|Back to Blog|
One Man Hacked: A Story of Lost Information
One Man Hacked: A Story of Information Lost |
Dominion Dealer Solutions
Early last month a WIRED Magazine article went viral when Senior Writ Mat Honan was “epically hacked.” The first paragraph of his lengthy article tells the tale:
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.He goes on to give the high-level description of how this took place:
My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter.
First things first, “hacker” is probably the wrong term to use here, but it’s become synonymous with any black-hat tactic perpetrated online. “Hacker” was a term first applied decades ago to guys – and sometimes gals –hacking away at code, working hard and putting the time in. But when people like felon Kevin Mitnick rose to prominence in the 80’s and 90’s based on his legendary security exploits, hacker became the de rigueur term to describe anyone using a computer to do something they shouldn’t.
Though vague, “social engineering” better describes most “hacks.” Social engineering uses the power of persuasion, human nature, and general laziness to entice users or employees to divulge critical information, sometimes without their even knowing. An example could be my calling you on the phone, introducing myself as an employee of the electric company, and asking to verify your street address and cell phone number. Eager to keep your account current, you provide me with both. Perhaps I also ask for your mother’s maiden name to verify your identity before I make changes. By the time I hang up, I have a far more comprehensive data profile that may well allow me to access other accounts, or I could contact you again for more data using what I already collected.
Social engineering is largely what took place with Mr. Honan, except Apple and Amazon’s employees were those who were engineered. He explains:
Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.
Apple unlocked the account and the hacker used the information to gain access to Mr. Honan’s other online profiles, efficiently destroying his digital life.
True to the power of the Internet, both Apple and Amazon responded within days, effectively closing the barn door after the horse was gone by patching the flaws in their policies. Although victimized, Mr. Honan’s tale served to protect others, which is bitter to swallow but perhaps one central goal of a good journalist.