In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.
Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.
Those security lapses are my fault, and I deeply, deeply regret them.
But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
This isn’t just my problem. Since Friday, Aug. 3, when hackers broke into my accounts, I’ve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group.
The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.
Moreover, if your computers aren’t already cloud-connected devices, they will be soon. Apple is working hard to get all of its customers to use iCloud. Google’s entire operating system is cloud-based. And Windows 8, the most cloud-centric operating system yet, will hit desktops by the tens of millions in the coming year. My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing.
A report by Mandiant, an American computer security company, has detailed the extent of Chinese government backed hacking of America.
Mandiant spent three years compiling evidence and now claim to have located the Chinese Liberation Army’s global hacking HQ. A 12 story building in a suburb of Shanghai, has been identified as the possible source of state funded cyber attacks, the report claims.
The report details how Chinese cyber attacks have targetted US businesses as well as government agencies. The hackers have been stealing sensitive corporate information, and have even gained access to government agencies which control fundamental US infrastructure. Theoretically, hackers could manipulate crucial infrastructure including water supply and power grids.
Jay Carney, a spokesman for the White House, said: “We have repeatedly raised our concerns at the highest levels about cyber theft with senior Chinese officials including in the military and we will continue to do so.”
Sen Diane Finestein has also said that the problem of hacking from China and other states requires further legislation. However, security experts have pointed out that international laws are already in place that prohibit such activities, and that China has repeatedly failed to tackle the problem of hacking within it’s country.
The Chinese government has been quick to attack the Mandiant report, saying it lacks technical proof.
Internet hackers have hacked into the US Chamber of Commerce computer systems. The attack appears to have been undetected for more than a year, and targeted four individuals computers who held sensitive information concerning trade in Asia.
Such attacks are not uncommon apparently. China has been found responsible for hacking governmental, military and industry targets in the past. America’s cyber security systems are proving inadequate to cope in this new era of cyberwarfare. However, the US military are taking the threat very seriously and are recruiting 10,000 “cyber warriors” to help defend America and her interests.
Prophet TV broadcast from the roof of the US Chamber of Commerce during the DC intercession covering the Dalai Lama’s trip to Washington DC. Support Prophet TV to enable these missions on a regular basis to sustain protection over the city.