Tuesday, September 16, 2014

The naked truth about celebrity photos

"We all have secrets. Some secrets are scandalous, but most are simply things we would like to keep private. Here are some lessons from the iCloud celebrity photo leak, and a way to protect secrets in the cloud.

Update September 30, 2015 Two significant flaws were just discovered in TrueCrypt, one of which could lead to complete compromise of a Windows PC. I am leaving this post active, but with the caveat that it may now be time to migrate off TrueCrypt. I have not yet used it myself, but VeraCrypt is an open-source project that took the last-known-good version of TrueCrypt and updated it, including fixing these newly-discovered bugs.

We all have secrets. They may be intimate photos. They may be financial documents. Perhaps they are records indicating a medical condition. For some they are invention prototypes, or business plans. For others they might be battle plans or defense strategies. Some secrets are scandalous, but most are simply things we would like to keep private. In my line of work, occasionally I discover security flaws that could be damaging if details leaked before the affected party has a chance to fix things. The nature of secrets varies as widely as the nature of those that hold these secrets. My point though is that we all (with the possible exception of Jim Carrey’s Fletcher Reede character) have things we would prefer not be seen by others.

The only truly safe secret is the one that is never recorded. Spy novels and Guantanamo Bay aside, the secret that only exists in your mind is pretty safe. Once recorded somewhere, there becomes a possibility, however small, of that secret becoming unveiled. If recorded in the form of a paper archive in your home file cabinet, the risk of compromise is exceedingly slim. Unless you are CEO of a major corporation, party to a divorce, or a person of interest in a crime, it is not likely someone will dig through your home office. If recorded in the form of electronic documents, photos, or video on your PC, the risk grows somewhat. Again targeted attacks are comparatively uncommon, but malware that goes after “targets of opportunity” is fairly common. The risk is not high, but it is there nonetheless.


But now we have interconnected devices that automatically sync data through "cloud" services - virtual hard drives on someone else's servers. Apple has iCloud. Google has Drive and Picasa. Amazon has Amazon Cloud. Microsoft has OneDrive (formerly SkyDrive). And there are platform-agnostic cloud providers such as DropBox and Zip Cloud, as well as backup-oriented cloud services such as Mozy and Carbonite. Information that once was confined to one PC or one network is now scattered far and wide across the Internet.

In many ways that is a good thing: all storage media will eventually fail. Paper burns. Very old paper fades and crumbles. CDs and DVDs get scratched. Hard drives crash. There is no such thing as a perfectly infallible record, hence the age-old mantra of "backup, backup, backup." New technologies make that incredibly easy. Priceless photos of my kids' childhood are automatically backed up, as are important household documents, medical records, and more. But therein lies my point: some of these things that are silently backed up are secrets - things I would like to keep private. Not because they are scandalous or inappropriate, but because they are personal.

Once I put something in the cloud, it is out of my hands. I become dependent on the policies, trustworthiness, and competence of whomever is providing that service. I am also dependent on my own understanding of the risks and of the available means to protect that information. It is my responsibility to know what is synchronized to a cloud service, and what is not. It is my responsibility to select a good password, and perhaps to use multi-factor authentication. And in some cases, that may not be enough.

In one regard, a hacked cloud account is a greater risk than most other types of accounts. With a bank account, as long as I follow some common sense practices, consumer protection laws put the liability on the bank. If my bank account is hacked through no fault of my own, eventually I will be made whole. If my social media account is compromised, chances are I can eventually regain control and say "that wasn't me." But if my cloud account is breached, I can't take back what was taken. Jennifer Lawrence can't take back the photos that were leaked (she can take legal action against those she can identify, but those photos have undoubtedly spread far and wide).

What is a conscientious person to do? Cancel all cloud accounts and go back to the dark ages of tape backups? Well, no, for all the reasons I mentioned a little bit ago. For irreplaceable family photos, the risk of losing them forever is far more important to me than the risk someone will access my account and covertly see the 4-generation photo taken before my grandfather's passing. What I can do though is make sure that even if my cloud account is breached, the perpetrator can't do anything with the contents. Some of my cloud data is not terribly sensitive - family photos are priceless but generally not a highly-guarded secret. For more sensitive information, I am partial to an encryption program known as TrueCrypt.

TrueCrypt is free software for encrypting data. It can be used to create an encrypted virtual hard drive (a partition within a container file, which can easily be transferred to another location to share or to backup), or to encrypt an entire physical device. Before running off to install TrueCrypt, you should be aware of its recent history. In May, the developers of TrueCrypt closed up shop abruptly, publishing a warning that it was not secure. That sparked a firestorm of theories ranging from a hacked web site to NSA-related conspiracies. In reality, we don't really know anything more than we did in May. There is no evidence that TC has been broken, and an independent audit of the TC code was favorable. Given the uncertainty though, I might not recommend it in a paranoid commercial environment, but for my own personal use I still think it is a good and easy to use product.

While the original developer web site is no longer viable, a group of security professionals have created the Swiss site https://truecrypt.ch/ (titled appropriately enough as "TCnext") as a home for the last-known-good version of the code, and a stepping stone toward a new version.

There are a great many options to TrueCrypt, options you might consider if you wear a tin foil hat on a regular basis. I'll walk you through the simplest and (for most people) most practical configuration. The first step is to open TrueCrypt and select to create a new volume.
Next you have a decision to make: do you want to create an encrypted file container, or an encrypted drive? For my purposes I chose an encrypted file container. After it is created, I can put my sensitive files into the container, the put the container itself into my cloud storage. If my cloud storage is compromised and someone gets their hands on the container, they still can't do anything with it. The second option makes sense if you wish to encrypt an entire USB thumb drive - a great idea if you worry about losing a thumb drive that is full of personal information.
Next you get to choose between a standard volume and a hidden volume. The standard volume is the typical way of doing it. A hidden volume makes sense if you are hiding something and don't want anyone to know it is even there. In this scenario, where the encrypted volume is going to be stored in the cloud, that doesn't accomplish anything - the container file will be visible in the cloud account.
With the volume type selected, it is time to provide a filename and file location.
TrueCrypt lets you select between a variety of encryption and hash algorithms. The defaults (AES and RIPEMD-160) are fine for most purposes.
Choose a size for your volume. This is important, because much like a physical hard drive, you cannot change the size later (though unlike a physical hard drive, it is easy to create another, larger volume and copy the contents).
Choose a password for your new encrypted volume. You have the option of also using a "keyfile." This is an added protection in that you cannot decrypt the volume unless you have both the password and the keyfile. It is a form of two-factor authentication. Bear in mind that if you lose the keyfile, the encrypted volume becomes useless. Also bear in mind that if you store the keyfile with the encrypted file container, an attacker now has the keyfile so it provides no added protection.
The final step is to select the volume format (I strongly recommend NTFS - it can handle larger files and supports file access permissions) and then format it (in other words, create the volume you spent the last 10 clicks describing).
That's all there is to it. You now have a safe place to keep files you wish to keep private, while still being able to back them up to a cloud service for safe keeping.

As an aside, storage media still fail. With Google, and Microsoft offering 15 gigabytes of free storage, and Apple and Amazon offering 5 GB for free (in all cases, there are paid options to gain considerably more storage), there really is no excuse for not signing up for a cloud account to back up important electronic files.