The Student News Site of University of New Hampshire

The New Hampshire

The New Hampshire

The New Hampshire

Follow Us on Twitter

Photo leak leads to security questions

By Cameron Johnson, Multimedia Editor

The inadequacies of our technological security were brought sharply into the public consciousness this month when a massive leak of celebrity nudes were released by the Internet group 4chan.

Somehow, via actual hacking, resetting and stealing a weak password, or other nefarious means, unknown persons were able to steal the photos from many female celebrities accounts, including Jennifer Lawrence, Victoria Justice and Kate Upton.

Even days later, the Internet is still abuzz on sites like reddit, imgur, and tumblr with what’s being called “The Fappening” — internet slang for masturbation, which is also the name of the main subreddit that the pictures were leaked on.

So just how vulnerable is our data to theft from hackers?

“In terms of direct hacking of an individual computer, that doesn’t happen a whole lot these days,” said UNH Information Technology Manager Bryan Scovill.

Most of the time, students’ personal files aren’t the targets for theft, but their credit cards and private financial info are. Which is why a weak password is a juicy target for someone trying to gain access to a bank account.

“I know, strong passwords annoy everybody, [but] given how frequently accounts are cracked, it’s necessary,” Scovill said.

The main point of vulnerability however, is a student’s email address. “If your email gets compromised, that’s the end of it. If someone can gain access to your email, that’s the end of the security you have,” said Associate Professor and Chair of the computer science department, Radim Bartos.

The main problem with Internet security is not that the networks are fallible, but that humans easily forget even important information. This requires a way to get back or reset a password, and these systems can be abused. If someone has your email address, they could potentially access any of your online accounts via password recovery systems.

“It’s an unfortunate situation we have with passwords: We don’t remember them, and there is an easy way to recover them,” Bartos said. “Ten years ago you would have to call someone at yahoo to recover passwords. At this point they don’t want to man the call centers to verify that who you are. It’s all automated.”

One of the simplest ways for someone to gain access to your account is by simply having the user click on an innocuous link.

“People tend to focus on attachments, [they think] ‘Don’t open an attachment.’ The days of attachments are long past,” Bartos said. “It’s really looking at a website, clicking on a link; the moment you click on a link, you open it in a browser, that’s it. That’s all that’s needed just looking at a page.”

Once you click on that link, there is ample time for malware to have itself installed on your computer and gain access to any of your accounts.

This process is known as phishing, and it’s a very common practice on the Internet.

“We see phishing emails all the time. One of the things that UNH IT has done to try to differentiate itself from phishing mail, we never put clickable links in an email,” Scovill said.

Protection from Online Hacks

So how can students protect themselves from data theft?

“Never have a phone [or computer] without a passcode or finger print scanner,” Bartos said. “Just create a little back door, then remotely gain access. You don’t even need a lot of time [to do it].”

While a device needs a fingerprint scanner, setting up a passcode is a simple matter of going into the settings of your phone and adding one (under the subcategory of security on android and general settings on the iPhone).

Another tip from Bartos is to avoid those sites that give away “free” software, usually illegally, such as Pirate Bay or streaming sites.

“Looking at anything that’s too good to be true — money wise, if somebody sells a piece of software or content — if there is a place that gives it away for free, somebody has to pay for the service; there is somebody behind that. It’s not done out of the goodness of their hearts,” Bartos said. “It’s done for a reason, and that reason very often is to gain access to your computer. There’s a huge market for credit card numbers for infected computers.”

The best way to avoid malware is simply by keeping your systems up to date. Exploits that allow these malicious programs are often fixed quickly, but your browser will need to be updated for them to be implemented. “You want to make sure that your computer is up to date with its software; java is always a high profile attack vector, so making sure your java is up to date,” Scovill said.

You can also protect yourself using some useful apps.

“There are good apps out there or add-ons for browsers that will help protect you. Adblock Plus is one that I always like, especially now. You don’t want to fight the revenue that keeps the Internet alive, so ad block plus that lets you still view vetted ads,” Scovill said.

What Students Are Doing

I asked some students about their own Internet security habits.

“I don’t go on websites I don’t know, and I don’t do those Facebook ‘click here’ things,” junior Sara Martin said.

“Never touch a link in a twitter [direct message]. I made that mistake,” sophomore Trevor Gatcomb said.

Leave a Comment
More to Discover

Comments (0)

All The New Hampshire Picks Reader Picks Sort: Newest

Your email address will not be published. Required fields are marked *