Assuming that celebrities are on high alert and not easily fooled by social attack techniques, what else could a hacker use?
Dr Nguyen: We only have a little time every day to think about security and privacy, while cyber criminals have 24 hours a day to do it. When going to a hotel, restaurant or cafe, a series of security cameras can be used by criminals to steal your phone's PIN to open your phone.
As an athlete or actor for example, when practicing, competing or acting, they may not have their phone with them. Instead, they may leave it in their bag, locker room, or with an assistant. This is an opportunity for attacks.
You also become vulnerable sending your phone to get repaired or have software installed. There have been many cases of sensitive photos and videos being leaked out using these services.
It is a bit extreme, but perhaps high-value targets should consider buying a new phone instead of taking an old one to be repaired. Of course, important phone information such as contacts should be backed up periodically, and old phones should be reset or completely deactivated.
Dr Nguyen, if these people always keep their phones with them and do not give them to anyone, can attacks happen?
This is still possible. Reusing passwords between different websites is quite common, and the fact that you create accounts on different websites and use the same password is a major weakness. The account you created five or even ten years ago could be available online now through the dark web market.
It is possible for hackers to look for this data and search through celebrity emails or passwords, and then log into their accounts.
Assuming a person has excluded all of the cases mentioned above, are they likely to be attacked?
Dr Crelin: My answer is yes. Remember the Social Engineering case I just mentioned? Have you ever been on Facebook and tried searching for your account name and discovered many fake accounts, using your real name and photos?
Hackers can create fake accounts of famous people and make friends with other celebrities. For a while, the two may exchange intimate and sensitive messages until the fake account gets exposed. The cyber criminal can then use these chats to blackmail the victim: comply or be publicly exposed online.
What can people do to protect themselves online?
Dr Nguyen: The more convenience we enjoy, the less security we get so people should always weigh those two against each other. For example, using a simple password or reusing an old one can make it easier for a hacker to access an account. The risk is higher than if you were to use different and challenging passwords. As cyber-crime is actively aggressive, there is no way to completely immunise against cyber attacks, but using multi-factor logins or one time passwords for important services such as banking can largely reduce the risk.
About the experts
Dr Jonathan Crellin is a Senior Lecturer from RMIT University’s School of Science & Technology. He teaches a variety of subjects, in computing and information technology, including computer and information security. He has managed Masters programs at the University of Portsmouth in UK, and worked with the UK Police High Tech Crime Unit in Hampshire. His first degree was in Psychology, and his PhD is in the applications of human factors to information systems. He is a member of the British Computer Society and its Cyber Forensics Specialist group, and a certified Computer Forensic Investigation Analyst, and Macintosh Forensics Specialist.
Dr Nguyen Ngoc Thanh is a Lecturer from RMIT University’s School of Science & Technology, where he teaches various programming courses in the Software Engineering and IT programs. His research interests include information infrastructure, large scale and complex systems, cloud computing and security. Prior to lecturing at RMIT, he was the Chairman of Health Information Systems Program in Vietnam, and Director of Technology at eMED Joint Stock Company. He got his PhD and Master Degree from the Department of Informatics, the University of Oslo in Norway.
Story: Thuy Le