Seven Critical Lessons from a hacking victim who admits he should have known better

Sep 11, 2012 Comments Off by

Oh my God!  I missed this story a few weeks ago.  What an eye-opener!

Matt Honan, a senior technology journo had his digital life pretty much wiped out by a couple of hacker kids. We could call them sleazy criminals or trolls. Using the word “Hacker”  almost gives them too much respect.

Matt even had a Twitter discussion with one of the trolls/hackers afterwards and learnt how – and why – it all happened.  You can read the full story here in the Wired magazine story.  Also read here about how he recovered some of it.

Here’s the start of the story in Wired…

“In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

“In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.

“Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

“Those security lapses are my fault, and I deeply, deeply regret them.

“But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s.”

You can read the rest of Matt’s article here.

Here are some of the lessons I got from it… 

Seven Critical Lessons… 

1. Make regular back-ups of what is important in your digital life.  That’s it. Just do it. (I think most of us don’t.)

Cave troll bully by Kevin Dooley
2. Turn on Google’s two factor authentication  and Facebook’s Log In Approvals. Dropbox are adding two step verification now too.  There’s a good article on Lifehacker about this stuff.

3.  Have a separate email address you only use for recovering other log in info and other password details, and not tied for core services you might buy and use such as your AppleID, Amazon account, etc.

4.  If you have different email addresses for different email services such as Apple’s me.com or gmail.com etc, use different prefixes for your email name on these accounts. It makes it harder for others to guess.

5. Be really wary of location services on Apple’s iCloud, especially with the Find My Mac option.  The kids that got to Matt Honan used this location service to remotely find and wipe the hard drive on his Mac laptop. And his iPad. And his iPhone.

6.  Use the extra security protection offered by online service providers, but don’t blindly trust it.  They (in this case, Apple) don’t always follow their own security procedures.

7.  Be careful where you store passwords, and make sure you have multiple ways to access the place you store passwords and the keys to passwords.  Matt uses the 1Password service  which uses a big long key Matt could never remember. The key was stored in his Dropbox account and fortunately, he had also saved his Dropbox folders to his wife’s laptop.

There are many other lessons coming from this.  Apple has already started to change the way it does things.

The kids that stuffed up Matt’s life could do the same to many other people, and most of us would not be able to recover from it as well and as quickly as Matt did.

Providers & Agencies, Smarter Tools, Social Media, Strategies & Roadmap, Technology Choices
Add A Facebook Comment
Comments are closed.