Protect yourself from hackers and the NSA

Everybody's talking about hackers and the NSA stealing our data. Here's how to do something about it.

The downside of email, chat, text and messaging apps is that they make you feel like you're communicating privately, with only the intended recipients. And that your messages are private. Until they're not.

The employees and management at Sony Pictures Entertainment could tell you that.

On Nov. 24, the North Koreans (or the "Guardians of Peace" hacker group, or a disgruntled employee, or Russia) downloaded more than 100TB of Sony data and then irreversibly erased Sony PC and server data. The damage would be eventually estimated at $15 million.

But that dollar amount is nothing compared with the endless problems revealed in the leaked emails. Sony executives were exposed as racially insulting the president. Hollywood stars found out they were being paid less than peers and renegotiated their contracts. Bickering between studio chiefs and major stars was revealed. Executives insulted celebrities behind their backs (For example, one honcho referred to actress and director Angelina Jolie as "a minimally talented spoiled brat").

One unfortunate fact makes email and other messaging apps especially vulnerable to snoops -- you can't control it because it also resides elsewhere. People focus on Sony employees whose emails were compromised. But what about the people outside Sony they corresponded with? Their communication with Sony employees got compromised, too. The truth is that even if you have an aggressive purge policy that calls for deleting email after a certain amount of time, there will probably still be copies of the deleted messages with people outside the company.

There has to be a better way. Or two.

This week, two communication apps have been in the news and they're worth looking at. They're called Confide and Dstrux, and they're similar to, say, Snapchat in that they're designed to be "ephemeral" message services. But unlike Snapchat, they're aimed at professionals.


Confide is a free service accessible via free apps for iOS and Android. Confide was in the news this week because the company released new features that prevent users from taking screenshots of messages and shared documents and photos. It also made it easier to import email conversations. So when a conversation on email becomes confidential, you really can "take it offline" if you have Confide.

You send a message, along with an attached document or photo. Confide supports the sharing of Word, Excel, PowerPoint and PDF files stored on Dropbox, Box, Google Drive, OneDrive and other document-storage services.

As soon as you send it, it gets encrypted. When the recipient opens it, the content is blurry and unreadable. It can only be read by touching the screen, and only the line under the finger is readable. So even if someone snaps a picture of the screen, only the one exposed line is captured. There's no way to see the whole message at once. When the recipient is done viewing and taps "close," the message is deleted irretrievably.

Confide is also working on a paid version called Confide for Business, which the company says will ship in "early 2015." Confide for Business will have address book integration, distribution lists and other features. Confide is also working on a desktop version.

When you send a message to someone who doesn't have the Confide app installed, a button on the recipient's message opens the Apple App Store or Google Play Store on the Confide page so he can download it.


Dstrux is similar to Confide. It's a way to send messages and documents that are both encrypted and self-destructing. It enables sharing over Facebook or Twitter, but only a link to the secure content in the cloud is shared.

It can be viewed, but not printed, copied, saved or captured with a screenshot.

Before sending a message with Dstrux, you decide how long the message will last before it self-destructs; the length of time can be measured in days, hours or minutes. You can choose to blur content and allow or disallow forwarding. The attachment or picture can be accompanied by a message.

As is the case with Confide, a Dstrux message sent to someone who doesn't have the app prompts the recipient to install it. Once the app is installed, the recipient has to work to see any picture sent. Swiping a finger across a picture shows only what's under the finger, and only for a second or so. It's like finger painting on the screen. If you want to see the full image, you have to rapidly swipe all over the screen, then look fast before it vanishes.

One cool feature of Confide is that both the recipient and the sender have the ability to delete a message. And the sender can change the amount of time a message will last before it self-destructs. So if you initially set a message to be viewable for a week but change your mind after sending it, you can shorten its life span remotely -- you can even choose to instantly delete it.

So which app should you choose: Confide or Dstrux?

My recommendation is to download and install them both. They're free. Their feature sets are different enough to merit an "all of the above" selection.

In general, Confide is more elegantly designed and somewhat easier and more pleasant to use for basic communication. Dstrux gives the sender more options and control, but is slightly less appealing to use.

The most important thing is that you download and use one or both of these apps. They're both easy to use. And if you ever find yourself hacked or snooped upon, you may decide that they were worth the trouble.

Once they're installed and set up, they're as easy to use -- and almost as fast -- as any other messaging or email app.

Using this kind of app will give you the peace of mind of knowing that you're not going to wake up one day and (like the Sony Pictures employees) find out that all your private conversations are now public.

Join the CSO newsletter!

Error: Please check your email address.

Tags data securitysecuritySony Pictures EntertainmentSony Picturessonydata protection

More about AppleDropboxExcelFacebookGoogleSony

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mike Elgan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place