If you’d been following Mat Honan’s harrowing story this weekend, you’ve learned that the Wired writer was completely hacked by a pair of 19-year-olds who targeted him because he had a cool Twitter handle. Honan has updated his tale and posted it on Wired where he goes through the seemingly innocent processes used to eventually wipe out his laptop hard drive, erase his digital identity, and essentially break the trust we all place in the cloud.
Like most hacks, the methodology was mundane. The hackers essentially reset his iCloud password, giving them access to other accounts including Gmail (which they erased), his idevices (which they locked), and his laptop (which they wiped remotely). It was a series of dick moves generated by two kids who had little understanding of what they did and clearly panicked. Then they reached out to Honan to explain their actions. They told him “I honestly didn’t have any heat towards you before this. i just liked your username like I said before.”
Honan’s biggest failure here is that he didn’t back up. Because they remotely wiped his hard drive, all of the photos of his new baby daughter are gone as is most of his laptop data. It’s a lesson in data management: we can trust the cloud for a while, but always assume it will be gone. Always, always, always back up.
In the end we’re actually lucky that Honan got hit. He can raise a stink and Apple and Amazon and Google will listen to his tale of woe and hopefully implement improvements that will prevent this from happening again. But will it happen again? Absolutely. Passwords are like door latches – a dedicated opponent will defeat them eventually. They make us all feel safe, they encourage a sense of stability, and they more often than not offer some form of security theatre rather than real safety. But they’re the best we have. We have to hope that no one has “heat towards us” and that Honan’s terrible story – and it pains me to think that he’s lost his baby photos permanently – is a lesson to us all.
[Image copyright Ned Shaw]