I was reading on Yahoo News today that the hacker who broke into various celebrities’ email accounts like Scarlett Johansson, Mila Kunis and Christina Aguilera was ordered to appear in an LA courtroom in November.
The accused defendant, Christopher Chaney, hacked into their email accounts and posted several sensitive photos of them online.
I don’t know about you, but when I hear the words “hacked” I think of something really high tech with a computer user using skills that I don’t possess in order to get into someone’s machine – like exploiting Unix server’s core dumps, or using encryption breaking software, or something similar.
Yet Chaney’s methods were not particularly complex. All he did was the following:
Looking through these techniques, none of it is particularly complex. Any of us reading this blog post could do it. You don’t need any hard core hacking skills to pull it off, you just need to guess someone’s email account alias and then spend a little bit of time searching the Internet for the answers.
The weak point in this are the security questions. Some websites have a list of questions that are too simple to guess. In reality, the best method is to allow the user to define their own set of security questions with answers that are super secret (such as who was the kid that sat next to you in 3rd grade math?).
It’d be nice if more websites allowed that. Almost none of them do.