Hacking of Reporter Shows Need for Strong Security in the Cloud

By David Delony - August 8, 2012 | Tickers: AMZN, AAPL, GOOG, YHOO | 0 Comments

• Email
• Print

It seems like something only hackers in the movies have been able to do: Get into someone's laptop, iPhone and iPad and remotely wipe them, taking all of his data with it. This really happened to tech reporter Mat Honan, however, and it might make some investors nervous about some current tech giants.

A 19-year-old hacker using the name "Phobia" and an accomplice have claimed credit for the terrifying attack, the details of which emerged over the past weekend.

Honan describes how it unfolded in a Wired article:

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

Honan acknowledges that his security practices have been less than perfect, but the attack shows how even under the best of circumstances, security still depends on human beings.

The hackers were able to get in to Honan's account on Apple's (NASDAQ: AAPL) iCloud simply by calling into Amazon's (NASDAQ: AMZN) customer service line, saying they wanted to add another credit card. Then they claimed they'd lost their account password. Amazon replied by asking them to confirm the last four digits of Honan's credit cards. This is also the information needed to convince Apple to reset the account, which had been specified as an alternate recovery account for Honan's Gmail account.

It's a classic case of social engineering, which means hackers try to get human beings to give over important account information instead of trying to obtain it by brute force or using a program to guess passwords. The real prize was Honan's three-letter Twitter account, which Phobia and his partner-in-crime hacked. Phobia claims it was his partner's idea to wipe Honan's information, which includes photos of his daughter.

In the aftermath of the attack, people across the tech industry are trying to figure out the best way to prevent something like this from happening again. Honan continually blamed himself for not using two-factor authentication to secure his email account and Matt Cutts, a software engineer for Google (NASDAQ: GOOG), has also urged users to use it.

What two-factor authentication does is attempt to prevent an email account from being used even if a username and password fall into  the wrong hands. When two-factor authentication is turned on, Google periodically sends a text message to the user's phone with a security code (or uses an app on a BlackBerry, Android phone, or iPhone) which the user is prompted to enter along with the username and password. Since in theory only the account owner should have the phone, it should thwart attempts by unauthorized parties to gain access. Yahoo (NASDAQ: YHOO) also offers two-factor authentication for its email service.

Security means identifying threats and adapting to new ones as they appear. If more cloud services like Gmail and iCloud would have us store our entire lives, users and investors must ensure that those in charge of them have their feet firmly on the ground and take security seriously. Amazon has apparently discontinued the ability of people to call in with new credit card numbers, which contributed to Honan's attack. Hopefully, Amazon, Yahoo and other companies will follow suit, tightening up their own security in the wake of this incident.

• Email
• Print
• Feedback