Once again, the tabloids are having a field day with stories about nude photos of celebrities stolen by hackers and spread across the Internet. Despite what some B-list celebrities are saying, it isn’t blaming the victim to point out that if you don’t want compromising photos of yourself spread all over the Internet, then it’s best not to store them in a public digital archive accessible to hackers — or at least to take some simple steps to protect them.
Whether you want to protect nude photos, or protect your reputation from identity thieves and hackers, consumer Cloud storage sites like iCloud, Dropbox, and Google Drive are obvious targets for hackers.
But even if you use a public Cloud storage site, there are easy-to-use tools and techniques that can keep you from becoming a victim. It starts with selecting the most secure storage system available. There are services like Box that are just as easy and inexpensive to use but much more secure because they encrypt files when they are stored.
Personally, I store my photos on an external drive that cost about $75 and has a terabyte of storage space. It backs up photos, video and music files twice a week freeing up space on my laptop and desktop and making sure that my media files aren’t lost in a hard drive crash. I use Box for off-site storage of my documents and other data.
Don’t Make it Easy for Hackers
Many of us make things all too easy for hackers. Public Wi-Fi, for instance, isn’t for private information. Use that free Wi-Fi at Starbucks or the airport to watch funny videos or keep up with your friends on social media — but don’t use it to pay your credit card bill. It’s much easier for a hacker to get into a public network than a more secure network — and with a public Wi-Fi system, you have no idea how secure it is.
Another simple way to make life harder for hackers is not to save your sign-in details and passwords on your hard drive — especially not on a laptop, smartphone or tablet. Mobile devices are much more likely to be lost or stolen than desktop systems — so why give the thief a free pass to all of your online log-ins as well as your hardware?
Last, but not least, take care when you’re clicking on a link shared by someone you don’t know, or don’t know well. Hackers who get access to someone’s email address usually get access to their address book, too — so if you get an email from someone you weren’t expecting to hear from, or if the subject seems off, think twice before clicking on any links. Even if the link is from a “trusted source”, take a second to take a close look at the link before you click. A slight misspelling in the link, or a link that doesn’t look right, is a big danger sign.
Remember that a genuine commercial website usually ends with the company name, followed by a period and one of the common extensions like .com, .biz, .tv, .me, .edu, etc. For instance, sites like Facebook, WordPress, IMDB, and many others allow users to create personalized pages. The personalized name will still include the company name – http://www.imdb.me/kameronbadgers or https://www.facebook.com/#!/GaylasCleaningService.
The part of the address that includes the .com, .me, .edu, .biz or other extension is the company that owns the website — so if you see a URL like http://www.amazon.freestuffyoudontneed.com, it doesn’t lead to Amazon.com — it leads to “freestuffyoudontneed.com”. Entering your Amazon.com password on that site gives someone else access to your Amazon.com account — including any stored credit card information.
The Hacker You Know
There are well-organized criminal gangs who make millions through identity and data theft, and “thrill-seeking” hackers who target celebrities for the notoriety that comes with “leaking” images or just poking through the private lives behind the public image. But the truth is that most victims know the person who hacks into their system.
In fact, the number of cases where significant others post compromising photos of their exes online is so high that revenge porn is rapidly becoming a common subject of litigation and legislation. Of course, the search for compromising photos is just one reason that exes (former lovers or spouses, friends, employees, or co-workers) attempt to access the accounts of those they are targeting.
One of the most famous cases was when reality TV star Kate Gosselin sued her ex husband Jon Gosselin after he acquired data from her computer. Dallas Attorney Shawn E. Tuma represented Jon in the resulting litigation, and he says that data breaches are becoming increasingly common in family law situations. “One spouse may go looking in a former spouse’s computer files for hidden assets, proof of infidelity, or for any kind of damaging information that might become part of a child custody battle,” Tuma says.
“It seems like common sense to aware that there might be a divorce in the works, but many people don’t take even the most basic steps to protect themselves.”
But it isn’t just former spouses or lovers who can use their knowledge of your online habits, accounts, passwords, and “security questions” to access your files. So can former employees (domestic or office), co-workers, and friends.
The best protection against the hacker you know is to keep your passwords private, and use the tools and techniques that make it harder for them to guess them. A family friend, Gayla Patterson, runs a cleaning servce here in Dallas. She’s one of the most honest people I know — the kind of person who would pick up a stack of loose hundred dollar bills, dust underneath it, and then return the stack to the exact spot where it was when she first saw it.
She says that lists of passwords taped to the bottom of laptops or to the side of a routers or modems are quite common. “I’m not a computer genius,” she added, “But I know better than that!”
Is your housekeeper or babysitter (and her boyfriend) as honest as Gayla? What about all of your teenager’s friends? Every guest at every party? Maybe — but it’s a very bad idea to write down passwords and post them where anyone who walks by can see them. Use a password management tool instead of a sticky note.
You don’t have to be a celebrity to be victimized by a hacker. A businesswoman I know lost her job after she engaged in an affair with the husband of a friend. The angry wife found an email on her husband’s phone, then used the “Forgot your password” tool to access her email, and forward compromising messages and photos to the “other woman’s” boss, family, and a lawyer hired for the divorce caused by the affair.
It’s so easy, anyone can do it. Once you have someone’s “free mail” account (Gmail or any other public email service), just attempt to log on, and follow the security prompts to change the password. Most of the standard security questions rely on biographical information that any celebrity stalker (or former friend) can figure out in seconds.
The “other woman” used used the common security question, “What was your high school mascot?” for her email account. She forgot that she had told her former friend where she went to high school, and a Google search on the school’s name quickly supplied the right answer.
The moral of this story (aside from not having an affair with your friend’s spouse) is simple: if you are going to use a free mail email address, instead of picking a security question that anyone who knows you could guess easily, create your own security question (if allowed).
If the system doesn’t let you create your own ultra-secret security question, create an answer that only you know. For example, if the security question is, “What was your high school mascot?” Instead of answering “the Eagles”, type 3@GeeLea## or something similar that uses at least three kinds of characters: numbers, letters, and special characters.
Can’t remember all those special characters? Lie.
Instead of admitting that your high school mascot was the Eagles, or that your mother’s maiden name was Smith, say that your high school mascot was a Badger (mascot of Hufflepuff House at Hogwarts), or that your mother’s maiden name is Windsor, Romanov, or Orange-Nassau. (Obviously, if you’re a well-known Harry Potter fan or royal watcher, don’t pick an easy to guess name.)
The more outrageous the lie, the better, especially if a “friend”, co-worker, or former significant other attempts to access your accounts.
Proper Passwords Protect Your Pictures
Hackers use a wide range of “cracking” tools to guess passwords. So the better your password, the less likely it is that your personal photos, correspondence, financial information, and personal data will be compromised by a hacker. The best passwords are (a) long (b) complex, with 3 or 4 different types of characters and (c) made up of words or phrases not found in a standard dictionary.
Most systems require you to have a password that is at least 8 characters in length — but longer passwords are better. Some security experts recommend passwords of 16-24 characters in length. Did you know that you can use a complete phrase as a “password”, since most systems allow spaces or underscores to separate words? A favorite quote or memorable movie line can work if you remember to include special characters. Here are some examples, but don’t use them as your new password.
W3_h@ve_N0thing_to_F3@rXc3pT_F3@r_Its3LF! (We have nothing to fear except fear itself! Standard English quote with some letters replaced by special characters.)
“Veni,_vidi,_VISA” (I came, I saw, I shopped. Words not found in a standard English dictionary because the first two are Latin, divided by underscores and punctuation marks, with other special characters at the beginning and end.)
I <3 “la ville des lumières”! (I love the “city of lights”! — a mixture of special characters and French — a language I don’t speak.)
The more unusual and complex your password, the harder it is for a hacker to gain access to your accounts. Also, make sure to use a different password for every online service you use. Yes, I know, it’s hard to remember a dozen passwords — but it’s just asking for trouble if you use the same password for your bank account and your Facebook account, or your work email and your Twitter account.
Again, there are effective, simple tools that can help you manage your passwords. Check out Neil Reubenking’s new article in PC Magazine on the best password management software tools, and pick the one that works for your needs. As Reubenking says, “In these days of hacks, Heartbleed, and endless breaches, a strong, unique, and often-changed password for every site is even more imperative. A password manager can help you attain that goal.”
Add a Single-Purpose Email Account
Something like 60% of adult PC users have an email address that they use only for junk mail — I use mine for those sites that require a “valid email address” to access content or download something. But having special purpose email addresses can be a good protection against hackers and phishing scams, too.
A phishing scam is when someone sends you an email telling you that your eBay password has been compromised and needs to be changed, or that your bank needs you to call a toll-free number and verify your online password or something like that. Of course, the email isn’t from eBay or your bank — it’s from a criminal who is “phishing” (fishing) for information that will make you the latest victim in an identity theft ring. One of the easiest ways to avoid these kinds of scams is with special-purpose email addresses used ONLY for communication with a specific entity.
I have special purpose email addresses that I use only with my bank, credit card companies, and broker — so if I get an email address as my “everyday” email address that purports to come from my bank, it’s obviously a fraud.
5 Tricks to Beat Hackers
To summarize, the five tricks recommended in this blog post to make things harder for hackers include:
Store sensitive material offline — or, if you use Cloud storage, use a service that encrypts your files when they are stored.
Use long (12-24 character), hard-to-crack passwords with 3 or 4 different kinds of characters (numbers, lower and upper case letters, special characters, and spaces or underscores).
Don’t write down your passwords or store them on your mobile devices.
Avoid using common biographical information (like your mother’s maiden name, or the name of your high school’s sports mascot) to answer security questions designed to allow your online passwords to be reset. If you can’t make up your own security question, lie.
Use different passwords for each online site, and use a password management tool to keep track of them and prompt you to change them regularly.
Four of these five techniques are absolutely free — and the last one, a password management tool, is very affordable compared to the high cost of identity theft or the other potential costs to your reputation of having your private information stolen (and potentially shared) by a hacker.
Are these five techniques a guarantee that your online data will never be compromised? No — the hackers aren’t stupid, and they constantly come up with new ways to prey on their victims. But they definitely make most of us less attractive targets.
Graphics credit: The illustrations of the faces with binary code on top was offered on Pixabay under a Creative Commons license that does not require attribution or credit.