Epic hack – what it means to you

Unless you live under a rock you probably already have heard about the “Epic Hack” that compromised technology journalist Mat Honan’s online life on August 3 2012. Mat was a former editor for Wired magazine and currently a senior reporter at Gizmodo, a technology gadget website.

As Mat describes in his article “How Apple and Amazon Security Flaws Led to My Epic Hacking“, in the space of one hour his entire digital life was destroyed. He lost his Google and Twitter accounts, once the hackers gained access to the AppleID account they performed a “remote wipe” which is basically a factory reset to his iPhone, iPad and MacBook. He performed regular backups of his Apple devices, but those were deleted too.

Mat blames himself – but this raises monstrous concerns about security, especially when accounts are linked together.

This hack was not about brute force attacks or some kiddie script churning away until it hit pay dirt. No – this hack was well planned and exploited everyday issues we as users run into. What this hack did was expose vital security flaws at Apple and Amazon, mainly in their customer service.

It seems Amazon and Apple deem a little piece of information at different sides of the security spectrum – the last 4 digits of your credit card number. To summarize – Amazon considers the last digits of your credit card number unimportant and displays them in the clear, whereas Apple considers them secure and uses them for identity verification.

This created a perfect storm allowing the hackers to take control of several accounts. Basically here is how it played out:

  1. Hackers gained access to Amazon account
  2. Hackers gained access to AppleID account
  3. Hackers delete Google account
  4. Hackers post prohibited comments on Twitter, account suspended
  5. Hackers remote wipe iPhone
  6. Hackers remote wipe iPad
  7. Hackers remote wipe MacBook
  8. Hackers delete all Apple backups

In less than an hour, this completely destroyed Mat’s online presence and obliterated every digital device he owned that accessed the Internet leaving him unable to get connected.

This was allowed to happen for different reasons, but mainly because several of his accounts were linked together and customer service did not follow security policy procedures.

Apple and Amazon have since changed their security policies to avert future exploits. But as mentioned above – Mat also blames himself.

It brings up a good topic that we have been telling our customers for years. That is – do not use the same password for all your online accounts, in fact you should have a different password for each account. Plus – you should make sure that when you link accounts together, there is some sort of verification between them. Either by a secondary password or by IP address. These two items can save your online identity. Google employs a two-step verification, but this was not activated. This is why Mat blames himself just as much as Apple and Amazon.

“Although this is a sad event and this is exactly what we are trying to fix with our cloud solution, triple-layer security with backup and disaster recovery automatically built-in”, states James Roten, CEO of Raven Cloud Computing.”Cloud computing has the same challenges as on-premise LAN / WAN / MAN computing”, he goes on to say.

We have always used and we suggest to our customers that they use different administrator passwords for their desktops, servers, routers, switches, firewall and wireless devices. This way, if one method is exploited the damage is limited to just that segment. You should do this too to all your online accounts.

If you would like, we provide a Free Technical Assessment, this can be beneficial to new and startup companies that are not sure where to start. You can always find our cloud and hosted services in the right column of this page or by simply going to our website at Raven Cloud Computing.

, , , , , , , , , , , , , , , ,

About Barry Bestpitch

Barry Bestpitch has helped a wide range of businesses launch, re-brand, and flourish. Barry has worked in various business development , marketing positions and executive staff positions, he is experienced in all media and in small and large scale marketing. He is strong at writing business plans and proposals as well as aiding with your funding search. Barry has acted as a coach and mentor to many business owners and executives.

View all posts by Barry Bestpitch

Subscribe

Subscribe to our RSS feed and social profiles to receive updates.

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: