This week’s Los Angeles Times story about a hacker indicted for allegedly breaking into the email accounts of several celebrities is interesting because most of the victimized celebrities were apparently using Apple as their email provider.
This story points out the clear trade-off between the convenience of free email systems and the poor security they provide. The free services made it very easy for skilled cybercriminals, or “hackerazzis” in this case, to reset the passwords using information easily obtained from celebrity web sites.
The reason that these free email programs are such ripe targets for hackers is that they provide little to no notification of invalid logon attempts by unknown people; virtually no control over what devices can access email data; and no publicly available audit data.
A Commerical Grade Email System is a Must
As the president and CEO of a software security vendor, I know that the agents and studios of most celebrities generally use secure, commercial email systems for their transactions. That’s because they fully understand the limitations and risks of consumer grade email services.
The lesson learned is that while free, publicly available consumer grade email may be easy to use and devoid of the expense of an IT department’s support, these services are simply not designed for secure communication. If you value the security and privacy of your messages, a commercial grade email system is a necessary investment.
On a sidenote, the LA Times article states that this hackerazzi is subject to a potential sentence of up to 121 years for his email intrusion.
I don’t condone the actions of hackerazzis like Christopher Chaney. However, 121 years of prison time seems disproportionate to the allged behavior. Granted, this high profile case may give FBI personnel a chance to mingle with celebrities. But perhaps the agents’ time might be better spent dismantling the criminal botnets and overseas scams that inundate so many thousands of US citizens. Surely that would be a more beneficial project.
What are your thoughts on the security versus convenience trade off of free, consumer-level email systems? Share your thoughts on the blog or email me directly at firstname.lastname@example.org. You can also follow me on Twitter: @liebsoft.