If you’re at all involved in the world of online identities and interactions — as you obviously are, since you’re reading this blog post — then an article/essay published yesterday by a tech journalist for Wired may prove to be one of the most frightening things you’ll read this year. And its impact is augmented by the fact that it came just a day after Apple co-founder Steve Wozniak was quoted with a serious public warning about our current, collective, headlong rush into a future of cloud-based computing. Together, they call for a pointed and personal “come to Jesus” moment of serious reflection and reconsideration as we all go about the increasingly dangerous business of leading lives that are increasingly channeled online.
On Monday Mat Honan, a senior writer for Wired’s “Gadget Lab,” published an extensive piece that details his horrific experience, beginning last Friday, of being hacked across his entire digital profile, resulting in the permanent loss of pretty much his entire online life to date:
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
— Mat Honan, “How Apple and Amazon Security Flaws Led to My Epic Hacking,” Wired, August 6, 2012
He says he accepts a large share of responsibility for what happened to him:
In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, itâs possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz. Had I been regularly backing up the data on my MacBook, I wouldnât have had to worry about losing more than a yearâs worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location. Those security lapses are my fault, and I deeply, deeply regret them.
But — and here’s the really disturbing part — in the course of hashing out what happened, he discovered that the whole thing was also the direct result of inbuilt gaps and flaws in the security measures used by several megalithic companies:
But what happened to me exposes vital security flaws in several customer service systems, most notably Appleâs and Amazonâs. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
Moreover:
This isnât just my problem. Since Friday, Aug. 3, when hackers broke into my accounts, Iâve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group.
In a totally fascinating development, Honan actually managed to make contact via chat and email with one of the two hackers who conducted the assault, and in return for Honan’s promise not to prosecute, the individual explained exactly, in step-by-step fashion, how they had gone about doing it. Honan shares the whole story in his article, and adds that
On Monday, Wired tried to verify the hackersâ access technique by performing it on a different account. We were successful. This means, ultimately, all you need in addition to someoneâs e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file.
He concludes with a lament directed at both himself and our corporate tech overlords:
The weird thing is, Iâm not even especially angry at Phobia, or his partner in the attack. Iâm mostly mad at myself. Iâm mad as hell for not backing up my data. Iâm sad, and shocked, and feel that I am ultimately to blame for that loss. But Iâm also upset that this ecosystem that Iâve placed so much of my trust in has let me down so thoroughly. Iâm angry that Amazon makes it so remarkably easy to allow someone into your account, which has obvious financial consequences. And then thereâs Apple. I bought into the Apple account system originally to buy songs at 99 cents a pop, and over the years that same ID has evolved into a single point of entry that controls my phones, tablets, computers and data-driven life. With this AppleID, someone can make thousands of dollars of purchases in an instant, or do damage at a cost that you canât put a price on.
In a striking symmetry of timing, Honan’s article was published just one day after Yahoo! News carried a story from Agence France-Presse reporting on a recent warning issued by Steve Wozniak about the dark future of cloud-based computing. And the warning itself came in a public talk Wozniak gave on Saturday — less than 24 hours after Honan’s nightmare began.
[T]he engineering wizard behind the progenitor of today’s personal computer, the Apple II, was most outspoken on the shift away from hard disks towards uploading data into remote servers, known as cloud computing. “I really worry about everything going to the cloud,” he said. “I think it’s going to be horrendous. I think there are going to be a lot of horrible problems in the next five years.” He added: “With the cloud, you don’t own anything. You already signed it away” through the legalistic terms of service with a cloud provider that computer users must agree to. “I want to feel that I own things,” Wozniak said. “A lot of people feel, ‘Oh, everything is really on my computer,’ but I say the more we transfer everything onto the web, onto the cloud, the less we’re going to have control over it.”
— Robert MacPherson, “Apple co-founder Wozniak sees trouble in the cloud,” Yahoo! News, August 5, 2012
Although Wozniak was talking about the specifically legal aspect of people’s growing lack of control over their online materials, his warning obviously resonates with the situation faced by Honan, whose control over his devices, accounts, files, and information was literally stolen.
Several months ago in an episode of Person of Interest, the CBS drama about universal surveillance in the wake of 9/11 that debuted last fall (and that became, after a slow start, one of the best new shows on network television), the character of Mr. Finch, played by an excellent Michael Emerson, gave voice to an insight that ought to make us all pause for a moment of soul-searching. In the wake of 9/11, said Finch, the federal government wondered how it was going to get the information it needed to keep tabs on everybody. But then the problem magically solved itself, because with the advent of social media, it became apparent that people were in fact eager to give that very information away.
Andrew Keen was an early Internet business pioneer who later turned sour on the whole thing when the tech bubble crash and the “Web 2.0” came to life. He went on to write The Cult of the Amateur (2007), whose paperback edition came with the mega-subtitle “How blogs, MySpace, YouTube, and the rest of today’s user-generated media are destroying our economy, our culture, and our values. This year he published a followup titled Digital Vertigo: How Today’s Online Social Revolution Is Dividing, Diminishing, and Disorienting Us. Keen describes the circumstance we’re collectively entering as a kind of joyful dive into a voluntarily chosen Orwellian nightmare. “Things have become so creepy on the Internet,” he writes in Digital Vertigo, “that the Wall Street Journal dedicated a five-part series of 2010 investigative reports, suitably entitled ‘What They Know,’ to the Orwellian business of spying on us. But neither Kafka nor Orwell, at their most surreal, could have dreamed up the story of the real-time mobile app that is always watching us.” And in The Cult of the Amateur he pointed out the really nasty aspect of this situation that makes it darker than the average dystopia: “[T]he Web 2.0 is the democratization of that Orwellian nightmare; instead of a single all-seeing, all-knowing Orwellian leader, now anyone can be Big Brother. All you need is an Internet connection.”
Mat Honan is just one person among many who have felt the brunt of the mess Keen describes. As his experience shows, now is the time for each of us to reexamine the specific ways in which we’re choosing to lead our online lives. Honan said his experience “points to a looming nightmare as we enter the era of cloud computing and connected devices.” Wozniak predicted that the shift to the computing cloud will be “horrendous. I think there are going to be a lot of horrible problems in the next five years.”
We can’t say we weren’t warned.