Actu
Lieberman Software: ’Hackerazzi’ case highlights advantages of secure email - even for non-celebrities
October 2011 by Lieberman Software
Commenting on the conviction of an alleged hacker who has reportedly cracked into the mailboxes of several celebrities, Lieberman Software says that the ’hackerazzi’ case is interesting as the majority of celebrities concerned were using Apple as their email service provider.
Philip Lieberman, president of the data security specialist, said that, as well as using Apple as their email service provider, some celebrities are also apparently using free/consumer grade email systems from the likes of Google and Yahoo.
"This story highlights the clear trade-off that exists between the security and convenience of these free email systems - along with the relative ease with hackers/cybercriminals can reset the account passwords using information sourced from the many celebrity sites that exist on the Internet," he said.
"The old adage that you get what you pay for seems to apply here, as few free services provide any feedback to the account owners on an invalid login attempt, let alone the number of invalid logins that have been tried by persons unknown," he added.
The Lieberman Software president went on to say that the free email service also provides little or no control over what devices can access the email data, nor provide any publicly available audit data.
All of this, he says, is against the backdrop of the agents and studios of these celebrities generally using commercial and secure email systems for their transactions, since they tend to understand the limitations and risks of using consumer grade email systems and services.
The use of commercial and secure email systems, adds Lieberman, is due to the fact that agents and studios frequently handle commercially sensitive contracts, as well as scripts for new movies and other forms of entertainment.
If the script for the upcoming James Bond movie - which reportedly includes James Bardem as the villain alongside Daniel Craig in the title role - were to be hacked on a free email service, a multi-million dollar lawsuit would undoubtedly be the result. This is the other side of the security/cost/convenience scale, he explained.
And with these commercial email systems, he says, no amount of publicly-available information will normally allow a third party - whether s/he is a hackerazzi or a plain old cybercriminal - access to a password reset process, as the audit and security safeguards of pay-for commercial systems are usually quite watertight, and requiring James Bond-levels of subterfuge to even begin to attempt a cracking attempt.
"The lesson that can be learned here is that free and publicly available consumer grade email systems that are easy to use, ubiquitously available from any device at any time and from anywhere - and do not need an IT department to monitor/maintain them - are simply not designed for secure communications," he said.
"The bottom line is that, if you value the security and privacy of your email, you need to consider that investing in a private and secure email service is a reasonable trade for the integrity - and security - of your messages and their attachments," he added.
"It’s worth noting that, whilst I don’t condone the actions of the alleged hackerazzi concerned, I think the 121 year prison sentences are disproportionate to the sociopathic behaviour that the gentleman concerned is said to have displayed. I also think that the FBI’s time might be better served in tackling the ongoing problem of criminal botnets and overseas scams that exist on the Internet."
