Why celebrity phone hacking is really everyone’s problem

Until last week, I’d never heard of Jennifer Lawrence, still less known that she apparently had salacious selfies on her phone’s cloud account. Now, it seems, everybody in the world has the news, and apparently the stolen pictures will be made into an art exhibition. Do I care (just checking the care-o-meter here)? No.

But what I do care about is the fact that the celebrity selfie hacking scandal is everyone’s problem.

1195428087807981914johnny_automatic_card_trick_svg_medMy worry has got nothing to do with the way the public debate has been sidetracked by red-herrring arguments, all flowing from the cult of celebrity that began, in the modern sense, as a Hollywood marketing device during the second decade of the twentieth century. That’s why these pictures get targeted. Hey – get a life. Celebrity Bits are the same as Everybody Else’s Bits. Get over it. Celebrities are also entitled to their privacy and property, just like everybody else.

No – the problem is the principle of data security. Everybody’s data security. It’s an arms race, on-line and off. People store all sorts of things on electronic media these days. Medical records, bank account details, passwords. Some of it ends up in the cloud. Some doesn’t, but even home computers may not be safe. Hacking goes on all the time, often looking for your bank account. It’s a sad indictment of human nature that those perpetrating this vandalism look on it as an assertion of superiority. I believe the term is ‘owned’, spelt ‘pwned’.

Artwork by Plognark http://www.plognark.com/ Creative Commons license
Artwork by Plognark http://www.plognark.com/ Creative Commons license

It’s not going to be resolved by passing laws or codes of conduct. Some immoral asshole out there, somewhere, will spoil the party.

All we can do is be vigilant. Various services are introducing two-step authentication, in which you can’t just log on by password, you have to add a code that’s sent to your phone.

You still need a strong password. I am amazed that the most popular password is – uh – ‘password’, pronounced ‘Yes, I WANT you to steal my stuff’. Other stupid passwords include ‘123456’, the names of pop-culture icons (‘HarryPotter’) or something published elsewhere, like your pet’s name.

But even a password that can’t be associated with you has to meet certain criteria. The reason is mathematical – specifically, factorial, a term denoted with an exclamation mark. In point of fact, the math of password security gets complex, because any human-generated password won’t be truly random – and terms such as ‘entropy’ enter the mix when figuring crackability. But at the end of the day, the more characters the better, and the more variables per character the better. Check this out:

  1. Any English word. There are around 1,000,000 unique words in English (including ‘callipygian’) but that’s not many for a hack-bot looking for word matches. Your account can be cracked in less than a minute.
  2. Mis-spelt English word. Doesn’t raise the odds. Hackers expect mis-spellings or number substitutions.
  3. Eight truly random lower case letters. Better. There are 208,827,064,576 combinations of the 26-letter alpha set in lower case.
  4. Eight truly random lower and upper case letters. Even better. These produce 53,459,728,531,456 potential passwords.
  5. Eight truly random keystrokes chosen from the entire available set. Best. There are 645,753,531,245,761 possible passwords.

If you use 10 truly random keystrokes, you end up with 3,255,243,551,009,881,201 possible combinations. But even that is still crackable, given time – so the other step is to change the password. Often.

Make it a habit. And – just out of interest, seeing as we’re talking about true randomness, does anybody know what the term ‘one time pad’ means?

Copyright © Matthew Wright 2014


6 thoughts on “Why celebrity phone hacking is really everyone’s problem

  1. The problem with changing your passwords regularly is that these days there are so many to change, and it gets even more complicated if you do the smart thing and have different passwords for each account. And I’m afraid I don’t trust those password-management apps and websites. Hand over all your accounts to one service and manage it all with a single master-password. And what if that service gets hacked? Christmas coming early for the hacker?

    I think I should get a nice cave somewhere. Or figure out a way to live at the bottom of the Mariana Trench, perhaps (though if one person figures that out everyone will want to do it).

    1. The worst of it is that your own best password-creation and password-securing efforts count for nothing if the service provider is hacked. A cave sounds good about now… 🙂

  2. You are right. Data security should be everyone’s concern. Best advice is to NOT store sensitive data of any kind on the cloud. The celebrity photos had been backed up to Apple’s iCloud. What makes me mad are the people who keep retweeting and reposting the photos. They are not only showing no respect for the victims of the crime, they are encouraging hackers to up their game.

    1. It’s dismaying how disrespectful some people have been towards the victims of these crimes. And today I see reports of 5 million leaked gmail passwords. Another crime. What ever happened to genuine kindness and care? Sigh…

  3. I have different passwords for everything. It makes life complicated. I also have different PINS – and that too makes life difficult, but hopefully safer. The little I have I want to keep 🙂

Comments are closed.