Fri, Oct 7, 2016

How High Profile Accounts Get ‘Hacked’

The recent news of Pippa Middleton’s personal cloud account being ‘hacked’ brought the security of cloud accounts under scrutiny again. Over the last few years, we have seen more and more headlines about the personal cloud accounts of high profile people, including celebrities and well-known business figures, being ‘hacked.’ The reports usually refer to the accounts being ‘hacked,’ a term which implies that a vulnerability in the cloud security has been exploited by a hacker using their technical skills.

In fact, it is most likely that the accounts have not been ‘hacked’ at all rather they have been compromised: they have been taken over by an attacker who has probably gained access to the account by simply cracking or guessing their password.

This was the case with ‘Guccifer,’ aka Marcel Lehel Lazar, who was sentenced to four years in prison on 1 September 2016 for unauthorized access to a protected computer and aggravated identity theft. His high-profile victims included Dorothy Bush Koch (the sister of George W. Bush), former Secretary of State Colin Powell, and Sidney Blumenthal (a confidant to Hilary Clinton). Lazar compromised the internet accounts of his victims by using Open Source Intelligence (OSINT): he found public information about his targets online and used that information to guess their passwords and security questions. He has since commented that “it was easy ... easy for me, for everybody."

The Guccifer case shows that the associates friends, family members, and colleagues of high-profile people can be as vulnerable, and valuable, as the high-profile targets themselves. Attackers will identify key people in the victim’s network and will seek to compromise their accounts as a way of eliciting information on, or access to, the target themselves.

How and why high-profile hacks occur

Kroll has vast experience of investigating cyber attacks and leaks of information. We are skilled at tracing an information leak to its source, and many times we have found that the root cause is the compromise of the email account of the target or someone in their close network. Often, the compromised account had been protected by a weak password. This was the case when a private wealth bank contacted Kroll after it had identified bogus money transfer instructions from an external wealth manager of one of its clients. By the time the bank realized it had been subject to a fraud, it had transferred in excess of $2 million.

Kroll identified that the wealth manager’s email account was compromised and email filters had been set to hide all messages from the bank and his client’s email, thus allowing the fraudster to send the bogus instructions undetected. The fraudster had mimicked the language and instructions from the client’s earlier emails saved in the account. His password was his daughter’s first name, which was readily identifiable through his public social media accounts.

High-profile people and their networks are more vulnerable to being attacked for three reasons:

  • They are more visible and so naturally more of a target
  • Their data is more valuable, perhaps because you are wealthy, well-known or in a high-ranking position
  • There will most likely be more information about high-profile individuals in the public domain. This includes contact information (which, if not directly available, can probably be guessed based on the data that is available). If they are using a common password this will lead to their account being easily compromised. Personal information that people often use for their passwords (e.g. pet names, favorite football teams, favorite films, family names, etc.) may also be available through simple research, enabling attackers to guess likely passwords

How to prevent a hack

There are steps you can take to better protect your accounts from being compromised. It is vital to have strong, unique passwords for your online accounts. When you think about the damage that an attacker could do if they accessed your email account, or read emails you sent within your social or business network, the value of good passwords becomes clear.

For some people, the best solution is a password manager. Password managers are a great tool when it comes to cyber hygiene. There are many good password managers that will store and generate complicated, individual passwords for each of your accounts so you just need to remember one password to access the password manager itself. If you make the one password which guards your password manager strong, long and complicated then you will have a much better level of security than re-using one weak, simple password for all of your accounts.

Setting up two-factor authentication on your accounts is another crucial piece of security. It is not as complicated or onerous as it may seem, and it is very effective: if your password is compromised by an attacker, two-factor authentication would prevent them from gaining access to your account (acting like a bolt to reinforce your Yale lock).

Last but far from least, is being conscious of the information you share and how it could be used against you. A digital footprint assessment provides you with an ‘attacker’s eye view’ of your profile, and of the profile of your network. In this way, it provides you with awareness of how public information about you and your family, friends and colleagues could be used by a cyber criminal to compromise your information.

By Dr Jessica Barker, Senior Consultant in Kroll’s Investigations and Disputes practice based in London.

Forensic Investigations and Intelligence

The Kroll Investigations, Diligence and Compliance team are experts in forensic investigations and intelligence, delivering actionable data and insights that help clients worldwide make critical decisions and mitigate risk.