While the list of targeted celebrities is long and varied, they all have one thing in common – they have taken very private photographs of themselves and uploaded the images to a storage system.
Jennifer Lawrence, Downton Abbey actress Jessica Brown Findlay, Kate Upton and Kirsten Dunst have reacted with a mixture of anger and embarrassment after the photographs were leaked online this week.
Regardless of who is responsible and how they did it, the issue of cloud security is much more than the unwanted publication of a few salacious photos of Hollywood celebrities.
For some of the giants of the internet such as Google, Apple and Amazon, cloud services – hosting private data for people and organisations in a central location that can be accessed anywhere – is a crucial part of their business model. There are billions of dollars to be made from the cloud and any suggestion that it is an open door to hackers could be disastrous.
It is still not clear how the actresses’ images found their way into public domain, with the FBI now starting an investigation. But most experts are pointing the finger at Apple’s iCloud, which backs up the contents of Apple devices and stores it remotely.
In theory, only the Apple account holder should be able to use their login details for authorised access to what is being stored. In practice, it may be another matter. The technology giant’s website says the minimum level of encryption is “the same level of security employed by major financial institutions”.
One possibility is that the Apple system was vulnerable to a “brute force” attack, in which an account is bombarded with password and login combinations until the account is unlocked. In theory this could be blocked by locking an account after only a few failed attempts.
The suspect is Apple’s Find My iPhone feature, with the company issuing a security patch shortly after the news of the hacked images broke.
But given its purported levels of security, most experts say a direct hack into the iCloud server is the least likely explanation and it is more likely that hackers were able to get hold of the celebrities’ passwords.
Another route is “phishing”, where sensitive information is obtained by a person or persons pretending to be a trustworthy source, or an automated electronic response to a failed login. Some experts believe hackers may have had access to the stars’ accounts for some time, with the photographs dating back some years but also from recent weeks.
Either way, the leak raises serious questions about the risks posed by hackers to all cloud services, which increasingly store information covering anything from financial data to private health records. But it is more general worries about internet security that is driving increasing demand for cloud services, according to the global growth and strategy consultant Frost and Sullivan.
In a 2012 report, it estimated that the local market for cloud security would grow from US$8.7 million (Dh32.2m) to $73m by 2019.
Frost and Sullivan noted that while the UAE had yet to see a major switch to cloud computing, it believed the growing threat of data theft would lead to wide adoption of cloud services, particularly by bigger companies and especially those in areas such as oil and gas, banking and insurance.
Its analysts noted that identity theft through social-media sites had become a major problem in the country, with “nearly 1.5 million victims of cybercrime in the UAE in 2011”, mostly through social networking websites.
Because cloud systems were generally believed to be a more secure way of storing date, “private cloud security systems will pay dividends”, the report noted.
In its report for this year, the internet security company Symantec described 2013 as “the Year of the Mega Breach” saying that the number of security breaches by hackers was 62 per cent higher than 2012, with eight successful attacks each exposing more than 10 million identities.
Cloud computing is a service that allows users to store and access databases, storage space and application services on a remote server, usually with a small annual fee, depending on how much space is required.
It means that instead of taking up space on a personal computer, with the risk of theft or a hard drive crash, anything from family photos, to music collections, to favourite films and TV shows can be permanently kept and accessed from any computer or mobile device.
In the case of images, photos taken on one device, such as an iPhone, are sent to others, such as laptops, which share the account.
Essentially, cloud customers are given access to a portion of a very large external hard disc stored at a remote location through the internet. Instead of investing heavily in hardware, customers are able to use a certain amount of storage space, which they are able to access using any device with internet access from anywhere in the world.
Or customers, personal and business, can access software application suites that contain all of the different pieces of software that they will need to complete a certain task, such as building an app.
Servers use sets of rules – or protocols – and software called middleware to allow communication between networked computers.
Cloud computing service providers usually need at least twice the amount of space they have leased out, as they must make backups in case of breakdown, in a process called redundancy. With the cloud servers doing all the work, users do not need much more than a web browser on their computer. It also means organisations do not need to buy many individual software licences, but pay a metered fee.
Google offers Google Drive, a widely used free service that allows users with a Gmail account to create various types of documents and access them from any device once they have logged in. It also offers a limited amount of space for other files, such as photographs, with a sliding scale of fees of up to $99 a month for a massive 30 terabytes.
Its Google Cloud Platform offers a much wider selection of services, including commercial operations like Snapchat, the photo messaging service, and other app developers.
Google claims that “every file in Drive stays safe no matter what happens to your smartphone, tablet or computer”, thanks to the Secure Sockets Layer (SSL) security platform it operates on Gmail and other services.
Symantec says strong SSL encryption at 128 bits can calculate 288 times more combinations than a 40-bit encryption, which has 2 (to the power of) 40 potential combinations.
In layman’s language, Symantec says it would take a trillion years for a hacker to break into this sort of security system using brute force attacks. This type of decryption involves a computer testing every single possible key.
Google puts a great deal of emphasis on security, with its own custom-built servers having emergency backup generators and the ability to shift information between data centres.
It has state-of-the-art cloud data centres all over the world, including a $1.2 billion US data centre in South Carolina, a converted paper mill in Finland with 2,000 employees and a $150m data centre to open in Chile this year. The data is distributed among different locations, divided into smaller chunks of data and protected by randomly generated names.
It has a 24-hour security team who maintain defence systems and continuously upgrade and develop them. There are physical guards at the data centres and fencing around them.
Urs Hoelzle, the head of Google’s Technical Infrastructure team, believes that Google “has a latent advantage” when it comes to competing for speed, efficiency and price. “One day, this could be bigger than ads. Certainly, in terms of market potential, it is,” he says.
According to Wired magazine, in an analysis published this year, the information technology market stands at $600bn, with some projections that cloud computing will account for 20 per cent of this by 2020.
Another report by MarketsandMarkets, a business intelligence service, projects that the global cloud computing market will grow from $37.8bn in 2010 to $121.1bn by next year.
At the moment the market leader is Amazon Web Services, which offers a service called Big Data, managing large quantities of data for clients and analysing them to reduce costs.
Its backup and storage service offers block storage, file storage, backup, archive and disaster recovery, while Marketplace serves as a platform for app developers and buyers.
The company’s servers are also supervised by 24-hour security and are able to move information between many locations. The customer access points allow for secure communications, through SSL Certificates, with built-in firewalls and a variety of other measures to ensure secure connections.
Meanwhile, Apple’s iCloud service encrypts data and uses tokens for authentication, with the latter replacing the need to store usernames and passwords. It uses 128-bit Advanced Encryption Standard, the same level used by the United States national security agency for its most secret data.
All of this was predicted as far back as 1996, when then Apple chief Steve Jobs told Wired magazine: “The desktop metaphor was invented because one, you were a stand-alone device, and two, you had to manage your own storage.
“That’s a very big thing in a desktop world. And that may go away. You may not have to manage your own storage. You may not store much before too long.”
With more users adopting cloud computing services for their cost, convenience and assumed security, that reality is almost here.
But for celebrities worried that the public is getting more than their usual close-up, the best solution right now might be to follow the advice of the comedian Ricky Gervais.
“Celebrities, make it harder for hackers to get nude pics of you from your computer,” he tweeted, “by not putting nude pics of yourself on the computer.”
halbustani@thenational.ae
munderwood@thenational.ae