How Apple Failed Leslie Jones (and Jennifer Lawrence and Kate Upton and Kaley Cuoco, and…)
Celebrities are a massive target for the pathetic manbabies who engage in blackhat behaviour driven by hatred.
That’s doubly true for female celebrities.
Female and Black? Hoooo boy.
Female, Black, and a star of a movie that the misogynist online horde has chosen to target with terrorism? Even worse.
Female, Black, a star of a movie misogynists hate as much as they hate women, and you dared to speak out about your right to not be abused? Holy cow, I would not want to be Leslie Jones.
Like many normal people in 2016, Jones obviously uses at least one Apple iDevice. We know this because the misogynist terrorists got her private photos by attacking iCloud.
It’s perfectly ordinary to take photos of oneself that one would prefer to keep to themselves or share with only close trusted friends and lovers. I’m willing to bet some people online are engaging in victim blaming Jones.
“She shouldn’t have taken nude photos of herself on her iPhone if she didn’t want this to happen! Ha!”
Here’s a Venn diagram that applies to those assholes:
So, I strongly believe that Jones deserves none of the blame for this incident, which is only the latest to totally fuck up her life.
Also, her website was attacked, and defaced with disgusting racist imagery that I’m glad I didn’t see. (Fortunately, her website was restored soon afterwards.) I know a lot about web development information security, but that’s beyond the scope of this article.
Here, I’m going to get into who is at fault for this latest attack on Leslie Jones.
Some of the blame rests squarely upon the destructively gentrifying Silicon Valleyers of Cupertino, California. That’s right, Americans. Your government decided that corporations are people. So I’m pointing a finger at the hipper-than-thou materialistic jerk of a “person” that is Apple.
But even if Apple had the same lax attitude about security that Microsoft has usually had, this attack still wouldn’t have happened to Leslie Jones if it weren’t for the existence of something else.
That something else are those misogynistic, terroristic hordes whom I’ve previously mentioned.
The latter party deserves at least 90% of the blame, with Apple taking the remainder.
How Did Apple Fuck Up?
Apple consumers should have every right to assume that their iDevices and iServices are well configured out of the box. Sure, I know to always change the default settings, but I’m an infosec lady.
Yes, end users should understand a little bit about how to secure their own data, and they can learn a lot by Google searching information. (Non-techies are unlikely to use Duck Duck Go, eh?)
But Apple’s brilliant marketing over the years has featured many slogans like “Think different,” “There’s an app for that,” and… “It just works!”
“It just works!” That’s the dumb slogan I was looking for!
Ever since Jobs and Wozniak stole the GUI operating system idea from Xerox a long time ago for the first Macintosh OS, Apple marketing has focused on making their products a lot more user friendly than those of their competitors. (Hey! Don’t get pissed off at me for saying that Steve Jobs stole an idea. First of all, Jobs loved the infamous “great artists steal!” quotation. Secondly, when Gates, Ballmer, and company used a very similar GUI for Windows 1.0 and so on, Jobs had the audacity to accuse Microsoft of stealing the GUI OS idea from Apple! Was he accusing Mr. Gates of being a great artist?)
“It just works!” is simply an extension of that concept of making computer products as user friendly as possible. Most end users would be bewildered to have to figure out what all of the various settings in their operating systems and applications mean. So the idea of everything working great out of the box is an immensely compelling one for them. Mr. Jobs, marketing genius that he was, understood that even better than I do.
The problem with that is that Apple has taught end users to trust their devices, software, and services without worrying about configuration. That’s an especially bad problem when the default settings really seriously suck ass.
Even this long after the great celebrity nude attack of August 2014, iPhones and iPads still automatically upload photos to iCloud by default. Jennifer Lawrence, Kate Upton, Kaley Cuoco, and the other famous targets were probably unaware that the photos they were taking were being automatically uploaded to the internet.
Yes, iCloud’s user account interface tries to keep photos and other user files behind a user account authentication layer. So I can’t simply navigate to iCloud’s web frontend to see all the files of the service’s over 700 million users.
I’d have to crack each iCloud account that I wanted to target. I might have to do it one by one if I don’t have a mega computing cluster at my disposal. But password crackers and applicable pentesting suite (such as OpenVAS) plugins are readily available. All I’d have to do is… Set it and forget it! (How the hell do I get these marketing slogans out of my head?)
It’s also highly likely that the creeps who attacked Jones’ iCloud data used a black market “hacking as a service.” Yep, if you go into the Dark Web, you can find malware, botnets, and cracking services for sale.
The August 2014 attack targeted a vulnerability in Apple’s iCloud-connected “Find My iPhone” service. That vulnerability has since been patched.
But it’s now late August 2016, and Leslie Jones’ iCloud data was attacked only yesterday.
I’m sure Cupertino works at securing iCloud all of the time. But that’s insufficient. They must also make uploading to iCloud a setting users must deliberately turn on. And they must force all users to use two-factor authentication. It’s that bloody simple!
Frankly though, despite Apple’s grandstanding to protect iPhone encryption from warrantless FBI searches earlier this year, there’s something else that I highly suspect.
Apple might care a little bit about protecting users from law enforcement when they lack a search warrant. But they want to have access to all of their customers’ data without any friction from their customers. The latest version of OS X, 10.11 El Capitan, allows Apple to have access to everything on your hard drive whenever they want. To make matters worse, there’s no root in El Capitan as is standard in operating systems with BSD/Unix and Linux kernels.
The Free Software Foundation has good list of the major ways that Apple violates users’ rights if you’re curious.
And if you think Windows 10 might possibly be a refuge from all of that bullshit…
But iCloud’s vulnerabilties would be completely irrelevant if not for one other factor…
Those Fucking Misogynistic Manbabies
I was a Gamergate target. I know full well what it’s like to be punished for the heinous crime of being a woman on the internet.
Cracked has a good video about that.
Law enforcement and Silicon Valley should be taking the harassment women and other marginalized groups get on the internet seriously, but they usually don’t.
At least Twitter and their CEO Jack Dorsey has tried to do something to help Jones in the aftermath of her first major Twitter attack.
And the FBI are investigating this latest attack on Jones which involves iCloud.
What the fuck are you going to do for her, Apple?
Support a woman on the internet who writes about information security. Check out my Patreon! Even a dollar per month would be greatly appreciated.
Or, you could click on the little heart and turn it green for me. That’ll cost you nothing. Thank you!
