Oh Phish, after Apple it’s Google

After Apple’s high profile iCloud disaster, Google is the latest cyber crime victim. In Google’s case, Russian hackers posted usernames and passwords of 4.93 million Google accounts to a Russian bitcoin forum.

Now, there’s some good news and some bad news. The bad news is that somebody got their hands on nearly 5 million Google users along with passwords and made them public. The good news is that even if your Google address is on the list, the password maybe too old to merit much concern (i.e. the user might have changed his/her password at some point). 

The Russian technology blog, Habrahabr, has a theory that the leaked addresses and passwords were most likely compiled through phishing scams, people using weak passwords and other common mistakes new Internet users make; not as a result of a hacked Google server. Similar databases of email addresses and passwords from Yandex and Mail.ru, two popular Russian- language services, were also made public this week.

Many online news sites got in touch with Google regarding this debacle. In a statement sent to TIME Online, Google said it had “ no evidence that our systems have been compromised.”

 “The security of our users’ information is a top priority for us,” the statement reads. The company added that whenever it is alerted that an account may have been compromised, “then we take steps to help those users secure their accounts.” 

 If you want to check whether your account is included in the leak, you can head to “isleaked.com” and enter your email ID. We would ideally not recommend this as email addresses can be accumulated and used for spamming. The best solution would be to keep changing your passwords periodically, irrespective of whether your Google ID is or isn’t on the list.

By Shaili Contractor

Blogger, Asian School of Cyber Laws

No Silver Lining in this Cloud

The world has just witnessed its latest hack; this time it’s the private photographs of some of the most famous women in the world. The biggest question we as curious Internet users are trying to understand is how has some nameless hacker gained access to the cell phones of the rich and famous. After the revelation, it was evident – iCloud.

There are millions of private photographs available online and most of us Internet users struggle to understand how the invisible hacker could have accessed Apple’s online storage service. The security breach could not have come at a worse time. Apple is scheduled to launch the iPhone 6 on September 9, along with a new OS for its Macs and a smart watch; all of which are likely to have features linked to iCloud.

In its statement, Apple maintains that the theft of nude celebrity photographs did not occur because of any breach in the Apple system, including iCloud. Apple says, however, that certain celebrities were the subject of targeted hacking attempts that focused on revealing their usernames, passwords and security questions, a common technique across the web.

The cache of images began circulating on the night of Aug 31 2014 and is said to include nude or partially nude photographs of Jennifer Lawrence, Kirsten Dunst and Kate Upton, amongst others.

Apple says that it is “outraged” by the theft and has begun investigating the issue. The statement indicates that the pictures were stolen as a result of “social engineering” or “spear-phishing” attacks. In such attacks, hackers specifically target an individual user and attempt to trick account holders into giving out their passwords and user names to break into an account.

So, it’s not just nude photographs that the victims have to worry about being accessed by the hackers; it’s their GPS coordinates, private text messages, calendars, address books, phone call logs and other data stored on their phones and backed up to iCloud. The hackers are able to extract more than just images from iCloud backups using special forensic software.

Based on media reports available online, the intention wasn’t to make the images public but a perfect opportunity to make some money by selling the pictures.

A very interesting article on the iCloud hacker identified as “Original Guy” says that he is part of a notorious image board - 4chan. Now, 4chan is infamous for putting up child pornography – anonymous hackers and online trolls being part of it. It’s online forum – Anon 1B – has had a series of FBI raids. After years of upheaval, the site reappeared this year and users continued to post.

Apart from holding vast amounts of child pornography, Anon 1B apparently plays host to a ring of skilled hackers who have learned how to obtain naked photographs of women by breaking into iCloud accounts. The /Stol/board on Anon 1B (short for stolen or obtained photos) acts as the global meeting hub for iCloud hackers. The leaked photographs weren’t the result of a single hack, but were hoarded over a period of several months by one well-connected figure in the underworld porn forums – Original Guy.

Till now, this hacker hasn’t returned to upload any more of his collection. As for Anon 1B, the site is still alive and iCloud hackers continue to sell their skills to users looking to steal naked pictures off the Internet.

By Shaili Contractor

Blogger, Asian School of Cyber Laws