Skip to main content
August 13, 2012

Security Settings and Social Engineering

Epic hack in review-

Tyler Reinhard

Ok, one more post about password security and backing up information, and then I promise to leave the topic alone for a while. This one’s important. You may have heard last week about Mat Honan, a tech journalist who, at the hands of a dedicated 19 year old hacker, lost access to his Twitter, Google, Amazon, and Apple accounts. The hacker then wiped out his Gmail (8 years’ worth), used his Twitter account to post hateful messages, and then was responsible for the remote wipe of his iPhone, iPad, and iMac. Photos, email, documents, apps – gone. All of it.

After figuring out what had happened, with the some help from the person who did it, Mat agreed to not press charges in exchange for a roadmap of how the hacker destroyed his digital world. You can find the full article here. Please take the time to read it. Then take action. The following are just a few of the steps you can take to make sure this doesn’t happen to you or your business:

  • Use a different, secure password for each account (of course). Take advantage of a password manager to help you keep track. But this is only step one. Matt had already done this, but it didn’t help him.
  • Those security questions – the ones that ask for your grandmother’s first name or where you went to elementary school? Use fake answers (ones you can remember, but others won’t be able to find by searching your digital footprint).
  • For services that offer it, take advantage of enhanced security features like Google’s two factor authentication. Yes, it’s a pain. That’s the point. It’s less of a pain than losing irreplaceable info, however, or reconstructing data/accounts.
  • Don’t tie your accounts together. Keep your Facebook, Google, Twitter, Apple, etc. accounts separate, and don’t allow them to interact with one another. This includes apps that allow you to post to both Facebook and Twitter at the same time, for example.
  • Back up your data. Then back it up again. Redundant backups, stored in different forms and different locations, help ensure that it won’t be lost forever. Make sure that at least one of your backups is not reachable from the outside world via internet connection. So by all means, back up your phone to your computer, and then back up your computer using an external drive, cloud storage, or even better – both. Don’t forget your ‘cloud’ data. It needs to be backed up, too. This is also a good opportunity to think twice about what information you’re storing in the cloud. Does it really need to be there, or would an encrypted flash drive be a better option? Read the terms of service for the cloud services you use – make sure it’s up to par for your data security needs.
  • Don’t think that this can’t (or won’t) happen to you. Though this is an example of a very dedicated hacker going after someone who had his name out there in the digital world, far too many people rely on ‘security through obscurity’. Mat may have been a slightly bigger target than most, but not by much.
  • Don’t place too much trust in any company to protect your stuff (even those you pay to use their services). This wasn’t all Mat’s fault. Remember that these businesses are just that, businesses. They are there to make money for their shareholders. This can lead to business decisions that may not always be in the best interest of securing your accounts. It also means that there are other people who have the power to grant access to your account. In this case the result was a hacker’s ability to use social engineering (read: smooth talking) to circumvent the security measures in place. To their credit, Amazon, Twitter, and Apple have all taken action to change the flawed procedures that led to this hacker’s success.

It’s a rarity to be privy to the finer details of an attack such as this one. Take advantage of the lessons learned in this case and use it as a great opportunity to review and improve the measures you currently in have in place to protect your information.