• News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
BW Businessworld

Be Digital But Safe

Photo Credit :

A few years ago, my Gmail account got hacked. Try as I might, I couldn’t get into it, even when I enlisted the help of a few techies. Amazingly, I could reset my password, but that wasn’t working to give me access to the actual account. All sorts of emails I never knew I’d miss suddenly escalated in importance as I realised I would have a difficult time if I couldn’t get to various bits of information. It was not pretty. It never is. Eventually, the guys at Google had to do something to free up my account.

What Wired writer Mat Honan went through on the 3rd of August was far more terrifying and it gives me the chills to hear him talk about it as he has been doing on various podcasts, in addition to detailing on his blog and on Wired how he was “hacked hard”. There was Mat Honan busy being a normal guy, playing with his baby daughter, when disaster struck. First, his iPhone seemed to go dead and when it rebooted, all its data was wiped out. When he went to his laptop, he found his Gmail account was not accessible. And then his MacBook blanked out as well. Next in line was his iPad. But that was gone too.

Whoever or whatever was doing this wasn’t finished yet. Honan found that his Twitter account had been commandeered. The whole thing took a mere 15 minutes or so. Fifteen minutes that destroyed his digital life, as Honan says.

To read exactly how this awful saga unfolded, just type Mat Honan into search and you should reach his blog. What is amazing is that this was no hack in the sense of breaking into code. Rather, it was a sequence of smart moves that showed how the hackers, if I can call them that, understood the way people behave both online and in customer service situations, and were able to manipulate them to get what they wanted. They used security loopholes in the process to get access to Honan’s Apple and Amazon accounts. From all the information available online to begin with, they had enough to get in easily.

The eventual goal for the youngsters who social engineered the break-in seems to have been to get at Mat Honan’s Twitter handle. And perhaps to show what could be done. But they certainly could have done some more damage. While Apple and Amazon shot into the news for their loose processes, one can safely bet that practically every company has a similar weakness, whether they’re tech companies or otherwise.

Security specialist Steve Gibson is fond of pointing out that convenience is the enemy of security. We don’t take measures like backing up our data or exploring security and privacy settings because it’s natural to take the path of least resistance and do whatever is easiest at that time. While it’s true that nothing we can do can guarantee security online (or even offline), our only hope is make it inconvenient for anyone trying to compromise our security.

That will also mean making it inconvenient for ourselves, but there’s no other choice. For instance, how many of us just use the easiest possible password — combo of kids’ names. Wife’s name and birthday. Part of phone number and name. And then, because it’s inconvenient to have so many passwords for different services, we use the same one everywhere, giving hackers free and easy access to everything at once. Linking all our accounts to one another is also an invitation to anyone with a bit of time and motivation to explore and find what they want. At the very least, email accounts that have “sensitive” information should be separated from the rest. It might also be worth redoing and remembering your security questions, keeping them known to you but not easy to guess.

One can’t say that firms and services make it particularly easy to be secure. Both Gmail and Facebook have a two-step system but nobody uses it because it has to be figured out and few people have the time to spare. Google explains it in a video though and all it means is using your phone (something you have, not just something you know) to receive a password you can then use. There are also one-time application-specific passwords that can be used to give access to various other apps that use Gmail.

These and more security measures are described online right now because everyone is spooked in the wake of the recent Honan hack. As we transition to a world where all our data is going to be in the cloud, accessible and convenient, enough time will have to be invested in securing our information. It’s also one of the top few digital skills that children must be made familiar with as they grow up in a completely digital age. 

mala(at)pobox(dot)com, (at)malabhargava on Twitter 

(This story was published in Businessworld Issue Dated 27-08-2012)