You may be hearing a lot of news about how a reporter by the name of Mat Honan had his e-Life tipped upside down recently thanks to a malicious hacker that was after his Twitter handle. This article was inspired by what happened to him and is an attempt to make lemonade from this rather large lemon. At the end I'll give you some tips on how to avoid getting caught in the same situation!
Just to clear something up right away, his passwords were never directly hacked. Unlike how its portrayed in movies and TV, hacking is actually more of an art than a science. Essentially they managed to do what's called 'Social Engineering' to gain access. Social Engineering is geek-speak for good old-fashioned con-artistry. It involves using knowledge of how an entity like a corporation or government works against it.
In this case they started with the goal of getting his Twitter account. From there the process gets quite complicated but easy enough for a kid with too much time on his hands and a goal in mind. The end result was that due to policy flaws at Amazon, Apple, and Google, the hacker (who goes by the pseudonym 'Phobia') was able to gain access to Mat's most important accounts and lock him out of them. 'Phobia' then sent kill commands to Mat's iPhone, iPad, and MacBook using Apples 'Find My iPhone' service. It wasn't until this started happening that he even noticed something was wrong and by then it was too late. Because he failed to back up his data regularly, Mat also came very close to losing every picture he had taken of his 18-month-old daughter as well as a ton of other personal data! Thankfully it looks like it may be recoverable, but not without great effort.
Once his goal was achieved, 'Phobia' started using the Twitter account to send out horribly offensive posts to all of Mat's followers and claimed credit for the hack proudly. Yes, all of this pain and annoyance, was to essentially do the digital equivalent of spray-painting graffiti on a wall.
'Phobia' has since contacted several people in the media, including Mat, claiming he is sorry for at least some of what he did. He says he did it for LULZ (for a laugh), that it wasn't personal, and he wanted to bring attention to the security problems out there. This last bit seems to be serious back-peddling but given that 'Phobia' is likely very young and justifiably afraid of getting caught after causing such a stir it makes sense. If you'd like more details, Mat breaks things down quite nicely in an article on Wired. I invite you to give it a read here
So the big question is what can be done to prevent this. The thought that some random kid could perform this is terrifying to most of us, and rightly so. The trick in these situations is to not panic but step back and look at it logically. The fact that this has been so public is actually a good thing for all of us in the long run. All of the services in question are scrambling to change their policies to prevent this kind of thing from happening in the future. Others who were not targeted are likely also learning what not to do and preemptively making changes.
In the meantime the only thing we as users can do is look at the holes in our digital armor. Above and beyond everything make sure you are backing your data up frequently. It doesn't matter if its a physical hard drive or a service like Carbonite (or both) as long as its happening regularly. You can't have too many backups!
Next, make a list of your most important sites. Banking, social, shopping and especially email are the ones to really focus on. Do they all have good passwords? Take a look at my article on that
if you're not sure. Next, find the security options in each one and make sure that your security questions are not easily guessable. Things like your mothers maiden name or your favorite sports team are easily found these days for example so try not to use them.
If a service offers alternative ways to reset your password, please consider them. For example, Google can send a text message to your phone if you get locked out. A hacker is unlikely to have your cell phone handy so this works very well. Facebook and Google both give you the option to notify you if anyone logs into your account from another location, which is another good layer to think about. Even a minor roadblock can help stop a determined hacker.
Finally, even if you don't audit all of your accounts because its too much work or too confusing, please take some time to look at the hub of your e-Life: your email address. Whether its AOL, Gmail, Yahoo, Comcast, Verizon or anyone else, its the key to anyone getting into your other accounts. Everything from banking to Facebook uses your email address for password resets and other important things so its what hackers try to get to first.
In short don't let stories like this push you away from using the Internet. Nothing involving humans will ever be perfectly secure either in the digital world or the real one. The truth is that the vast majority of accounts will never be hacked into but its always a possibility. The key is for us all to be aware of it and more vigilant. In many ways preparing for hackers is similar to having plans for real world things like fires, floods and blizzards. Sure we never want to think about them but we try to be as prepared as possible. Hackers are the 21st century version of earthquakes. The damage they cause and when they strike are random but ultimately you can't live life in constant worry.
If you have any specific questions please contact me at email@example.com