Marc Goodman is one of the nation’s leading experts on global security and author of a best-selling book. He is a keynote speaker for the upcoming NexGen Cloud Conference & Expo which, like the Midsize Enterprise Summit, is operated by The Channel Co. We asked Goodman if he would share some of his insights via excerpts from his Future Crimes which delves inside the digital underground and the battle for our connected world.
Below is an excerpt from Chapter One of Goodman’s book.
"Mat Honan’s life looked pretty good on-screen: in one tab of his browser were pictures of his new baby girl; in another streamed the tweets from his thousands of Twitter followers. As a reporter for Wired magazine in San Francisco, he was living an urbane and connected life and was as up-to-date on technology as anyone. Still, he had no idea his entire digital world could be erased in just a few keystrokes. Then, one August day, it was. His photographs, e-mails, and much more all fell into the hands of a hacker. Stolen in just minutes by a teenager halfway around the world. Honan was an easy target. We all are.
Honan recalls the afternoon when everything fell apart. He was playing on the floor with his infant daughter when suddenly his iPhone powered down. Perhaps the battery had died. He was expecting an important call, so he plugged the phone into the outlet and rebooted. Rather than the usual start-up screen and apps, he saw a large white Apple logo and a multilingual welcome screen inviting him to set up his new phone. How odd.
Honan wasn’t especially worried: he backed up his iPhone every night. His next step was perfectly obvious—log in to iCloud and restore the phone and its data. Upon logging in to his Apple account, he was informed that his password, the one he was sure was correct, had been deemed wrong by the iCloud gods. Honan, an astute reporter for the world’s preeminent technology magazine, had yet another trick up his sleeve. He would merely connect the iPhone to his laptop and restore his data from the hard drive on his local computer. What happened next made his heart sink.
As Honan powered up his Mac, he was greeted with a message from Apple’s calendar program advising him his Gmail password was incorrect. Immediately thereafter, the face of his laptop—its beautiful screen— turned ashen gray and quit, as if it had died. The only thing visible on the screen was a prompt: please enter your four-digit password. Honan knew he had never set a password.
Honan ultimately learned that a hacker had gained access to his iCloud account, then used Apple’s handy “find my phone” feature to locate all of the electronic devices in Honan’s world. One by one, they were nuked. The hacker issued the “remote wipe” command, thereby erasing all of the data Honan had spent a lifetime accumulating. The first to fall was his iPhone, then his iPad. Last, but certainly not least, was his MacBook. In an instant, all of his data, including every baby picture he had taken during his daughter’s first year of life, were destroyed. Gone too were the priceless photo- graphic memories of his relatives who had long since died, vanquished into the ether by parties unknown.
Next to be obliterated was Honan’s Google account. In the blink of an eye, the eight years of carefully curated Gmail messages were lost. Work conversations, notes, reminders, and memories wiped away with a click of a mouse. Finally, the hacker turned his intention to his ultimate target: Honan’s Twitter handle, @Mat. Not only was the account taken over, but the attacker used it to send racist and homophobic rants in Honan’s name to his thousands of followers.
In the aftermath of the online onslaught, Honan used his skills as an investigative reporter to piece together what had happened. He phoned Apple tech support in an effort to reclaim his iCloud account. After more than ninety minutes on the phone, Honan learned that “he” had just called thirty minutes prior to request his password be reset. As it turns out, the only information anybody needed to change Honan’s password was his billing address and the last four digits of his credit card number. Honan’s address was readily available on the Whois Internet domain record he had created when he built his personal Web site. Even if it hadn’t been, dozens of online services such as WhitePages.com and Spokeo would have provided it for free.
To ascertain the last four digits of Honan’s credit card, the hacker guessed that Honan (like most of us) had an account on Amazon.com. He was correct. Armed with Honan’s full name and his e-mail and mailing addresses, the culprit contacted Amazon and successfully manipulated a customer service rep so as to gain access to the required last four credit card digits. Those simple steps and nothing more turned Honan’s life upside down. Although it didn’t happen in this case, the hacker could have just as easily used the very same information to access and pilfer Honan’s online bank and brokerage accounts.
The teenager who eventually came forward to take credit for the attack—Phobia, as he was known in hacking circles—claimed he was out to expose the vast security vulnerabilities of the Internet services we’ve come to rely on every day. Point made. Honan created a new Twitter account to communicate with his attacker. Phobia, using the @Mat account, agreed to follow Honan’s new account, and now the two could direct message each other. Honan asked Phobia the single question that was burning on his mind: Why? Why would you do this to me? As it turns out, the near decade of lost data and memories was merely collateral damage.
Phobia’s reply was chilling: “I honestly didn’t have any heat towards you . . . I just liked your [Twitter] username.” That was it. That’s all it was ever about—a prized three-letter Twitter handle. A hacker thousands of miles away liked it and simply wanted it for himself.
The thought that somebody with no “heat” toward you can obliterate your digital life in a few keystrokes is absurd. When Honan’s story appeared on the cover of Wired in December 2012, it garnered considerable attention . . . for a minute or two. A debate on how to better secure our everyday technologies ensued but, like so many Internet discussions, ultimately flamed out. Precious little has changed since Honan’s trials and tribulations. We are still every bit as vulnerable as Honan was then—and even more so as we ratchet up our dependency on hackable mobile and cloud-based applications."
Here is some additional information on Goodman’s book http://www.futurecrimesbook.com/