the cloud that they don't want people to see, and now the panic has set in that we're all vulnerable to hackers, never mind that those hackers don't know who you are and probably don't want to see your flabby body naked.
Fear. Fear for your nudes, people. Articles, just like this one, are being churned out warning us of the perils of having your illicit photos on the cloud. Headings like "No One Is Safe: The iCloud Breach Shows How Easy It Is To Access Your ‘Private’ Life" fly into our newsfeeds to strike abject terror into our hearts. There's loose talk of a bug in the Find My Phone feature on iPhone which allows hackers to constantly try different passwords until they're into your cloud, where they can then steal your data.
Unsurprisingly however, referring to the celeb hacks, Apple claims their systems weren't breached, releasing the following statement:
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website athttp://support.apple.com/kb/ht4232.
Wired have noted that hackers are using a piece of software sold by a Moscow firm called Elcomsoft Phone Password Breaker (EPPB)—built for spies to steal data from our phones—and combining it with something called iBrute, a password hacking software which allows people to hack an iCloud account and then download the data using the EPPB. Hackers are then posting stolen pics to the AnonIB image board, where it's thought the nude celeb pics may've originated from before they were posted on 4chan.
4chan itself is getting plenty of flack too, as the blame-game runs its course. It's always been known as a place of depravity but it's now being denounced as the root of all internet evil. Not by everyone, of course. CNN made a mockery of themselves and inadvertently turned a news report viral by inferring that 4chan was an actual person, rather than an anonymous message board. See the video at the top of this post, which in turn inspired the tweet below.
So what to do. Is blind panic the answer? Delete those selfies? Turn off auto-sharing and auto-uploading to the cloud? Flick the internet kill switch and shut it all down? Hacker supremo Nik Cubrilovic posted a long article yesterday called "Notes on the Celebrity Data Theft" where he claims "There is an insane amount of hacking going on." In the post, which The Guardian edited and also published in a slightly shorter version, Cubrilovic delves into the world of celebrity (and non-celeb) nudes and the trouser-rubbing networks that surround them:
The celebrities hacking incident seems to only be scratching the surface. There are entire communities and trading networks where the data that is stolen remains private, or rarely shared. The networks are broken down horizontally with specific people carrying out specific roles, loosely organised across a large number of sites (both clearnet and darknet) with most organisation and communication taking place in private (email, IM).
The communities’ goal is to steal private media from a target’s phone by accessing cloud-based backup services that are integrated into iPhone, Android and Windows phone devices. To access the cloud-based backup requires the user’s ID, password, or an authentication token.
Another hacker Jonathan Zdziarski has written his own post about the leak and concludes that weak passwords were likely how the hackers got in. Moving forward, he concludes that Apple can do a few things to help stop these hacks:
Ensuring that proper rate limiting and account lockout was being enforced on all APIs would have dramatically reduced the possibility of successful brute force attacks. By deploying a better version of two factor authentication, a challenge could have rendered this attack unsuccessful (for example, sending an SMS or email with a secondary authentication code when a device is restored from the cloud, or if iCloud is accessed from a previously unseen network).
He also notes that Apple might educate people better about iCloud and the way it backs up your phone. So, it seems, if it's not the NSA spying on you it's some neckbeard hacker out to get your nude selfies that you've unknowingly stored in the cloud because it automatically backs up your phone.
Back when the Edward Snowden story broke people were vaguely concerned about the breach of privacy it involved, but we kind of all knew Apple, Facebook and Google, etc were storing info on our user habits and we didn't seem to care, even though we really should have. But now, because something as personal as our bodies (or images of them) rather than just data is being stolen without our knowledge or consent, our collective concern is elevated to heightened states of frenzy.
Snowden thought we'd worry that our online activities were being monitored by the state, but it turns out what we really care about is our stash of nudes turning up on AnonIB. Maybe it's time to head into that proverbial cave in the woods and stay there.