What Be­zos’ mes­sage breach teaches us about dig­i­tal se­cu­rity

Low-tech ap­proach to pri­vacy in­va­sion re­mains the sim­plest.

Dayton Daily News - - BUSINESS - By Sam Dean

Last month, the Na­tional En­quirer shared the in­ti­mate texts that Jeff Be­zos — Ama­zon founder, Washington Post owner and rich­est man in the world — had sent to Lau­ren Sanchez, a for­mer tele­vi­sion host, over the course of their month­s­long ex­tra­mar­i­tal af­fair.

“I love you, alive girl,” the tabloid claims Be­zos texted. “I will show you with my body, and my lips and my eyes, very soon.”

This week, Be­zos pub­lished a stun­ning ac­cu­sa­tion against the En­quirer’s par­ent com­pany, Amer­i­can Me­dia Inc., say­ing it threat­ened to pub­lish com­pro­mis­ing pho­to­graphs, in­clud­ing a naked bath­room selfie, in or­der to co­erce the bil­lion­aire into call­ing off an in­ves­ti­ga­tion into how the tabloid ac­quired his pri­vate com­mu­ni­ca­tions in the first place. The­o­ries abound.

Gavin de Becker, who is lead­ing Be­zos’ in­ves­ti­ga­tion into the leaks, has said he is look­ing into Sanchez’s brother Michael as a pos­si­ble source of the “po­lit­i­cally mo­ti­vated” leak. Michael Sanchez — who has per­sonal and pro­fes­sional re­la­tion­ships with Roger Stone and Carter Page, as­so­ciates of Pres­i­dent Don­ald Trump — has fired back with a the­ory that de Becker him­self worked to leak the in­for­ma­tion in an at­tempt to end the af­fair.

De Becker later told the Post that Be­zos was not hacked, but that a “govern­ment en­tity might have got­ten hold of his text mes­sages.” Be­zos’ on­line post Thurs­day stopped short of al­leg­ing out­right govern­ment in­volve­ment in the leaks, but it fre­quently men­tioned Amer­i­can Me­dia’s links to the Saudi govern­ment and the White House.

The Hollywood Re­porter and gos­sip site Page Six, mean­while, cited anony­mous sources to sug­gest that the com­mu­ni­ca­tions were sim­ply leaked by friends of Lau­ren Sanchez.

The de­ba­cle has raised a more press­ing ques­tion even for peo­ple who aren’t tech ex­ec­u­tives with pro­fes­sional se­cu­rity teams at their dis­posal: If Be­zos can’t keep his texts and pho­tos pri­vate, what chance do we have?

A de­ter­mined as­sailant could take a num­ber of higher-tech routes to ex­tract pri­vate in­for­ma­tion from a phone. But the low-tech ap­proach to in­vad­ing some­one’s pri­vacy re­mains the sim­plest.

“I sus­pect that the most com­mon way this hap­pens is peo­ple send nude pic­tures or em­bar­rass­ing text mes­sages to other peo­ple, and those peo­ple save the pic­tures and send them to yet other peo­ple,” said Cooper Quintin, a se­nior staff tech­nol­o­gist at the pri­vacy non­profit the Elec­tronic Fron­tier Foun­da­tion.

No mat­ter the method, though, there are some easy coun­ter­mea­sures peo­ple can take to en­sure their per­sonal com­mu­ni­ca­tions re­main per­sonal.

One set of hack­ing tac­tics re­lies on ac­cess­ing the de­vice it­self and in­stalling snoop­ing soft­ware that pro­vides a way to re­motely track what hap­pens on the phone.

Quintin said the most com­mon threat in this realm comes from “stalk­er­ware” or “spouse­ware,” which is of­ten mar­keted to sus­pi­cious spouses or con­cerned par­ents as a way to mon­i­tor a part­ner’s or child’s ac­tiv­ity. These pro­grams can take and send screen­shots to snoop­ers, track and record calls and even turn on the cam­era and mi­cro­phone to record what’s hap­pen­ing nearby (and are il­le­gal in most cir­cum­stances in the U.S.).

In­stalling these pro­grams re­quires phys­i­cal ac­cess, and once they’re down­loaded, they’re in­ten­tion­ally dif­fi­cult to de­tect. The best de­fense is keep­ing phones nearby and pass­word-pro­tected.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.