Industry Observations

So Your Nude Selfies Were Just Hacked…

If you haven’t been following the most recent news regarding a wide swath of celebrities whose accounts were hacked and private photos shared, you must have been having a lot of fun on Labor Day and I salute you.

Probably the very first thing most of the victimized celebrities are doing now is damage control – limiting their exposure as much as possible. Yes, their names are going to be put out there. Yes, it’s horribly embarrassing, but it’s also not a time to get caught up in self-pity (or self-blame): there’s work to be done. Being cool-headed and reducing the exposure will reduce the pain overall. Some people might go down the path of making examples out of the alleged perpetrators — but beware the Barbra Streisand effect. The harder you try to hide things, the more people want to see those things — like arial photos of Ms. Streisand’s lavish house, for instance.

But these events bring up an interesting point: What would you do if you were a celebrity who had dodged the bullet, but had similar incriminating photos on their computers, cell phones, etc.? More importantly, what should you be doing right now, this very minute, to make sure that anything you have posted to the cloud and want to keep private actually remains so?

First things first – locate every place that the sensitive information lives.

If it’s on a lover’s phone, an old computer that is collecting dust under your staircase, an old email account, or uploaded onto Dropbox – whatever the case may be, you need to find all of it and get an inventory of what those things are. Once you know what’s there, you have to find a way to securely delete that information. Just putting things in the trash can doesn’t work, unfortunately. Older computers have a knack for keeping lots of copies of things when discs defragment. So you need to securely wipe not only the data, but also the free-space on your computer.

Next use the “mud puddle” rule of thumb.

Ask the company that makes the system in question if there is any way to recover data after you have dumped it in a puddle of mud. If the answer is yes, you have a problem, because it means they have copies of your data and can decrypt it (if it was ever encrypted at all) and access it. Make sure that all copies are deleted and removed securely from all systems, and ask for some proof of that. In the worst case scenario, get your lawyer involved to make sure that all copies are securely and permanently deleted. You have two options with computers – either they are perfectly private and accessible only to you, or they have a high-level of convenience and availability. Choose one.

Next, remove all automated syncing to cloud-based systems.

There is no reason you should be sending all of your information to an environment that you don’t completely control. Find an IT guy to set up a private cloud instance that you can back up your computer to, and make sure you are the only one who can access that system once it’s set up if you have to store information off-site. There’s lots of precious family photos, and emails and documents that would be painful to lose. Back them up in a place that only you have access to.

Choose strong passwords.

It sounds simple but nearly every successful hack involving brute force relies on the individual accounts having weak passwords. Don’t fall for it: choose strong passwords, and make them unique. If your password for your free webmail is the same as for your critical systems that protect your nude pictures, you’re more likely to get hacked. It’s always the weakest link, so keep your passwords unique and strong. There’s a lot of password research out there that says that choosing a “passphrase” made up of several words in a row is the strongest sort of password. If you’re an actress, you are used to memorizing lines to get a part. Consider this just another script you need to memorize, but one that can protect your entire reputation. Or, even better, use “second factor authentication” – a physical token or something you have that cannot be stolen from the Internet, if your provider allows it.

Encrypt your nude selfies.

I’m not going to judge you — nude selfies aren’t bad, but they can be dangerous if you don’t encrypt them. There’s lots of encryption software out there and a great deal of it is free. You can choose something that encrypts your selfies when you’re not looking at them and decrypts them when you want to see them for some reason.

Send encrypted nude selfies.

Similar to the above, if you’re going to be sending nude selfies, make sure you do so in a way that self destructs. Software like Wickr can accomplish that for cell phones. There’s no reason to keep them around forever, and if you do need to keep them, you can always save them and re-send them later.

Don’t send nude selfies at all.

I know it sounds obvious and stupid, but once you become a celebrity, it’s really imperative to avoid sending anything incriminating or even keeping it around at all. If you do have to have it for some reason, make sure you keep it on a computer that isn’t capable of going online, so at least you can keep it compartmentalized. Systems that aren’t online are much harder to hack – and usually require physical access to your premises. This is the reason some militaries are reportedly going back to typewriters – it’s a lot harder to hack something physical without involving breaking and entering.

Pick strong secret questions.

One of the most often overlooked issues in computer security is the secret question. Most secret questions are terrible: “what is your favorite color?” Well, the chances that it’s one of a handful of colors is extremely high, and it’s even higher if you’re a celeb since no-doubt at some point someone asked you that on camera. This makes it extremely easy for someone to guess and therefore access your information. So lie and choose something else – some long string that only you know. Write it down somewhere so you don’t lose it, but keep it safe and unique – similar to passwords. Is your favorite color blue? I hope not. Is your birth date the same one that’s on IMDB? Please tell me no.

Disable everything you don’t need.

Living in LA does require you to use hands-free, and I’m sure driving down Venice Beach in your convertible sounds great, but at the same time every time you turn on wireless on your phone, or bluetooth or any additional service, you are putting yourself at greater risk. It’s all a matter of surface area, and the more things you can disable, the better.

Find a security pro.

I highly recommend you find a good security expert to analyze your life, and figure out how and where you are vulnerable. It might be something stupid and avoidable, like you leave your camera in a hotel room while you are away, or it might be something very complex having to do with configuration settings on your home Wifi. Whatever the case, you really should have someone who knows what they are doing take a look at how you live and give you practical advice on how to protect yourself.

It’s easy to blame the victims, and that’s the very last thing I’d ever want to do. I think, if anything, this just shows what a large percentage of people take nude pictures of themselves, so we can’t judge. But there are definitely a few steps people can take to avoid some of the embarrassment. For those who dodged the bullet, consider yourselves lucky; but perhaps it’s time to take your lucky winning streak and leave the blackjack table while there is still time.