Quantcast

Oh My Tech!: Wired writer's hacking story a warning

Published August 9, 2012 10:37 pm

Technology • Apple iCloud wiping case a chilling reminder to backup files.
This is an archived article that was published on sltrib.com in 2012, and information in the article may be outdated. It is provided only for personal research purposes and may not be reprinted.

You may have heard the horrifying story of Wired.com writer, Mat Honan, whose digital life was all but destroyed by hackers last weekend.

While his tale may be especially interesting to techies, it's really a cautionary tale for everyone.

Hackers called up both Amazon and Apple customer support and impersonated Honan, ultimately to get access to his Apple iCloud account.

iCloud is Apple's new cloud-based service allowing you to store digital photos, files, music and more on Apple's servers as a way of backing up all your digital stuff.

So how did the hackers do it? It's complicated, but they impersonated Honan to Amazon in order to get the last four digits of his current credit card. Then they called up Apple customer support and impersonated him again. With just his email address, his home address — both of which are easy to get — and the last four digits of his credit card number, the hackers had Apple change his password.

The hackers were then able to get his full Apple ID information, which they used to hack his Gmail and Twitter accounts.

Once the hackers got all that information, they erased his iCloud account, which contained all of his digital pictures of his new baby. They also remotely wiped clean his iPhone and Macbook Pro laptop using Apple's Find My Mac feature. He also lost eight years of emails from his Gmail account as well as other work-related files.

Here's the important lesson he embraced (and you should too): back up, back up, back up.

Honan admitted he never backed up his pictures or other important files to another hard drive. Those pictures of his new daughter are now lost forever.

"The weird thing is, I'm not even especially angry at [the hackers]," he wrote in a lengthy story about the experience. "I'm mostly mad at myself. I'm mad as hell for not backing up my data. I'm sad, and shocked, and feel that I am ultimately to blame for that loss."

He's also angry at Apple and Amazon, and rightfully so, for lax security that allowed the hackers to impersonate him and get private information. Both companies say they were reviewing their procedures after Honan published his story.

But this illustrates the big problem I have with relying on cloud-based services to protect your vital digital information. You never know if their servers will get hacked or if you will get hacked because of their security holes. Plus, you don't even know if the company itself is reliable enough to store your files without losing them.

If well-established companies like Apple and Amazon can get hacked by seemingly simple methods, so can anyone else.

So here's what you should do to help mitigate such problems:

• Don't trust cloud-based services. Buy a portable external hard drive or two (they've become very affordable) and back up your data, even if you already use a cloud-based service to back up your files.

• Use different passwords for different accounts. It makes life more confusing, but it also makes security tighter.

• Don't use the same prefix across multiple email accounts, such as dave@yahoo.com, dave@gmail.com, and dave@hotmail.com. That only helps hackers figure out your email more easily.

• And if you're an Apple laptop owner, you might reconsider using Apple's Find My Mac service, which allows for remotely wiping a laptop when it's stolen. Honan said he believes hackers can easily access your laptop remotely through that service and wipe the hard drive.

This new digital world is sometimes tough and frustrating. But if you take a few extra steps, you might avoid the kind of disaster that struck Honan.

If you have a tech question for Vince, email him at ohmytech@sltrib.com, and he'll try to answer it for his column in The Salt Lake Tribune or on its website. For an archive of past columns, go to http://www.sltrib.com/topics/ohmytech.