On the CircuitAs we went to press Wired journalist Mat Honan was hit with what he described as an "epic hack." 8/14/2012 8:00 AM Eastern
On the Circuit
Aug 14, 2012 12:00 PM, By Cynthia Wisehart
As we went to press Wired journalist Mat Honan was hit with what he described as an "epic hack." That wasn’t just trendy glibness—it was epic. But it would have been more accurate to say "catastrophic hack" or "devastating hack." "Heartbreaking" would have worked too, since he lost all his pictures of his 1-year-old daughter. Some in the media said, "chilling." That would have been my adjective.
By the time you read this it is old news that in the space of one hour, his entire digital life was destroyed, as he put it. First the hackers took over his Google account, then deleted it. Next they used his Twitter account to broadcast racist and homophobic messages. And most dramatically, they broke into his AppleID account (by simply phoning an Apple tech and lying), and used it to remotely erase all of the data on his iPhone, iPad, and MacBook.
Let’s quickly pass through lesson one: Back. Up. But beyond that is a vast cloudy landscape full of more lessons than we can learn right away. The very thing that makes the cloud cool (all devices sharing a single, constantly updated storage platform) makes it perilous. Our natural desire to take advantage of the convenience and connectedness, to link accounts, repeat passwords, etc., makes a bad situation worse.
But the most important thing to understand both personally and professionally is that the cloud is in the hands of cloud service providers (whether Apple or someone else) that are not really in the business of insuring security. They don’t know how to, and can’t really afford it on their business model. Which would be fine if the cloud were not the most tempting target ever.
Hopefully the Honan Hack will make Apple, Google, and now Microsoft realize that if they are going to mandate users to the cloud, as they wish to do, they will have to do better on security. They will only do as much, however, as we all demand. As long as there are enough complacent users willing to risk destruction, there won’t be much incentive to make meaningful improvements.
Professionally you can already read the CIOs talking somewhat impotently about the cloud security oxymoron. But network security has pretty much always been an oxymoron even before the cloud. Once we all had computers, security was the price we agreed to pay for progress. Same again with the cloud only more so, especially in a world where people are growing up on Facebook with no idea of what a secret even is.
We’re all getting sloppy. That really will have to change, but not by giving up the cloud.