TOPICS > Science

A Perilous Cyber World: Guarding Personal Information from Hackers and Thieves

August 14, 2012 at 12:00 AM EST
When tech writer Mat Honan's iCloud account was hacked, he lost control over his emails, phone, and personal computer, losing correspondence, photos of family members and more. Jeffrey Brown gets a lesson in protecting personal information online from Mat Honan of Wired magazine and Peter Pachal of Mashable.
LISTEN SEE PODCASTS

TRANSCRIPT

JEFFREY BROWN: And we begin an occasional series about the way we live ever more of our lives online in the digital age, and some of the risks and rewards connected with this evolution.

In coming segments, we will discuss the connections and disconnections of online life, the differences between engaging online and in the physical world, and what does it mean exactly when a video go viral.

We begin with a look at just how much of us, our identities, are online, and how vulnerable that can make us.

Mat Honan learned this firsthand recently when he was hacked and lost control of his phone, email and personal computer. He told the tale in “Wired” magazine, where he’s a technology writer.

Also joining us is Peter Pachal, who watches this world closely as the technology editor for the Web site Mashable.

So, Mat Honan, you can be our case study, I guess, to start. How much of you, of your life existed online in some form or other before you got hacked?

MAT HONAN, “Wired”: Well, like a lot of people, you know, it’s an increasing amount every year.

I had probably more than most. I had eight years or so of Gmail history in there. And then, in addition to that, I was using Apple’s iCloud service, which, while my data wasn’t stored online, had an online component that let people wipe my computer, wipe my iPad, wipe my iPhone. So, although the data wasn’t there, the control of that data was there.

JEFFREY BROWN: Well, so, it’s a long story. We can’t go into everything that happened to you. But tell us, where did you see the — where were you most vulnerable? What did you find out?

MAT HONAN: What I found out, interestingly, was that it wasn’t like there was one key area that was vulnerable.

We tend to now give lots of different companies lots of little bits of information. So in my case, what hackers were able to do was to take one small bit of information from Amazon, the last four digits of my credit card number, and use that to get access to my Apple account which they were to use to get into all these other accounts, my Google account, my Twitter account.

And to me it highlighted how all of these services are really linked together and how little control we have over what’s happening with our data that’s in them.

JEFFREY BROWN: Well, Peter Pachal, let me bring you into it.

A little control or little awareness of how much we have there and how vulnerable we are? What do we know about people’s sort of psychology and knowledge of life online?

PETER PACHAL, Mashable: Well, I think Mat said it best in his piece when he said that he basically created an Apple I.D. years ago, like a lot of us did, simply to download songs for 99 cents each.

And now that same account is now linked to so many different services that Apple provides. I mean, iCloud is obviously the main one that served as a catalyst here. So it really kind of bears taking a step back on, you know, just how many of these accounts we have, how they have grown, and also how they’re linked.

I think, like, one of the big takeaways, I think, from Mat’s story and others is that do the best you can to isolate your services from each other, use different emails, different passwords, password managers and certain other tools to help you with that, because, you know, it’s rather — it’s like dominoes. One gets hacked and the rest fall.

JEFFREY BROWN: Well, Peter, staying with you, I want to ask you more about passwords, because that is, of course, one of the best ways to protect all these different things we use, and yet most of us, of course, have a hard time remembering too many passwords. I read about how many people use very simple passwords, even though they’re warned otherwise.

PETER PACHAL: Yes, I’m glad you brought that up.

There are a number of password-managing tools that are free to use or cost a very small fee that work for both the Web and your phone. And that’s obviously the absolute best solution, because they can also generate random passwords, so you don’t even have to remember them. And they have automatic log-in tools and that kind of thing.

Now, realistically, I know that a lot of people aren’t going to do that, even though we all sort of know we need to. I personally have been guilty of using the same password for other services. I probably shouldn’t say that on air, but I have been guilty of it. I now use a password manager.

But the — if you’re not going to use a password manager, at the very least, do not use the same password that you use for a simple service that you’re only going to sign up for once and use that same password for your banking information. At least have a few tiers of security in the passwords you’re remembering. Use like a single easy-to-remember password for stuff you’re only going to sign up for once, another one for something more secure like email, and something really hard for your online bank.

But that’s not the best solution. It’s not even really good solution. But at least it’s better than using the same password for everything, which I do know a lot of people do.

JEFFREY BROWN: Well, Mat, I saw you smiling as he was talking about the passwords and admitting to not always being as fully useful of them as any of us should be.

What was your — what would you add to that about the — you know, it’s a very human psychology not to overdo the passwords, not to make it too complicated.

MAT HONAN: Right.

My password scheme — this is what was interesting. My password scheme was actually pretty complicated. I was using a password manager. I wasn’t reusing passwords. And I was able — I was hacked basically by people calling up companies on the phone and calling the tech support department and getting passwords reset.

But I think that one of the things that we all — whether you’re talking about passwords or turning on extra layers of security in Gmail or Facebook, you always have this tradeoff between security and ease of use.

And as we continue to give more and more of our information, our financial information, our credit card numbers, our addresses, things like that to Web services that we don’t have any control over, I think we’re going to have to start understanding and accepting that security is not always going to be easy and it’s just a price we’re going to have to pay.

JEFFREY BROWN: Well, so, what do you advise? You guys are in this world. And you’re always up on the latest gadgets. What about the rest of us?

Mat, starting with you, I mean, what do you advise? What do you tell friends?

MAT HONAN: One of the main things that I think people should be doing is making local backups of their data regularly.

I didn’t do this. I was guilty of it. And it’s why I lost, you know, about a year-and-a-half worth of photos of my daughter. Another thing that I think you should do is to set up a password manager, something like 1Password or LastPass, where you can store all these complex passwords.

And then there are security solutions that — like Google offers that are called two-step services. Facebook has something similar, where you use a password and your phone. You have to basically get a text message on your phone to log into the site from a new computer.

JEFFREY BROWN: And, Peter, just our last word from you, because I know you have also looked at the — we haven’t talked about the people who are doing the hacking, but presumably they’re staying up on all of this as well to stay a step ahead, right?

PETER PACHAL: Yes, but so are security companies. Mat mentioned ease of use. And I’m glad he brought that up.

I mean, there is some stuff that is sort of being introduced now. It’s the field of biometrics, which is basically using fingerprints and things like your voice as your password.

Now, there’s a lot to be figured out with these technologies, particularly on the back end for I.T. managers.

But promise is that you would basically use your voice as your password, because if the app can know it’s actually you speaking, then the password becomes redundant. Then you can just throw it away. And it just won’t let in anyone else. So, that sort of has a lot of promise. And I hope it actually turns out to basically solve a lot of these issues of inconvenience.

JEFFREY BROWN: And, Mat, just finish your story here. You were able to restore a good deal of the information?

MAT HONAN: I got everything back that was stored — ironically, that was stored in the cloud. Everything in the cloud is back. Everything in my Google account, I got back.

The stuff that was on my hard drive what was remotely wiped, it was remotely deleted, I still have not got back yet. It’s at a data recovery place right now.

JEFFREY BROWN: All right, good lesson for everybody.

Mat Honan, Peter Pachal, thank you both.

MAT HONAN: Thank you.

PETER PACHAL: Happy to be here.