After the great Twitter hack of 2020, in which a vast range of celebrities and politicians (including Elon Musk, Joe Biden, Kim Kardashian, Bill Gates, etc.) had their accounts hacked, it is clear that the cybersecurity of such public figures needs to be taken more seriously. A group of attackers launched a Bitcoin scam from the infiltrated Twitter accounts, where celebrity “owners” asked their millions of followers to send all of their Bitcoin to a provided link, promising to return double the amount of Bitcoin sent.
Unfortunately, followers fell victim to this charity spoof. While people of interest (POI) tend to dazzle from the screen or on the sports field, in this current time, their presence is most importantly felt through social media. Together, the Twitter accounts of Justin Bieber, Katy Perry, and Barack Obama tweet to an audience of 341.2 million people; approximately 13 million more than the entire population of the United States!
An audience that massive can be dangerous. With the ability to reach millions of users, any social media account belonging to a POI can be used by a hacker to do serious damage.
WHY DO HACKERS TARGET PEOPLE OF INTEREST?
Hackers target people of interest for several reasons, but the following are the most common:
Embarrass or publicly ruin the important reputation of a POI’s account by posting inappropriate comments, photos, etc.
Unfortunately, this form of sabotage occurs very often. Hackers that gain access to a POI’s private library will post things on the account that are not supposed to be seen by the public. Inappropriate language or comments are also used to try to slander the reputation of a POI and provoke outrage.
Use the POI account to get followers’ private information
Adversaries rely on the influence of POIs to try to get the private information of a POI’s followers. A hacker can use the POI’s corrupted account to reach out to a fan through any social media message board. They can ask for details about the follower’s personal information and use it to compromise the follower’s account. Since the victim believes that it is the real identity of the POI, they do not realize that they are part of a scam. Unfortunately, there have been numerous instances of users readily handing over their information to be compromised this way.
Monetary schemes; getting followers to send money to a fake POI
Like what happened with the latest Twitter attack, hackers will compromise POI accounts in order to launch a monetary scam. They can use the high-profile account to ask millions of followers to give away their financial information or to send them money. In not knowing that the POI’s account is corrupted, users may grant hackers access to their earnings or send their earnings to a false organization.
Use the POI account as a platform to influence followers with fake political messages or propaganda
Hackers can use the influence that high profile individuals possess to get their followers to perform a big political action, such as voting for a certain candidate or pressing for a particular law. Especially during times of an election, if a hacker has control over a POI’s account, they can manipulate millions of people to reverse the natural outcome of an event.
Launch false information or spread rumors
Adversaries can use the platform of a POI account to prey on the emotional reactions of followers. They can spread false information (such as the claim that an important public figure has died) to cause panic and get people to make irrational decisions based on that falsehood.
Reveal secrets or expose upcoming events that are supposed to be kept secret
To the distress of high-profile individuals, hackers can reveal plans for creative projects that were meant to be kept secret. They can leak the release dates for when albums are dropped, put tickets on the market before a concert or sports game is prepared, or (worst of all) expose entire plots for a highly anticipated movie.
Personal Amusement
Many hackers target POI accounts simply for personal amusement. They are social manipulators who enjoy a good challenge, so attacking the account of a POI is a feat that they want to succeed in.
Fame
There is a certain standard of recognition that comes with compromising a POI, and since many hackers really enjoy recognition, they’ll target a POI just to be in the news.
Spread their ideology or voice for “justice”
“Hacktivists” (hacker-activists) are adversaries who target high profile accounts to spread their ideology and get their message in front of large audiences. “Hacktivists” compromise technology in order to promote their view of justice, hoping that if they reach enough people with what they have to say, that it will influence social or political change. However, regardless of whatever “good” social or political change they are trying to achieve, it is still unethical to take control of another person’s technology to use it for your agenda.
Personal Grudge
It may seem silly, but hackers will often attack a POI just because they have a personal grudge against them. If they have a bad opinion about a certain actor or actress, a rival that is going up against their favorite sports team, or a political figure whose ideology they do not agree with, an attacker will target them to gain personal satisfaction.
HOW CAN PEOPLE OF INTEREST & USERS BECOME SAFER FROM HACKERS?
With POI targeted schemes, the cybersecurity of celebrities, sports stars, politicians (etc.) and their followers depends on how the person of interest conducts their security. Like any other user, a POI should be following these security hygiene basics:
-Choose strong passwords (at least 9 characters long, use uppercase and lowercase letters, numbers, and special characters) -Employ two-factor authentication -Always complete OS or software updates when they come out -Regularly backup your data -NEVER click on any suspicious links -In general, do not give your personal information to anyone
People of interest have a higher responsibility to be cyber-safe because their privacy is already lacking in the public eye. It is simply a fact that high-profile and well-known figures tend to attract more attention from adversaries, who by any means will try to do harm to the individual or their followers. The millions of fans that one person of interest possesses serves as a gateway for attackers to corrupt the information of millions of other people.
Unfortunately, like any other user, high-profile individuals do not handle their personal cybersecurity adequately enough. Most often in the news, it is seen that a celebrity clicked on a suspicious link which opened a backdoor for a hacker to gain access to their social media. Ellen Degeneres and Kanye West are both notorious for choosing bad passwords (“password” and 000000 should never be passwords to anything).
Very often, people of interest tend to give away too much personal information willingly. Such habits need to change in order to counter the modern threats of technology. High-profile individuals either need to buck up their personal security themselves or invest in a personal privacy officer to do it for them.
SHOULD PEOPLE OF INTEREST HAVE PERSONAL PRIVACY OFFICERS?
To be fair, it may be difficult for a high-profile figure to handle their personal cybersecurity. With a tightly-packed schedule and millions of fans to manage, imagine the millions (and billions) of notifications, likes, links, messages, etc. that a high-profile individual has to monitor for malicious activity. With an audience that big, each high-profile figure should be walking on eggshells; being careful about what messages, photos, and content they share, as well as watching out for attacks that come their way.
Therefore, it may be more productive for them to have an infosec professional manage their tech. A personal privacy officer would do all the work of ensuring that a POI’s digital presence is non-compromising, as well as their technology protected from hackers. Before clicking on a malicious link, installing new software, downloading applications, (etc.) it would be beneficial for a POI to have the advice of a professional in data privacy.
However, it is impractical to believe that each POI could be assigned a personal privacy officer when infosec professionals are already so lacking in the world. Instead, it would make more sense for social media managers -who are usually in place on a POI’s team- to double as the role of a data privacy officer.
SOCIAL MEDIA MANAGERS AS PRIVACY OFFICERS
Social media managers are already employed to interact with a POI’s technology, but mostly they are the voice of brands for a POI’s account. Social media managers respond to comments, create content for social media platforms, and manage the online presence for a POI. If the responsibilities of a social media manager could be merged with that of a data privacy officer, a POI could greatly strengthen their cybersecurity.
Anyone in the role of a social media manager can easily gain the experience of an infosec professional for the following reasons:
They are already accustomed to managing technology
They are already aware of the POI’s size of audience and can thus customize proportional risk management
They already are used to working with third party brands and vendors, thus giving them insight into which third parties are legitimate vs. which are malicious
They can easily be trained to recognize scams and attacks because the volume of their work is devoted to answering comments, messages, etc. (inboxes where adversaries often launch malicious campaigns)
CONCLUSION
In a perfect world, every high-profile individual would manage their cybersecurity so that they and their followers would be more protected against the infinite attempts of hackers to compromise technology. However, the task of managing millions of followers and keeping your digital presence clean is daunting for those who do not have the time or the skill.
Therefore, the best solution is to merge the role of a social media manager (an individual who already has considerable experience and expertise in dealing with technology) with an infosec professional. Threats on the internet and social media are becoming more dangerous for users every single day. Therefore, whether they’re in Hollywood or on a sports field, it would be wise for people of interest to make this change.
Comments