Friday, September 5, 2014

Hacking other's account is not art but a crime

The famous Spanish artist Pablo Picasso said "Art is washing the dust of daily life off our souls." So the artist XVALA has decided to dust off the lives of model Kate Upton and actress Jennifer Lawrence. On October 30, he will display their nude photos at the art show "No Delete" in Los Angeles. None of these two women posed for him, but he will take advantage of the photos stolen and made public on the Internet a few days ago by a hacker who broke into their iCloud accounts.

Wired magazine revealed that one of the tools used by individuals who compromise accounts such as iCloud ones is Elcomsoft Phone Password Breaker, originally designed to make easier the work of law enforcement agencies. The main function of this software is to download backups from the victim’s iCloud accounts, although attackers must have his access credentials to be able to do it.

So… how do hackers managed to get the usernames and passwords of celebrities? According to Apple’s boss, Tim Cook, they might use phishing techniques or answer their security questions correctly, never due to a breach on iCloud servers. Nevertheless, Cook has announced new security measures to prevent such incidents in the future. Apple will alert users by email or push notifications every time someone tries to change a password, restore data from iCloud on a new device or when accessing their account from a device for the first time.

No company wants to be in the public eye because of security problems, as happened to Apple. So LinkedIn will also reinforce its password change notification messages by informing the user of what device, browser, operating system and IP address was used to made such change and from what approximate physical address. It will also warn users about what devices and from what locations accessed to their LinkedIn account. In addition, it will allow them to close their sessions remotely.

Perhaps one day universities take example and add this type of security measures to the email accounts they they provide their students. If any of this institution has already implemented them, its students will thank it as they have been detected for sale in the Chinese online shopping platform Taobao a hundred of email accounts from 42 universities around the world.

Some people might say hacking email, iCloud or Linkedin accounts is art. But the only certainty is that it is a crime, and a quite serious one indeed. So it is to hack a server, like the one of US healthcare network Fortunately, its latest intrusion occurred on a test server which did not contain personal information or sensitive data.

Do you also think that hacking is art? Or just trickery? What is your point of view on the XVALA’s "No Delete"exhibition? Do you also think it's art or, on the contrary, pure opportunism? Tomorrow we will tell more stories related to cybersecurity, so we invite you to follow us through our social channels (find the links at the right sidebar) or here on our blog.


Post a Comment