A Wired.com technology writer’s recent hacking was a particularly sad case of what can happen when cyber-thieves get access to your information. Using security loopholes in Amazon, Apple, Google and Twitter, hackers were able to gather enough information to remotely wipe Mat Honan’s iPhone, iPad and MacBook clean – including irreplaceable pictures of his baby’s first year of life.
According to Honan, the hackers used access to his Amazon.com account to get into his Apple ID account. That gave them access to his Google account. After his Google account was taken over and deleted, they used his Twitter account as a platform to broadcast racist and homophobic messages. “In many ways, this was all my fault,” he says. “My accounts were daisy-chained together.” Plus, he hadn’t been regularly backing up his MacBook.
Honan’s story not only exposed serious flaws in some companies’ security practices (the magazine subsequently reported that Amazon had quietly closed a security hole and that Apple had suspended over-the-phone password resets), but also serves as a cautionary tale for all individual technology users out there. After all, Honan wasn’t targeted because he was a journalist, or because he had influential names in his Rolodex. It was because his 19-year-old hacker liked his Twitter handle.
Following his harrowing account, a number of online guides on avoiding exposing your own technology to hackers sprang up in newspapers and online. Here are some of the highlights:
Use Two-Factor Authentication
Huffington Post’s Gerry Smith notes that Honan had not turned on Google’s two-factor authentication feature. When a user turns it on, Google sends a text message with a code they must enter when they sign in, along with their username and password, which adds an extra layer of security if your password is stolen.
Create Separate Apple IDs
An Apple ID has become the key identifier for accessing the company’s services, from storing data in iCloud to downloading apps. Experts recommend creating different IDs for different Apple accounts, so if your App Store or iTunes are compromised, hackers can’t also get to the sensitive information you have stored in the cloud (like Honan’s pictures of his daughter).
Use Multiple Email Accounts
The Guardian UK’s Jack Schofield says that that Honan’s case, however extreme, highlights the risk in using the same email address for all your online accounts. It wouldn’t be impractical, he says, if you use a desktop email program such as Windows Live Mail or Microsoft Outlook, since a single “send/receive all mail” will collect email from multiple email accounts.
Honan was less angry with himself for not backing up his MacBook than he was at his teenaged hackers for wreaking havoc, he says. Schofield says that the simple solution is to have a desktop or laptop PC backed up to an external hard drive and synchronized using a program like FreeFileSinc (which is what he uses). You can also store copies of important things using online services like Dropbox, Carbonite or Mozy.
About the Cloud
Finally, the trend toward keeping data online (in the cloud) may be convenient, but it’s also risky. Someone using the same public Wi-Fi can hijack your session cookies and get access to your email and Facebook accounts, Schofield notes. And it’s easy to add a cheap keylogger to any publicly accessible computer, he says. As Honan writes, “Password-based security mechanisms – which can be cracked, reset, and socially engineered – no longer suffice in the era of cloud computing.” The better alternative, Schofield says, is using secure https connections rather than http.
Do you have some security tips the experts didn’t cover? Share them here. And to learn more about such online threats as identity theft, read our recent article on how to prevent fraud at home and beyond.