Hackerazzis and the Risks of Free Email Systems

This week’s Los Angeles Times story about a hacker indicted for allegedly breaking into the email accounts of several celebrities is interesting because most of the victimized celebrities were apparently using Apple as their email provider.

This story points out the clear trade-off between the convenience of free email systems and the poor security they provide. The free services made it very easy for skilled cybercriminals, or “hackerazzis” in this case, to reset the passwords using information easily obtained from celebrity web sites.

The reason that these free email programs are such ripe targets for hackers is that they provide little to no notification of invalid logon attempts by unknown people; virtually no control over what devices can access email data; and no publicly available audit data.

A Commerical Grade Email System is a Must

As the president and CEO of a software security vendor, I know that the agents and studios of most celebrities generally use secure, commercial email systems for their transactions. That’s because they fully understand the limitations and risks of consumer grade email services.

The lesson learned is that while free, publicly available consumer grade email may be easy to use and devoid of the expense of an IT department’s support, these services are simply not designed for secure communication.  If you value the security and privacy of your messages, a commercial grade email system is a necessary investment.

On a sidenote, the LA Times article states that this hackerazzi is subject to a potential sentence of up to 121 years for his email intrusion.

I don’t condone the actions of hackerazzis like Christopher Chaney. However, 121 years of prison time seems disproportionate to the allged behavior. Granted, this high profile case may give FBI personnel a chance to mingle with celebrities. But perhaps the agents’ time might be better spent dismantling the criminal botnets and overseas scams that inundate so many thousands of US citizens. Surely that would be a more beneficial project.

What are your thoughts on the security versus convenience trade off of free, consumer-level email systems? Share your thoughts on the blog or email me directly at phil@liebsoft.com. You can also follow me on Twitter: @liebsoft.

1 Comment on "Hackerazzis and the Risks of Free Email Systems"

  1. I would like to point ou that GMail has some nice security features, in addition to using SSL/TLS for sending and receiving mail… There is a “Last Account Activity” link at the bottom of all browser-based GMail pages that shows the IP addresses of recent logins, and there is also a notification option for “unusual activity”.

2 Trackbacks & Pingbacks

  1. Security Lapse Surrounding Mitt Romney’s Email Account is Astonishing | Identity Week
  2. Mitt Romney’s Email Security Lapse is Astonishing | Identity Week

Leave a comment

Your email address will not be published.


Time limit is exhausted. Please reload CAPTCHA.