Wired reporter hack reveals perils of digital age

Aug 10, 2012 by Glenn Chapman
People gather around a display of laptop computers. The perils of modern dependence on Internet-linked gadgets and digitally-stored memories remained a hot topic on Friday in the wake of a hack that wiped clean a Wired reporter's devices.

The perils of modern dependence on Internet-linked gadgets and digitally-stored memories remained a hot topic on Friday in the wake of a hack that wiped clean a Wired reporter's devices.

Mat Honan laid out at wired.com in gripping detail how his "digital life was destroyed" right down to irreplaceable photos of his baby daughter. Honan next week is to share his quest to repair the damage.

"The take-away from his bad experience is that people need to be careful with using an online service, especially a backup service," Lookout Mobile Tim Strazzere told AFP on Friday.

"The main part is to mitigate risk; he lost a lot of personal information."

Basic hacker skills were combined with "social engineering," the art of sweet-talking someone like a customer service rep into bending rules during a phone call, to compromise Honan's , , and AppleID accounts.

Honan told of his @mat Twitter handle apparently being the coveted prize for hackers who deleted his and erased the data from his , and MacBook laptop computer to hide their trail.

The data-wiping feature was created by Apple to let people protect digital information if devices are lost or stolen.

He said his Twitter account was used to fire off offensive messages.

"In many ways, this was all my fault," Honan wrote. "My accounts were daisy-chained together."

"But what happened to me exposes vital in several customer service systems, most notably Apple's and Amazon's."

Hackers were able to get bits of information from Apple and Amazon tech support that helped them achieve their mission, according to Honan.

Apple did not respond to an AFP request for comment, but reportedly gave Honan a statement saying his data was "compromised by a person who had acquired personal information about the customer."

"In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers' data is protected."

The "daisy chain" mistake Honan described is especially perilous when it involves making links between work and personal accounts, according to Strazzere.

An example would be using one's personal email address as the place to send password reset messages automatically generated by online services that require login information.

Getting access to a personal email account could then give hackers keys to any password protected services someone uses - such as Twitter, Facebook or office email.

"It is an interesting twist to the new age," Strazzere said. "These new capabilities are great tools, but it is a scary thing that if one gets compromised it can hurt you so much more."

His recommendations included keeping work and personal online accounts separate, even going so far as to have "throw-away" Web-based email accounts for matters such as password resets.

Pictures, documents or other data stored in the Internet "cloud" or on personal devices should be backed up as well as being encrypted.

Some online services provide the option of "two-factor authentication" that tightens security on password resets.

Explore further: Twitter blocks two accounts on its Turkish network

add to favorites email to friend print save as pdf

Related Stories

Hacking nightmare victim chastises Apple and Amazon

Aug 07, 2012

(Phys.org) -- Wheezes, whispers, coughs and sidebar remarks might one day crash into a deafening roar: There is a disconnect problem in data management policies involving the technology industry as deployed and utilized. ...

Twitter settles with FTC over data security lapses

Jun 24, 2010

(AP) -- Twitter has agreed to settle charges by federal regulators that it put the privacy of its users at risk by failing to protect them from data security lapses last year that let hackers access their accounts.

Twitter hacked by old technique -- again

Jul 15, 2009

(AP) -- Breaking into someone's e-mail can be child's play for a determined hacker, as Twitter Inc. employees have learned the hard way - again.

Expert gives tips on safeguarding against data theft

Apr 11, 2011

Nick Feamster, assistant professor at Georgia Tech's College of Computing and researcher at the Georgia Tech Information Security Center offers his expertise on the Epsilon data breach and what users and custodians can do ...

Recommended for you

LinkedIn membership hits 300 million

Apr 18, 2014

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 8

Adjust slider to filter visible comments by rank

Display comments: newest first

dtxx
1 / 5 (2) Aug 11, 2012
One Word: C
kochevnik
1.8 / 5 (4) Aug 11, 2012
Maybe if Wired were to stick to the premise of their name instead of becoming mouthpieces for the NSA/CIA neocons and police state fanatics.
alfie_null
5 / 5 (2) Aug 11, 2012
"We are reviewing all of our processes for resetting account passwords to ensure our customers' data is protected."
A memo sent out? Require more training?

On the one hand, how to deal with a customer who can't remember the name he gave to his favorite pet. On the other hand, utterly preventing this sort of social engineering.

The whole issue of authentication is a mess, and I can't see it getting any better.
Bowler_4007
3.4 / 5 (5) Aug 11, 2012
once upon a time on hotmail you could set a custom question, literally anything you wanted, i set mine as "who???" if anyone ever tried to trick me into answering that i would have been onto them immediately, those days need to come back, the questions don't have to be relating to personal details, in fact its best if they don't make sense to anyone but the account owner, only then is it providing the best security it can
po6ert
5 / 5 (2) Aug 12, 2012
backup your data. the first to tenth commandment of computer use
should be ammended to backup to removable devices cd or thumb drive. your own fault for abdicating your responsiblity
Argiod
1 / 5 (3) Aug 13, 2012
All my sensitive materials and backups are on external hard drives that are only attached to my system immediately after a thorough cleaning a/v scan and for backup purposes; and removed immediately before going back online. I have one drive that is strictly for the Operating System, and one that is for programs that I use frequently. I run Linux as the main OS, and run Windows XP 32, and Windows XP 64 under it. I also run a sandbox on a separate machine attached to the system, that intercepts hacker activity and diverts it to some tasty looking 'games'; most of which are infected with various routines that will randomly wipe hard drives, blank the monitor at random intervals, and other fun, but harmless mayhem.
Aloken
not rated yet Aug 13, 2012
The average computer user is a problem. Its the person who doesn't want to do anything other than what he or she sets out to do. This kind of person expects computers to 'just work' (thanks apple) unlike any other kind of machine which requires maintenance and must be used properly to avoid mishaps (i.e. cars). It would be fine if that kind of attitude only affected the user, but it doesn't, botnets are a prime example of how dangerous careless users can be. Some PCs are testbeds for new viruses, others are the actual means to spread them. Computers should require a license to be used, just like vehicles, because when misused they can cause damage to others.
antialias_physorg
not rated yet Aug 13, 2012
. your own fault for abdicating your responsiblity

Yes. To put it in a pithy way: With great power comes great responsibility.

If you want to have the power of connected electronic media then you damn well better get to know a bit about them.
We require basic knowledge of most anything potentially hazardous (guns, cars, medication, ... )

Just because it's fun and easy doesn't mean that you're relieved of all responsibility.

and diverts it to some tasty looking 'games'; most of which are infected with various routines that will randomly wipe hard drives, blank the monitor at random intervals, and other fun, but harmless mayhem.

Offensive honeypots aren't really that effective (I wish they were. A "Ghost in the Shell"-scenario would be awesome).
The honeypot part is effective - but since hacks usually work via proxy (i.e. via another infected computer) you don't achieve much except that the hapless individual who owns the proxy is now shafted from both ends.

More news stories

Hackers of Oman news agency target Bouteflika

Hackers on Sunday targeted the website of Oman's official news agency, singling out and mocking Algeria's newly re-elected president Abdelaziz Bouteflika as a handicapped "dictator".

Making graphene in your kitchen

Graphene has been touted as a wonder material—the world's thinnest substance, but super-strong. Now scientists say it is so easy to make you could produce some in your kitchen.

Low tolerance for pain? The reason may be in your genes

Researchers may have identified key genes linked to why some people have a higher tolerance for pain than others, according to a study released today that will be presented at the American Academy of Neurology's 66th Annual ...

How to keep your fitness goals on track

(HealthDay)—The New Year's resolutions many made to get fit have stalled by now. And one expert thinks that's because many people set their goals too high.