What Districts Can Learn from Mat Honan’s “Epic Hacking”
If you follow technology at all, you’ve heard about Wired Magazine technology writer Mat Honan’s “epic hacking.” In less than an hour, his mobile device and notebook computer were taken over and wiped, and his Twitter account (with 18,000 followers) was used as a platform for some very offensive spamming.
Honan has been writing for some of the world’s leading technology publications for more than 12 years, so you might be wondering how this happened to him. Honan used password-encryption software 1Password to create secure passwords. He wasn’t engaged in any illegitimate online behavior. So what the heck happened?
Like many of us, Mat had several web accounts that were “daisy-chained” together. Think about this: You sign up for an Amazon account with your Gmail address (and a credit card). Then you sign up for Twitter and iTunes using the same e-mail address. Access to just one account may provide access to all of them, especially if the passwords are all the same.
In Honan’s case, the passwords were different, but hackers were able to use a technique called social engineering to access his Gmail account. From there they were easily able to access several other accounts by pretending to be Mat. Before he knew it, his Google account, along with years of e-mail, was deleted and his phone and notebook were erased, taking into the digital abyss all of the data and photos that were not backed up.
The hacking exposed some flaws in security protocols. Honan suggests web users protect themselves by following these tips:
Use strong passwords and two-factor authentication.
Using the same password for multiple accounts allows hackers to gain access to your entire digital life with very little effort. If their intentions are malicious, you might as well say goodbye to all of your data and privacy. Use alphanumeric passwords, and never use simple words that someone could guess. Remember the LinkedIn password leak? Yeah, don’t use any of those. And if you use Gmail, be sure to turn on two-factor authentication. Honan admits that if he’d done that, he probably wouldn’t have been hacked.
Back up EVERYTHING.
Failure to do this is the ultimate user error. It’s best to have at least two copies of your data somewhere besides your computer. This means cloud backup and an external hard drive, according to Honan.
I’m certainly a backup believer now. When you control your data locally, and have it stored redundantly, no one can take it from you. Not permanently, at least. I’ve now got a local and online backup solution, and I’m about to add a second off-site backup into that mix. That means I’ll have four copies of everything important to me. Overkill? Probably. But I’m once bitten.
There are many affordable options for backup these days, so find one that works for you — you’ll sleep better at night.
Clean up your trail of data.
Remember that MySpace account you opened up in 2001? And that AOL address from 1999? Close them. Delete them. You don’t want a trail of data following you around the web. Back then, you probably weren’t using very secure passwords, and if you aren’t using the services anymore, it’s time to close them down. Keep track of every site for which you have a log in, and delete them as needed.
The only good thing to come of Mat Honan’s hacking was a wake-up call. There is no reason to be unsafe on the web, so take Honan’s advice before it’s too late.
