Thursday, August 9, 2012

Losing a digital life by syncing thru 'the cloud'

Monday brought the virtual world a sad and instructive story, from Mat Honan of Wired magazine. Many have reported and blogged and tweeted and commented the tale already, but if you missed all that you can find Honan's (long and full) explanation of how he got hacked on the Wired site: How Apple and Amazon Security Flaws Led to My Epic Hacking.

Here's Honan's own lede:
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

The details are fascinating if you are fascinated by La Vie Virtuel, but if you're only up for the short story it's this:

A bad guy figured out how to play the complimentary security policies of two huge digital media corporations against one another in such a way that customer service workers could be tricked into handing over control of a good guy's accounts. To make it more difficult for the good guy to stop them, they wiped out his (cloud-synchronized) digital devices.

Because everything was linked, the effect of hacking Mat Honan was to wipe out his entire digital life.

Because Honan relied on cloud services to keep his stuff safe and secure -- instead of the 'old fashioned' sort of backup technology (e.g., an external hard disk drive that is NOT remotely controllable over the internet) -- he finds himself cleaned out.

I feel bad for the man. Seriously. Here's how he put it on Monday:
Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

Those security lapses are my fault, and I deeply, deeply regret them.
Honan should have known better, he's a technology journalist, a senior writer at Wired. That's got to be a huge component of his regret. Kudos to him for turning his own humiliation into a wake up call for the rest of us.

What makes me shudder are the bazillions of digiconsumers less savvy than Mat Honan, who trust the iClouds, Carbonites, Dropboxes, Google Drives, and Sky Drives of the e-world because they're backed by companies that look like (and ought to) know what they're doing.

Think about it. Who's got time to be a digital-security expert if Mat Honan doesn't?

In the hours and days following Honan's report we've heard (this taken from a Jane McEntegart report on Tom's Hardware) that:
Following the high-profile attack, both Amazon and Apple are now working to fix these weaknesses in their systems that leave their users vulnerable to attack. Amazon yesterday said that it had taken care of the exploit in question. [...] Amazon has stopped allowing customers to change account information over the phone and Apple has stopped issuing passwords over the phone. It's not clear if either company has plans to further alter their security systems to protect against attacks such as the one against Mat Honan.
I don't think this is news that ought to make anyone sleep better at night. Apple and Amazon (and Google and Twitter and Facebook and ...) don't coordinate their security procedures.

Jeff Bezos doesn't have a weekly call with Mark Zuckerberg to make sure that Amazon's change of policy won't intersect in some odd, hidden, exploitable way with how Facebook handles user identity.

Other ways to hack cloud-based services will be found and will be exploited. If you find somebody who wants to bet against that inevitability, my advice to you is this: take the bet.

As I've said before: the technologies by which human-created information have been preserved for the longest period of time are cave painting and clay tablets.

Maybe you don't want to rewind quite that far. I don't either, most days.

But if you care about keeping your virtual life, you might consider something less ephemeral than 'the cloud' to secure your digital stuff ... something that isn't wired into the intertubes. Something whose default state when you're not paying close attention to it is unplugged.

Related posts on One Finger Typing:
Pimped by our own devices: electronica, the cloud, and privacy piracy
Moving one's life to the cloud
Safeguarding cloud ephemera Part I: the big picture
Rock, Paper, Digital Preservation

Thanks to John Ott for the cloud image included in this post, via Flickr.

No comments:

Post a Comment