August 5, 2012
Gizmodo Hacking Illustrates Cloud Computing Security Concerns
redOrbit Staff & Wire Reports - Your Universe Online
Consumer electronics weblog Gizmodo was the victim of a sophisticated cyberattack in which a hacker was able to gain access to one of their social media accounts by first cracking into the iCloud account of a former contributor, various media outlets reported over the weekend.According to Emil Protalinski of ZDNet, the Gawker Media-owned website had their Twitter account hacked into Friday by a group identifying themselves as Clan VV3. Protalinski said that the website regained control of the account after a short time, but not before its more than 400,000 followers received offensive and racist posts courtesy of the attackers.
As it turns out, the group gained access to Gizmodo's Twitter account through the Twitter account of journalist and former employee Mat Honan. They also gained access to Honan's email account, and were able to remotely access and wipe his iPhone, iPad, and MacBook computer, after cracking the password he used for his Apple cloud-computing service account, Forbes contributor Adrian Kingsley-Hughes explained.
"At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash," Honan said, according to Forbes. "My password was a 7 digit alphanumeric that I didn´t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it´s not. Especially given that I´ve been using it for, well, years and years. My guess is they used brute force to get the password, and then reset it to do the damage to my devices."
"The backup email address on my Gmail account is that same .mac email address," he continued, adding that by 5:05pm his Google Account password had been changed and his iPhone, iPad, and MacBook Air had all be wiped clean. "I still can´t get into Gmail. My phone and iPads are down (but are restoring). Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I´m a jerk who doesn´t back up data, I´ve lost at more than a year´s worth of photos, emails, documents, and more. And, really, who knows what else."
Honan's tale is the kind of horror story that undoubtedly makes every laptop, tablet, and smartphone user shiver in fear and break out in a cold sweat. So what can the average tech geek do to protect himself or herself? Gizmodo's Eric Limer offered up a few suggestions in an August 4 article, including using complex passwords, using different ones for every account, activating two-step authentication whenever possible, and regularly cleaning out permissions.
He also warns against leaning too heavily on the cloud, explaining that while it's "great to have online storage you can get at from all your various devices," that removable hard drives and similar devices are far more secure -- a wise warning considering not only what happened to Honan, but also the recent hacking of another cloud service, Dropbox.
"No matter what steps you take, you can't totally rule out the possibility of getting hacked; if someone's really out to get you, they can probably get you eventually," Limer said. "You're going to want to take every step you can though, just to be safe. If you do get hacked, you're going to be kicking yourself for every little precaution you didn't bother to take."