Smart cloud-based storage technologies such as Apple’s iCloud, Google’s Drive, Dropbox and many others available out there have become part of our daily activities, both in our personal and professional lives. It is certainly very convenient to have all your files stored somewhere “in the cloud” and accessible from al the devices connected to the Internet (well, literally any device – everything is hooked up to the web nowadays – right?) It is certainly a great technology that makes our life so easier, but in the euphoria of excitement we maybe forgot about one of the major issues with “clouds” – their security. The area where most of the consumer-oriented cloud-based storages is still very vulnerable.
On August 31, 2014, a collection of almost 500 private pictures of various celebrities, mostly women, were posted on the 4chan image board, and later disseminated by other users on websites and social networks. The images were believed to have been obtained via a breach of Apple’s cloud services suite iCloud, but it later turned out that the hackers could have taken advantage of a security issue in the iCloud API which allowed them to make unlimited attempts at guessing victims’ passwords. On September 20, 2014, a second batch of similar private photos of additional celebrities was leaked by hackers. Less than a week later, on September 26, a third batch was also leaked.
The leak prompted increased concern from analysts surrounding the privacy and security of cloud-based services such as iCloud—with a particular emphasis on their suitability to store sensitive, private information.
Apple reported that the leaked images were the result of compromised accounts, using “a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet”.
In October 2014, the FBI searched a house in Chicago and seized several computers, cell phones and storage drives after tracking the source of a hacking attack to an IP address linked to an individual named Emilio Herrera. A related search warrant application mentioned eight victims with initials A.S., C.H., H.S., J.M., O.W., A.K., E.B., and A.H., which supposedly points to stolen photos of Abigail Spencer, Christina Hendricks, Hope Solo, Janette McCurdy, Olivia Wilde, Anna Kendrick, Emily Browning and Amber Heard. According to law enforcement officials, Herrera is just one of several people under investigation and the FBI has carried out various searches across the US.
A more recent incident happened in the UK, where one of the major tabloids reported that it was offered private images featuring the Duchess of Cambridge’s sister Pippa Middleton. It was said that the images also feature Duchess’s children, Prince George (the future King of England) and Princess Charlotte.
The Police are investigating the case, their main lead being iCloud account hack. It is also said that the leak includes approximately 3000 private photographs that were stored on Pippa Middleton’s iCloud account.
As you can see from the facts and the events described above, cloud-based storage solutions are certainly not the most reliable data storage solutions. They are very flexible and accessible from any device, but it is important to keep in mind that sometimes they may be accessed by unauthorised parties, that may use sensitive and private information against its holders.
One of the reasons why offline data storage is still used today is that some information sources are containing data that should be stored offline due to security reasons. Private images, spreadsheets with secret data, classified investigation files and many other kinds of sensitive information will never be accessed by any hacker in the world if it is stored on optical disc that is locked down in the safe. There is no way it could be accessed, unless the disc is in physical possession of the person that wants to access the data. And physical access to the information is easier to control.