Technology journalist Mat Honan, who has most recently written for Gizmodo and Wired, made headlines for all the wrong reasons last week. In an unfortunate case of life imitating art, Honan found himself the victim of the type of digital disaster he had come across countless times in his industry coverage. Within minutes, Honan's online identity was unraveled before his eyes as he helplessly watched hackers commandeer and corrupt his accounts.
Amid these regrettable circumstances, however, Honan has decided to do an admirable thing. Instead of retreating from the spotlight as he gets his affairs in order, Honan will chronicle his trying times with a level of candor and transparency he hopes will inspire thoughtful discussion and more vigilant data protection among consumers and business professionals alike.
"In the space of one hour, my entire digital life was destroyed," Honan wrote in an explanatory post for Wired. "First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad and MacBook."
While the blame for such a catastrophic sequence of events can be cast in several directions, Honan began by pointing the finger at himself. In his reflection, the columnist suggested that his fatal flaw came down to a case of lazy password management. Despite the heightened awareness of data security fundamentals he carries around as an industry expert, Honan admitted to letting convenience win out over best practices.
As a result of password recycling, his accounts were effectively "daisy-chained together." Once hackers breached his Amazon profile, they were able find his AppleID and eventually break into his Gmail account as well. In fact, Honan suspects that the original goal of the hackers was to disrupt his Twitter account and embarrass him by posting crude messages. However, the interdependence of his security defenses likely left them with an opportunity that was too good to pass up.
"Had I used two-factor authentication for my Google account, it's possible that none of this would have happened," Honan suggested in his mea culpa. "Had I been regularly backing up the data on my MacBook, I wouldn't have had to worry about losing more than a year's worth of photos, covering the entire lifespan of my daughter, or documents and emails that I had stored in no other location."
Not an isolated incident
As Honan dug deeper into the incident and started peeling back the layers of the response protocols practiced by Amazon and Apple, a number of suspicions were confirmed. Most notably, the columnist has charged Apple's tech support team with inadvertently giving hackers access to his personal cloud storage account after they had garnered a partial credit card number through a separate security lapse at Amazon.
"In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification," Honan wrote. "The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices."
Suddenly, Steve Wozniak's recent off-the-cuff prognostication of a cloud doomsday scenario doesn't seem so far-fetched.
In fact, InformationWeek columnist Dino Londis suggested that this incident has placed one very inconvenient truth at the center of the cloud security dialogue. Simply put, the rise of consumerization has triggered the lowering of protection standards. And while watching consumers prioritize convenience over security is not altogether surprising, vendors and IT teams have been following suit, to a certain extent, themselves.
Londis pointed to the popularity of Android devices as a prime example of this phenomenon. While the mobile operating system could hardly do more in planting the seeds of security doubt, the handsets are having no trouble finding their way into the office or attracting the attention of commercial application developers.
As more personal and professional computing tasks converge in virtual environments, the security of public cloud servers is more important than ever. This should be a pretty alarming realization, according to Londis, considering a pair of tech-savvy teenagers needed nothing more than a smartphone to outwit Apple and Amazon and destroy Honan's digital identity.
Taking out an insurance policy
There is little hope that cloud computing will diminish in popularity, or that its security loopholes will be closed in the immediate future. As a result, focus must return to the tried and true defense strategies that are already available.
According to Network World, the Honan hack could finally help two-factor authentication reach critical mass. Considering what's at stake, should account holders really be relying exclusively on eight-character passwords and a question about their favorite color to guard their online identities? Even before launching into a discussion of the affordability and feasibility of biometrics, something as simple as sending an SMS message to users has already proven effective for Gmail and likely would have protected Honan had he subscribed to the feature.
What's more, the writer's troubles could help restate the case for physical data storage strategies. While backing up files and photos in the cloud represents a convenient and effective means of disaster recovery, its success is still reliant on how well cloud identities are being guarded by service providers and users, according to Network World. Given the rate of public cloud breaches and Honan's elucidation of the misaligned security protocols observed by cloud hosts, virtual storage no longer seems to be a silver bullet. Instead, even your cloud backup should have a backup.
Cloud Security News from SimplySecurity.com by Trend Micro