Hacking attacks are not always motivated by money. Sometimes the cyber criminals behind data breaches can be more interested in the thrill of uncovering personal information of celebrities and the accompanying fame that such exploits bring. That seems to be the drive behind the notorious Guccifer hacker, who raided the data and documents of dozens of famous individuals during the last few months. According to CNET, Guccifer stole documents from former presidents Bill Clinton and George W. Bush, broke into the email accounts of actors Leonardo DiCaprio, Steve Martin, and Robert Redford, and was even able to lift the script to the Season 4 finale of “Downton Abbey.”
Guccifer likely gained access to these digital prizes by exploiting the way people often create passwords and answer security questions, reports Hacksurfer. The logic goes that after Guccifer was able to break into the email account of one celebrity, he would have access to that person’s contact list and their email messages, which would probably contain clues about other celebrities’ lives. That material, coupled with information readily available online about these other celebrities, gave Guccifer the clues he needed to guess passwords and to answer security questions for their accounts as well.
Furthermore, once inside a celebrity’s email account, Guccifer could have gone to other accounts they had – social media, banking, data storage, etc. – and requested a password reset. That would have triggered an email message containing the new password being sent to the victim. Since Guccifer had access to the email account already, he could then easily enter the victim’s other online accounts with the new password.
What is the lesson to be learned here? If the rich and famous are vulnerable, so are the rest of us. We all need to be continual vigilance. Start by keeping passwords hard to guess. Those containing phrases take the longest time for a cyber criminal to brute force hack, and are actually easier to remember. Adding in special characters, such as an exclamation point and digits, make the password even more difficult to crack. You should also vary your passwords among different accounts, and change them periodically.
Maintaining multiple email accounts for different purposes offers an added layer of security. So, for example, keep one account for business, one for personal communication, one for banking, etc. With numerous accounts, if one of your email accounts is hacked, your others will ostensibly still be protected.
To help you keep track of all your passwords, you can utilize a password manager application, of which there are many. PC Magazine’s article “The Best Password Managers” is a good place to start if you’re unfamiliar with these utilities.
Finally, think carefully before you publically post online. It may be hard to find your mother’s maiden name from a Google search, but if you are friends with your mother on Facebook, a cyber criminal might be able to find her maiden name, and then have the answer to a common security question. And your pet’s name probably wouldn’t be too hard to find from a search of your Twitter tweets or Facebook posts either. This is another common security question that the bad guy could then easily answer.
Back to the trouble Guccifer has been causing for so many in the public eye. In what seems these days to be a rarity, the hacker behind the attacks may have been caught. In late January, authorities in Romania arrested a man they suspect is Guccifer. PCWorld reports the Romanian government has accused him of transferring data from the compromised celebrities’ accounts on to his own computer.