This week, Pavel Durov spoke sharply to Apple and its “cloud” storage iCloud. Founder of VKontakte and Telegram said that iCloud “has officially become a tracking tool.” It’s all because of the information leaked to the Internet: that Apple decided not to introduce end-to-end encryption of the “cloud”, which would deprive the company itself (and hence the FBI) of access to your data. But one can hardly do without cloud storage – so our files are at risk? We figured out the history of the “clouds”, remembered the high-profile scandals and made basic rules for working with them.
Why “clouds” captured the world
Content before our eyes went online: documents, photos, notes, videos, to-do lists, music – all this does not need to be stored on the device due to the penny price of “cloud” storage. In addition, files are available from any device, and not just from one specific one. It seems like you need to enjoy the progress. But after all, people transfer their data array for storage to another place, and no matter how secure it is, it’s slightly uncomfortable from this thought.
The emergence of “clouds” without exaggeration turned the way of storing, consuming and working with content. Why wait for the movie to download, and then watch it when you can include the file in the stream? Why store gigabytes of music on your phone and keep updating lists if you have instant access to terabytes of songs? And, of course, you no longer need to shake your stick with a diploma paper or the company’s annual financial report – you always have the documents, they cannot be lost or forgotten.
But there are several nuances that do not allow you to fully trust the “clouds”. Firstly, without the Internet, any meaning disappears – this is critical, for example, during flights. Secondly, downloading files for offline work cripples the idea of a “cloud”: data begins to take up space on the device. And finally, thirdly, the security of the “clouds” is in question.
You can’t do without these services anymore: smartphones use “clouds” to store your files, contact list, device parameters and other data. On the one hand, this, again, is convenient: when changing the device, quickly get a mobile phone with the usual applications and settings. On the other hand, everything that you store in the “cloud” can crawl out to your side. And loud scandals only confirm that even celebrities are not immune from this.
SHOCK! Depraved photos of the Hollywood …
For example, one of the first mass data leaks to enter Dropbox accounts occurred in 2012, although it became known only four years later. Then on the Internet were mail addresses and passwords of 68 million users of the “cloud” service. The company reset passwords and refined data encryption algorithms. And before that, in 2010, a serious vulnerability was discovered in the “cloud” solution of Microsoft BPOS: users could see confidential information from third-party accounts. Fortunately, the gap was quickly patched.
Even the National Electoral Institute of Mexico was hit : in 2016, about 87 million voters were compromised. Among the leaked data are names, addresses, dates of birth, ID-card numbers. It turned out that responsible people negligently approached the choice of information storage, focusing on the Amazon cloud that was not sufficiently protected for such sensitive information.
But the most famous was an event called The Fappening. It happened on August 31, 2014. Hackers posted in the public domain about five hundred personal photos of celebrities. Jennifer Lawrence, Kirsten Dunst, Ariana Grande, Kate Upton – in fact, it’s easier to name who was not on the list than to list all actresses, models and singers. Images were taken from the iCloud and Google Drive cloud storage. These are some of the most popular “clouds,” because by default Apple and Google user accounts are tied to them – there are hundreds of millions of active accounts there. It is not surprising that the leak began to be discussed in two planes: simply as intimate photos of celebrities, and also in a more global sense – if celebrity files leaked to the network, then the accounts of everyone else are at risk.
It is known that at first they tried to sell the archive with pictures for bitcoins, but, apparently, there were no buyers. Most likely, the tabloids were scared of lawsuits – lawsuits involving top lawyers (and Hollywood stars are unlikely to be hired by others) and multimillion-dollar compensation could, if not sink, then seriously shake even large publications. Therefore, without finding buyers, hackers simply posted photos on the 4chan forum.
In that story, Apple got the most: first, it was speculated that iCloud had security vulnerabilities. The Cupertin Corporation almost immediately stated that everything was in order with the repository, and that the attack of the hackers was targeted, celebrities were the target. How did you manage to crank everything up? Hello to the human factor: cybercriminals used a rather primitive phishing scheme – to deceive data from their victim. Celebrities received letters on behalf of Apple and Google tech support asking for passwords to confirm security. And stars without a second thought reported information.
The drain of photographs stretched out into several waves: later on the network were pictures of Olivia Wilde, Amber Heard, Emma Watson and other stars. The main hacker, Ryan Collins, was quickly found: he received a year and a half in prison. At the same time, it turned out that he had accomplices – they were also sentenced to imprisonment. Most of all , Jennifer Lawrence spoke about the situation , which attacked not only hackers, but also everyone who studied the frames with her. According to the actress, she “as if raped the whole planet.”
New attacks on Apple
A new wave of iCloud criticism unfolded just a few days ago. It became known that Apple has changed its mind to implement end-to-end data encryption on its “cloud” service. This technology is considered one of the safest at the moment – in fact, even Apple itself will not be able to access your information. This means that the FBI will also lose the opportunity to require the Cupertian corporation to provide access to a specific record.
In general, Apple has a strange relationship with the authorities and law enforcement agencies: it refuses to crack the iPhone of terrorists, but at the same time it can open access to files on iCloud at the request of authorities. At least, there are several cases (all related to terrorist attacks) when American politicians openly criticized Apple for refusing to cooperate and for not wanting to make a universal key to access someone else’s device.
If we assume that this is not a game of reputation, it turns out that keeping confidential information on the device (without synchronization with the “cloud”) is safer. On the other hand, if you suddenly did not plan to break the law, then there’s nothing to be afraid of. In addition, of course, data leaks, but there are nuances here.
How to protect your data in the cloud
A minute of “victimization”: the stars affected by the iCloud scandal are a little to blame for what happened – which, of course, does not underestimate the guilt of hackers. Celebrities probably wore dark glasses and large hats, hid behind the broad shoulders of the guards in tinted cars, but did a lot of photos on smartphones (with automatic copying to the “cloud”) that the masses clearly should not see. Therefore, the archive that appeared in the public domain with hundreds of pictures of singers, models and Hollywood actresses seemed to be a surprise, but if in general it led to the obvious idea that publicity and fame seriously narrows the boundaries of freedom. So the first and main rule for data storage is to think about which files can be sent to the “cloud” and which ones are better on the drive.
The second point – think up the most difficult password and, if you have such a function, be sure to enable two-factor authentication. Yes, it is not always convenient, but it is really a serious barrier for attackers. A good option for storing really important data that you can’t do without is encrypted “clouds”. Many of them are focused on corporate use, but there are options for ordinary users: for example, pCloud.
Finally, regularly change passwords, go to the “cloud” from reliable access points (not public) and monitor the security of the operating system.
Nevertheless, high-profile claims of super-reliability are largely marketing. Data in almost all storages is encrypted in one way or another, different algorithms and technologies are simply used – some are considered more secure, others less. This is still not one hundred percent protection, which does not actually exist. The best thing about confidentiality was expressed by the Norwegian experts from the Norwegian Consumer Council: the only really effective way to protect your data is not to use a smartphone. The same applies to “clouds.” In all other cases, you have to agree to a miserable, but still a risk.