Tuesday, January 25, 2011
Celebrities at High Risk from Hackers
At last week’s Sunday lunch while discussing my recent post on Sarah Palin’s email hack, a friend asked me how vulnerable celebrities were to being hacked. It was quite coincidental that few hours later the face book account of the French President Nicholas Sarkozy was hacked into and posted with the message "Dear compatriots, given the exceptional circumstances our country is experiencing, I have decided in my spirit and conscience not to run for office again at the end of my mandate in 2012." This was not the first successful hacking attempt against the President of France. In 2008, President Sarkozy filed a complaint with the police following withdrawals of "small amounts of money" from his personal Parisian bank account. It is alleged that the money was used to set up mobile phone subscriptions. Interestingly the President was a victim of a mass Phishing attack, presumable a fake email linking to a fraudulent bank site where he entered his bank account and password, and not specifically targeted.
Celebrities the world over are specifically targeted due to their status, riches and fanaticisms of a section of fans. Beside compromised email, twitter, face book accounts they are vulnerable to cybersquating (where their domain name is taken over by another individual) and malicious attachments in fan mail. In a few cases celebrity accounts have been hacked through back end systems of social networks.
Celebrity’s lives are open books with a significant amount of detail about personal life and sexual preferences. This detail makes it easier for a hacker to guess passwords, answers to secret questions or send a credential stealing malware.
When a celebrity account is hacked the typical reward for returning the site to the original owner includes a demand for money, sex or nude pictures.
Recommendation for Celebrities
Celebrities who use social media like Twitter and Facebook to interact with fans, in many cases hire media firms to manage these accounts. It is important to ensure that the media firms who employ teams with access to the celebrity’s account and personal data protect its confidentiality through the use of security best practices
For celebrities who manage their own social media, it is important to recognize the heightened risk and ensure passwords used for online accounts are strong (certainly not the name of your pet dog as an answer to your secret question) and to follow safe principles while downloading Internet content or attachments in fan email. I would recommend the use of a dedicated desktop solely for updating social network sites and another for fan mail and Internet downloads.
Recommendation for Individuals
Fake celebrity sites are plentiful on the Internet. In times of a major celebrity event such as the death of Michael Jackson security experts observe a surge in fake sites with celebrity news and content designed to attract users with the sole purpose of infecting user desktops with malicious content to send spam or steal credentials. It is preferable to read celebrity news on reputed sites and restrict opening attachments in chain mails or downloading from unknown websites. Attachments range from wall papers to presentations.