Clever Hackers are Able to Destroy Digital Lives

by Jim Malmberg

Multiple Devices

You can’t exactly call what happened to Matt Honan identity theft, but it certainly comes close. Honan blogs for Wired, so one has to assume that he’s pretty familiar with internet security. But because data that Amazon.com thinks is unimportant is used by Apple to verify the identity of account holders on Apple’s platform, an ingenious hacker was able to take over his accounts on Apple, Google and Twitter and basically destroy his digital life. It’s a story that leads to one conclusion. Corporate America needs to develop a uniform data security policy in which they all agree on which data is secret and which data is public for identification purposes.

By Honan’s own admission, he had chained all of these accounts together. That left him vulnerable to an attack. Essentially, he lived “in the cloud”. If you haven’t heard that term before, it really means that your digital life is no longer just what is stored on your computer or your phone. It now includes all of the data you store online. All of that data, regardless of where it is stored, is interconnected. And in Honan’s case, the cloud turned dark.

What happened to him was very simple. Apparently Amazon will display the last four digits of the credit card you use when you log onto your account. If you use the same credit card for your account with Apple, they use those same last four digits of your credit card to verify your identity. So if someone can break into your account on Amazon, they can probably take over your life on Apple.

Because Honan’s digital life revolved around Apple, he had real issues. He had an iPhone and an iPad, which linked to his accounts on Twitter and Gmail. The hackers that got into his account reset his Apple password, wiped out all of the data on his phone and iPad (including pictures and documents), wiped out his email on Gmail and went on a racist rant on Twitter. All of this took about an hour based on Honan’s account.

There are a couple of issues here. First is that one company’s publically observable data may provide the “keys to the kingdom” (so to speak) at another company. There needs to be some coordination to change this. Based on Honan’s post, it is apparent that both Apple and Amazon have been aware of this issue. What is less clear is what they are doing to address it.

The second issue is that as more and more of our lives move into the digital relm, it might be a good idea to start protecting data in a different way. Just think about it. When automobiles were first produced, they didn’t require a key. But it became apparent that without some device being installed on them – an ignition switch – anyone could simply walk up to your car and drive off with it. Over the years, those keys have become more and more secure.

It is time to do the same thing with the internet. Passwords only work if people use different passwords on different sites. Very frankly, that’s probably an impossibility for most people. They belong to too many sites to have different passwords for all of them. And, even if they could manage that many passwords, people tend to be lazy. So the answer is probably to install some sort of a physical device on computers. Something that recognizes a finger print or which does a retina scan to grant access to various websites.

Whatever the answer is, it needs to take place quickly. Of course, whatever the answer is, it will come too late for Honan. He needs to start his digital life all over.

­­__________________

Jim Malmberg, ACCESS, American Consumer Credit Education Support Services, is a non-profit, tax exempt 501(c)(3) consumer advocacy group whose primary purpose is to disseminate credit education information and assistance to the general public, visit www.GuardMyCreditFile.org