An analysis of someones digital life being wiped out.

[sandbender]

An interesting article over on wired analyses how the article author had his digital life wiped out.

It is partly his own fault, he didn't back up his irreplaceable family photos and correspondance to something that was not connected to the internet (a CD or DVD), however the article reveals some glaring errors in the systems used by companies like Google, Apple and Amazon in the way the secure your data from theft, erasure or abuse.

http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/

It is a long(ish) read, if you skip to the end you will see some of his recommendations, not having a backup email set that uses the same or a similar name to your main one is an obvious one. So in other words don't back up your main email address bushcraftuk56b@gmail.com with bushcraftuk56b@hotmail.com.

If you own a web domain, try not to use the address that your main accounts use as a residence address for your whois registry entry.

If you use an apple computer and make use of 'iCloud' do not set up 'Back to my Mac'.

And if you use Google services set up two-factor authentication for your account.

An interesting read.

 

[mountainm]

Great article, thanks for sharing.

 

[mousey]

So the moral of the story = don't have a twitter account ???

 

[ebt.]

If you own a web domain, try not to use the address that your main accounts use as a residence address for your whois registry entry.

Sadly a lot of UK registrars wont offer domain privacy.

 

[sandbender]

So the moral of the story = don't have a twitter account ???

I think the moral of the story is don't presume that companies like Apple, Google and Amazon won't simply hand over control of your accounts to anyone who can harvest some fairly straightforward information of the internet.

This wasn't about the strength of his passwords, but flaws that exist in the password recovery systems of those companies.

 

[mousey]

I think the moral of the story is don't presume that companies like Apple, Google and Amazon won't simply hand over control of your accounts to anyone who can harvest some fairly straightforward information of the internet.

This wasn't about the strength of his passwords, but flaws that exist in the password recovery systems of those companies.

Oh yea that too

 

[abominable_scouse_monster]

This wasn't a software exploit, it was a meat-ware hack or social engineering attack and lax processes mostly in Apple and Google.

 

[boatman]

What a fool to have linked accounts etc.

 

[ged]

The scary thing in all this is that this guy is some kind of a technology journalist, and when he's not writing articles about how dumb he's been he's writing articles about everything else that he can think of on the digital scene that people will read, and, quite possibly, believe.

 

[chris_irwin]

I'm slightly confused as to how he has lost all the data from his Macbook. If the hackers simply remotely erased all the data, it would still be located on the hard-drive, just not referenced to any particular location or memory. There are a variety of tools that could extract this data fairly easily. I didn't read the whole article, so I'm not sure if he did in fact do this.

Anyway, it's an interesting prospect, perhaps more people will think twice before storing all their data in one location and using insecure password recovery questions. It's easy enough to buy an external hard-drive to back up your data, or use something like drop-box.

 

[ebt.]

What amazes me is how many sheeple have their date of birth on their facebook pages. Not that anyone would use that as part of a security check....

ps. chris, dropbox got badly compromised about 6 months ago. The basic answer is to assume nothing is totally secure online unless YOU control its encryption. Now if you ran truecrypt too, you'd be safe

 

[sandbender]

"...I'm slightly confused as to how he has lost all the data from his Macbook. If the hackers simply remotely erased all the data, it would still be located on the hard-drive, just not referenced to any particular location or memory. There are a variety of tools that could extract this data fairly easily. I didn't read the whole article, so I'm not sure if he did in fact do this..."

The 'Back to my Mac' system referred to in the original article allows a Mac owner to remotely lockdown an already encrypted hard drive on a stolen computer. Which probably seemed like a cool idea when he set it up, not so cool when someone can so easily compromise his system and lock him out of all his Apple devices.

His data is still on his machines but now encrypted with a password he doesn't have and will never know.

 

[mousey]

The scary thing in all this is that this guy is some kind of a technology journalist, and when he's not writing articles about how dumb he's been he's writing articles about everything else that he can think of on the digital scene that people will read, and, quite possibly, believe.

Spot on, most 'experts' are making it up like the rest of us...

Never trust what you read and only trust technology as far as you can throw it

 

[beachlover]

Would he have been stiffed if he had all his important data / pics / life on an external hard drive?

 

[sandbender]

Would he have been stiffed if he had all his important data / pics / life on an external hard drive?

No, he'd have been fine. He had an Apple computer the OS of which has an 'idiot proof' backup system for just that purpose. However his emails would still have been lost if he wasn't using some form of desktop mail program to make local copies from his gmail mail.

Of course any data stored on a hard drive is temporary, all hard drives can and will fail. Always back up your irreplaceable data to multiple CDs or DVDs.

 

[abominable_scouse_monster]

Mail (OSX default mail client) automatically backs up on mac's to the time capsule, thunder bird however dose not so it depends on how clean he liked his inbox. Also the find my mac and secure erase features are also present on the Time capsules so can be remote wiped too.

This kind of thing happens quite alot, but is only really brought to light when a Journalist happens to have it done to them I have lost count of the amount of people who get in touch with me when they have been owned by some one a surprising amount of people have it done by former girlfriends or boyfriends. I am lucky in that I can normally help get most on-line accounts back under control and I do data recovery (forensics grade) on a PC or laptop that's been formatted.

 

[sandbender]

"...Mail (OSX default mail client) automatically backs up on mac's to the time capsule, thunder bird however dose not so it depends on how clean he liked his inbox. Also the find my mac and secure erase features are also present on the Time capsules so can be remote wiped too..."

I didn't know that a time capsule could be zapped too.

For the PC users, a 'Time Capsule' is a wireless backup drive used by Apple's 'Time Machine' application. However the Application will also work with a hard drive that you only plug in now and then and otherwise keep disconnected in a bag or drawer, in that situation the data would be recoverable.

Mozilla's Thunderbird mail Application will by default store your email locally on your hard drive, and thus would be recoverable if you'd backed either your entire hard drive or at least your home folder to CD/DVD off board hard drive.

However as with OS X's Mail program Thunderbird does not store emails in the commonly used .mbox format, a bit of jiggery pokery is needed to do so with both applications and indeed with many PC based mail programs too.

Backing your emails up to the .mbox format will allow you to import your old emails in other programs or other web based mail providers.

 

[abominable_scouse_monster]

I always recommend keeping at least two backups one that is easily accessible i.e. a NAS like the time capsule and a 2nd off line, I have DD image of all my drives in a 2nd location taken once a week automatically over night to a set of drives thats only ever used for backups and kept off line when not backing up.

 

[Wayland]

I now back up my photos once a month or after a particularly productive trip, onto a separate hard drive which is then removed.

But I must confess it's still kept in the same building as I have no easy options there.

 

[abominable_scouse_monster]

If you want I can post up a automated back up tutorial I wrote a while ago with updates etc,and Wayland can you take a copy on CD, or External HDD and leave it at a Friends or Relatives house?