|
I have a close friend that's a celebrity. Like the rest of us, they've got a lot of their lives on their computers, phones, tablets. They are justifiably concerned about their privacy. They came to me the other day asking me to lock down their entire lives. Home WiFi, securing their phones against theft, snooping/sniffing etc. I would imagine they want all this to be as transparent as possible. Other than using secure routers with strong passwords, making sure encryption is enabled on all PCs/Laptops at boot level(afer ensuring all are virus-free,) securely destroying all HDDs in old computers, 2FA on email accounts, making sure all iPhones have GPS and remote wipe, wipe after 10 failed PW attempts turned on, what else should I do/look into? (Noting here that cost is not really a factor) Sorry it is such a broad question, I've never had anyone ask this of me.
|
# ? Aug 20, 2014 21:31 |
|
|
# ? Mar 29, 2024 15:56 |
|
Are they a celebrity with money? Because hire a professional is a serious answer.
|
# ? Aug 20, 2014 21:34 |
|
mcsuede posted:Are they a celebrity with money? Because hire a professional is a serious answer. A decent amount, I suppose. They've told me they've got about 5k to blow on this. If that's the best solution, obviously I'm not going to trust some kid from Geek Squad, what kind of things should I look for in such a professional?
|
# ? Aug 20, 2014 21:38 |
|
Your friend, like anyone, should assume that anything done on the internet is as good as public, when it comes to a dedicated investigator. Here's one that people often miss: Not automatically connecting to open WiFi hotspots. Not only can these hotspots be spoofed for man-in-the-middle attacks, but even by just connecting to them passively, a phone can leak incredible amounts of data. Ars Technica and NPR did a joint report (Ars) (NPR). It would also be good practice to set up a password manager to help ensure that all online passwords are secure.
|
# ? Aug 20, 2014 22:02 |
|
Who'd he piss off, and through what vectors have they already hacked this celebrity? 100% of the times somebody has come screaming to me or one of my computer bros for HELP ME PROTECT MYSELF, they got involved in like loving eve drama or something. One guy gave away root on a colo on a gigabit line because he'd totally get guildmaster rank if he did so Hire a professional. If he requests to go through you, hire the pro, inflate his rates by 25% and bill your customer that.
|
# ? Aug 20, 2014 22:15 |
|
Thanks for the info, Factory Factory. Great articles. Jonny 290 posted:Who'd he piss off, and through what vectors have they already hacked this celebrity? Primarily because she is a she. The whole conversation started when we were sitting at my bar, and I noticed her phone was completely unlocked and asked her about that, and if she ever thought what would happen if she lost the phone. Which got us on the topic of all her other items. She's brought her laptop into Best Buy before for issues. Her router was set up by the AT&T guy, etc. Out here in LA, its is very tempting for BB/Apple Store techs to dump/sell clients' info to TMZ, etc for more than they'd make in a month. So, I guess a professional is the way to go, and I'd imagine she wants me to at least vet said professional to avoid the above types of situations. I'm fairly tech-savvy but not to the degree where I would know how to plug as many security holes as possible. She's smarter than your average clueless celeb, and has seen what's happened to others through their failure to at least use basic security measures. Hell, when I used to work for a firm that had 100% celeb clientele, they'd often come into the office and just hand me their old laptop as a gift when they got a new one. Completely intact. I could have made a killing selling off the content just off their hard drives, if I had less scruples.
|
# ? Aug 20, 2014 22:56 |
|
Reduce your scruples! However this seems like the kind of thing where there are real professionals and then "pros". I can also seeing this having an obscene price, far far far above $5000. And how would one differentiate? Ones that are vetted will be horribly expensive, and ones that aren't but still can do a good job... I don't know this sounds like a tough one. I guess you could just take the $5000 and do the things you said yourself, since I can pretty much guarantee there are people who would do far less for $5000
|
# ? Aug 21, 2014 16:01 |
|
It's an interesting question: I can imagine that there are lots of people who can secure your network. There are also lots of people who tell you how to use social media, without looking like an idiot/bigot. I wonder how many people can crossover and help secure all of these - isn't the standard response for network security simply block Facebook, etc from the work network?
|
# ? Aug 22, 2014 17:21 |
|
After reading this thread, I half-heartedly thought that there was potentially a very good business plan for being an expert of protecting your private digital life. Like every similar thought I've ever had, I've been surpassed by events. Hope your ladyfriend is okay, OP.
|
# ? Sep 1, 2014 09:17 |
|
Apparently don't use iCloud should be on that list!
|
# ? Sep 1, 2014 18:16 |
|
|
# ? Sep 1, 2014 22:57 |
|
If you have poor security skills maybe the best thing you could do is not give advice to celebrity friends or post about how you have either online?
|
# ? Sep 2, 2014 19:46 |
|
My understanding is the "Find my Iphone" service didn't lock Apple accounts after multiple failed attempts, so it was vulnerable to brute forcing. This was posted the day before the leak: https://github.com/hackappcom/ibrute Not conclusive that this is what was used, but a big coincidence if it's not.
|
# ? Sep 2, 2014 19:57 |
|
KS posted:My understanding is the "Find my Iphone" service didn't lock Apple accounts after multiple failed attempts, so it was vulnerable to brute forcing. This was posted the day before the leak: https://github.com/hackappcom/ibrute Not conclusive that this is what was used, but a big coincidence if it's not. This is what Apple is alleging: https://www.apple.com/pr/library/2014/09/02Apple-Media-Advisory.html Apple posted:We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved. Their advice in terms of using two-factor authentication can be applied to several other services - http://twofactorauth.org/ I would encourage using 2FA on any platform you're able to, despite the minor annoyance it may bring to the user. Also, maybe encourage them to look into sandboxed browsing - https://en.wikipedia.org/wiki/Sandboxie Obviously, you can never be fully "bulletproofed", so it kinda really comes down to making the wisest decisions you can through any digital service. Think twice.
|
# ? Sep 2, 2014 20:06 |
|
So it probably was exactly what happened then
|
# ? Sep 2, 2014 21:02 |
|
Clockwork Sputnik posted:I have a close friend that's a celebrity. Like the rest of us, they've got a lot of their lives on their computers, phones, tablets. They are justifiably concerned about their privacy. Depends on how much of an actual celebrity she is, if she is at the level that she is at a measurably higher risk of being subject to someone trying to specifically hack her, she should be wealthy enough to hire an IT security guy to work for her full time (and a PR person to fix the damage should she get hacked anyway, you can't actually make someone 'bulletproof' you can however make it difficult enough to be not worth the effort). Otherwise she really doesn't need anything more than the average joe needs, granted the average joe puts a lot less effort into security then they ought to but anyway. Generally when it comes to infosec, hackers go for the path of least resistance, and often that path goes through someone other than you, there isn't really any point to having an obscenely elaborate password to your email account if your bubble headed bleach blonde secretary gives it to the nice computer guy on the phone to 'troubleshoot' some unspecified issue. There isn't really a point to completely securing your wifi ap if somebody pays the cleaning lady 5 grand to plug a little black box into it while you are out. Securing your friends and associates generally goes a lot further for the dollar than a bunch of security equipment.
|
# ? Sep 2, 2014 23:36 |
|
These days well-known people, especially women, don't necessarily need to be wealthy to be specifically at risk from shitheads, especially when it comes to online vectors
|
# ? Sep 3, 2014 01:02 |
|
|
# ? Mar 29, 2024 15:56 |
|
Never bring any computer to a retail repair shop like Geek Squad, ever. They're notorious for fishing through personal documents for nude photos.
|
# ? Sep 3, 2014 15:02 |