UPDATE: The Jeff Bezos privacy nightmare could happen to anyone -- here's how to prevent it
By Kari Paul, MarketWatch
Amazon founder has accused the National Enquirer tabloid of extortion after it acquired compromising photos
Jeff Bezos has some photos he may wish would have stayed on his phone. And many Americans can relate to his predicament.
The Amazon (AMZN) founder went public on Thursday with extortion accusations against tabloid National Enquirer. In a blog post published on Medium (https://medium.com/@jeffreypbezos/no-thank-you-mr-pecker-146e3922310f), Bezos accused the publication's parent company American Media Inc. (AMI) of threatening to publish (http://www.marketwatch.com/story/jeff-bezos-national-enquirer-threatened-more-photos-if-he-investigated-political-motivations-2019-02-07) a "naked selfie" and other compromising photos from his phone that he had shared privately with the woman he was having an affair with at the time. Bezos and his wife MacKenzie announced their divorce (http://www.marketwatch.com/story/want-to-learn-the-details-of-the-bezos-split-maybe-look-for-sec-filings-2019-01-09) in January.
Also see:8 out of 10 Americans make this avoidable online security mistake (http://www.marketwatch.com/story/the-easy-to-make-online-security-mistake-that-8-out-of-10-americans-make-2019-02-08)
"Rather than capitulate to extortion and blackmail, I've decided to publish exactly what they sent me, despite the personal cost and embarrassment they threaten," he said. "If in my position I can't stand up to this kind of extortion, how many people can?"
Bezos claims the blackmail was in response to an investigation by the Washington Post, which he owns, into AMI for potential political motivations behind a previous National Enquirer exposé of his alleged affair. These include alleged ties to Saudi Arabia and President Donald Trump, who is a close personal friend of AMI chief executive officer David Pecker.
It still is not clear how the Bezos images were obtained. They could have been intercepted by hackers or third parties, provided voluntarily by a recipient, or stolen from cloud storage. The Bezos-hired investigator reportedly suspects a "government agency" may be responsible (https://www.washingtonpost.com/politics/was-tabloid-expose-of-bezos-affair-just-juicy-gossip-or-a-political-hit-job/2019/02/05/03d2f716-2633-11e9-90cd-dedb0c92dc17_story.html?utm_term=.32b01bf9342f) for intercepting the messages.
While most of us are not billionaires who own a $200 million national newspaper (http://www.marketwatch.com/story/jeff-bezos-paid-250-million-for-the-washington-post-but-the-cost-is-ending-up-to-be-billions-more-2018-04-04), we are all at risk of falling victim to privacy invasions like these, said Sean McGrath, digital privacy expert and cybersecurity advocate at BestVPN.com (http://bestvpn.com/).
"Bezos may have a lot more to lose that the average Joe, making him a prime target for sophisticated espionage, but we are all susceptible to cyber-threats, regardless of whether or not we have anything to hide," he said.
Here are some ways to avoid what happened to Jeff Bezos happening to you:
Use encrypted messaging
The easiest and most important way to keep digital interactions safe is to make sure they are encrypted, said McGrath.
"Whether it's hackers, commercial outfits or government organizations, there's no shortage of folks who would like nothing more than to take a peek into our personal lives," he said. "Using [end to end] encryption is the only thing that prevents them from doing so."
Many messaging platforms today use encryption. Facebook (FB) messenger has an encryption option and WhatsApp, which is also owned by Facebook (https://smartphones.gadgethacks.com/how-to/chat-with-end-end-encryption-using-facebook-messengers-secret-conversations-0193385/), is encrypted by default. Apple's (AAPL) iMessage is encrypted by default as well. Android (GOOGL) SMS is not encrypted, however.
If you have a non-Apple phone or simply want extra security, you can use encrypted messaging apps like Telegram or Signal. Both are free and available for Android and iPhone. McGrath recommends Signal because it is an open-source project, meaning its code can be independently verified and audited.
"It's hard to vouch for many of the other messaging platforms owned by tech giants, simply because there is no way to be certain that the company will always put our right to privacy above their own commercial interests," he said.
Keep photos safe on your device
Images may be at a higher risk if kept on a cloud rather than securely stored on a device, said Chris Morales, head of security analytics at Vectra, a San Jose, Calif.-based provider of AI-powered security.
"If a photo is stored in the cloud, it should be assumed there is a risk of compromise and the photo being leaked," he said. In one high-profile example, celebrities had sensitive images stolen (http://www.marketwatch.com/story/apple-investigating-reports-of-celebrity-icloud-hack-2014-09-02) from them in a massive iCloud hack in 2014. These images would have been more secure secured on a device, Morales said.
Use secure cloud services and two- factor authentication
If you're using cloud storage it is important to make it as secure as possible. A new app called Pixek (https://www.wired.com/story/pixek-app-encrypts-photos-from-camera-to-cloud) (free, but currently only available on Android) encrypts photos right after they're taken. Storage service Cryptee keeps documents (http://www.marketwatch.com/story/why-i-decided-to-encrypt-my-diary-2018-09-12) and photos secured through encryption as well. Cryptee is free for the first 100 megabytes and charges $3 for each additional 10 gigabytes.
In the 2014 celebrity iCloud breach, many victims were targeted due to weak passwords. This can be avoided through the use of a password manager with secure, long passwords and using different passwords for every site, Morales said.
In addition to password managers, you can turn on two-factor authentication to put an extra layer of security on your accounts. This form of security requires users to type in a code that they retrieve from another device, like a phone, which presumably only the user has access to. A growing number of websites use two-factor authentication. The website 2FA (https://twofactorauth.org/) allows users to search any site to see if it offers the feature.
Don't send sensitive information digitally
Of course, the easiest answer to the conundrum would be to not send racy photos of yourself to anyone. You may be able to keep this secret, but the people you send them to may not. "Especially for minors, never post anything anywhere that you'd be embarrassed if made public," said David Ginsburg, vice president of marketing at Cavirin, a Santa Clara, Calif.-based cybersecurity firm.
But hacks like these are becoming more common, and more normalized. Politicians like Anthony Weiner have had intimate moments publicized against their will, leading some to say we are entering a "post-privacy" era. While you can never keep (https://www.scientificamerican.com/report/privacy1/) everything 100% secure today, people should still be mindful about what they send, said McGrath.
"Here is a good rule of thumb: Each and every time you are about to send a message with sensitive or personal information in it, ask yourself the question: 'Would my career, my reputation or my marriage survive if this ended up on the front page of the National Enquirer tomorrow?'" he said. Or if it was shown on a billboard in Times Square?
"If the answer to that question is no, you should think very carefully before hitting send."
-Kari Paul; 415-439-6400; AskNewswires@dowjones.com
RELATED: This 30-second change to your computer settings is the easiest way to stop hackers (http://www.marketwatch.com/story/this-30-second-change-to-your-computer-settings-is-the-easiest-way-to-stop-hackers-2018-06-12)
RELATED: Why you have no idea how much a surgery really costs before you get it (http://www.marketwatch.com/story/why-you-have-no-idea-how-much-a-surgery-really-costs-before-you-get-it-2019-02-08)
RELATED: 8 out of 10 Americans make this avoidable online security mistake (http://www.marketwatch.com/story/the-easy-to-make-online-security-mistake-that-8-out-of-10-americans-make-2019-02-08)
(END) Dow Jones Newswires
02-11-19 0917ETCopyright (c) 2019 Dow Jones & Company, Inc.