digital deadly force: how a tech expert lost his digital life to a hacker
DESCRIPTION
Imagine a day when you wake up … all of your baby pictures are gone.. your iPad and your computer have been wiped .. you have no way of logging in to any of your accounts … the accounts that are tied to your checking, mortgage, bill pay, iTunes… Kevin Williams and Matt Hall will tell the story of Matt Honan -- a tech savvy technology reporter who was just digitally carjacked -- for his twitter account… and how the hackers manipulated major corporations into aiding and abetting this digital robbery by a 19 year old hacker named Phobia. Don't have an account? Not a computer guy? Well, your information is stored in companies all over the world where Hackers like PHOBIA lurk to take your identity, monetize it, and use it to all sorts of nefarious purposes.TRANSCRIPT
![Page 1: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/1.jpg)
Information Systems Division and Technical Services Unit
Matthew Jett Hall Kevin WilliamsAssistant Director, ISD SAC, TSU
Digital Deadly Force
Narrative of a Digital Life Destroyed
26 Oct 2012
![Page 2: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/2.jpg)
The Victim: Matt Honan
“In the space of one
hour, my entire
digital life was
destroyed.”
![Page 3: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/3.jpg)
Who is Matt Honan
Tech Journalist
Highly cloud
dependent
Astute
Tech Savvy
Knows the rules of
the road
![Page 4: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/4.jpg)
The Harm
Google account deleted.
Twitter account compromised, and used to broadcast racist and homophobic messages.
AppleID account was seized.
![Page 5: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/5.jpg)
The Harm
Wiped from existence
iPhone MacBook Pro iPad Two years of baby pictures
![Page 6: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/6.jpg)
Timeline: 3 Aug 12 @ 1633
“… according to Apple’s
tech support records,
someone called
AppleCare claiming to be
me.”
Apple issued the hacker a temporary password
![Page 7: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/7.jpg)
Timeline: 3 Aug 12 @ 1650
“password reset
confirmation arrived in my
inbox. … the hackers ….
permanently reset my AppleID password.”
![Page 8: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/8.jpg)
Timeline: 3 Aug 12 @ 1652
“Gmail password … password had changed.
![Page 9: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/9.jpg)
Timeline: 3 Aug 12 @ 1700
“… they used iCloud’s
“Find My” tool to remotely wipe my iPhone.”
![Page 10: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/10.jpg)
Timeline: 3 Aug 12 @ 1700
“my iPhone suddenly
powered down.”
“When I opened my
laptop … my Gmail
account information was
wrong.”
![Page 11: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/11.jpg)
Timeline: 3 Aug 12 @ 1702
“they reset my Twitter password…”
![Page 12: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/12.jpg)
Timeline: 3 Aug 12 @ 1705
“they remotely wiped my MacBook.…”
![Page 13: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/13.jpg)
Timeline: 3 Aug 12 @ 1705
“they remotely wiped my
MacBook.…”
“… they deleted my Google account. “
![Page 14: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/14.jpg)
Timeline: 3 Aug 12 @ 1710
“I placed the call to
AppleCare.”
![Page 15: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/15.jpg)
Timeline: 3 Aug 12 @ 1712
“attackers posted a
message to my account
on Twitter taking credit for
the hack.”
![Page 16: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/16.jpg)
Why Matt Honan
"I asked him why. Was I targeted
specifically? Was this just to get to
Gizmodo's Twitter account [that had been
linked to mine]?
No, Phobia said, they hadn't even been
aware that my account was linked to
Gizmodo's, that the Gizmodo linkage was
just gravy.
He said the hack was simply a grab for
my three-character Twitter handle.
That's all they wanted.
They just wanted to take it, and [mess it]
up, and watch it burn. It wasn't personal.”
![Page 17: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/17.jpg)
Social Engineering
“the art of manipulating people into performing actions or divulging confidential information”
![Page 18: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/18.jpg)
The Sequence of Social
1. Amazon2. Apple3. Google4. Twitter
![Page 19: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/19.jpg)
Sara Palin 2008
• September 16, 2008• Yahoo! Mail account of
Sarah Palin • Cracked by “Rubico”• Social Engineering• From Date of Birth Info
on Wikipedia
![Page 20: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/20.jpg)
TBI’s CIA
Confidentiality Integrity Availability
![Page 21: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/21.jpg)
Identity
Non-repudiation
Access
Factors of Identification Something you know Something you have Something you are
![Page 22: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/22.jpg)
Password and PIN
“Something you know”
“a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource”
![Page 23: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/23.jpg)
Password Fatigue
• Excessive amount of passwords
• Leads to careless password or pin construction
![Page 24: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/24.jpg)
PIN Formulation
• Usually 4 digits• Don’t use common
PINs• Don’t use personal
information• SSN• Birthdate• Birth year
PIN Freq
#1 1234 10.713%
#2 1111 6.016%
#3 0000 1.881%
#4 1212 1.197%
#5 7777 0.745%
#6 1004 0.616%
#7 2000 0.613%
#8 4444 0.526%
#9 2222 0.516%
#10 6969 0.512%
![Page 25: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/25.jpg)
Password Formulation
• Passwords must contain
characters from three of the
these categories:
• Password generator in KeePass• Upper Case Character• Lower Case Character• Base 10 Digit (0 through 9)• Non-alphanumeric characters:
• ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/
• A`?KUJ'j
• 47k0O#qt
• 4'vn1iSA
• nwDSB/OL
• 5*vFXggx
• tF0ylI59
• \PvmYk^k
• $;T+qha2
• UnJJ:8c8
• bU4DuwUM
• bU1H&@56
• BeU;i$X;
• 4q+!kkgg
• $qDsrT35
• %:WbFlzk
• HRvqt9j9
• RcgR^cMt
• dM/`nx\R
![Page 26: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/26.jpg)
Password Formulation
• Since these are tough
• Try a PassPhrase:
• SteveFound4ApplesAndAFlute@hischair• 6TacosAreDelicious@YourLocalTacoMart
• A`?KUJ'j
• 47k0O#qt
• 4'vn1iSA
• nwDSB/OL
• 5*vFXggx
• tF0ylI59
• \PvmYk^k
• $;T+qha2
• UnJJ:8c8
• bU4DuwUM
• bU1H&@56
• BeU;i$X;
• 4q+!kkgg
• $qDsrT35
• %:WbFlzk
• HRvqt9j9
• RcgR^cMt
• dM/`nx\R
![Page 27: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/27.jpg)
Where to Store Passwords
• Password Vault
• In your mind!
![Page 28: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/28.jpg)
Password Commandments
Thou shalt …1. construct a complex
password2. Use a password vault3. Use dual factor
authentication4. Protect thy mobile
devices
![Page 29: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/29.jpg)
Password Commandments
Thou Shalt Not ….1. Share thy Password2. Use thy dog’s name3. Write passwords on
sticky notes4. Use common words5. Keep passwords in
word documents
![Page 30: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/30.jpg)
Before you lose a device ….
Learn if the device has “find me” features
Encrypt critical data at rest Think carefully about what
goes on the device Don’t let unauthorized
personnel utilize your device Lock your device whenever
you step away
![Page 31: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/31.jpg)
If you lose a device ….
Report it immediately
BAD NEWS DOES NOT AGE WELL! FASTER RESPONSE THE BETTER
Consumer in Control Apple: iCloud.com Microsoft Exchange Blackberry: No self service
![Page 32: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/32.jpg)
Example: iCloud
![Page 33: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/33.jpg)
If you lose a device ….
Locate it
![Page 34: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/34.jpg)
If you lose a device ….
If you can’t retrieve it, wipe it!
![Page 35: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/35.jpg)
Data Classification Concept
Impact to the TBI Mission High Medium Low
High Reputation and Credibility Exposing Personal Information Exposing Sensitive Operations Information
![Page 36: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/36.jpg)
On cloud computing
It’s here It’s not going away
Windows 8 SkyDrive DropBox Google Drive Google Applications iCloud
![Page 37: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/37.jpg)
On cloud computing
Guidance
No PII Nothing Mission Sensitive Experiment and learn Preserve CIA REALLY read terms of
service
![Page 38: Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker](https://reader033.vdocuments.net/reader033/viewer/2022060108/554d744bb4c9053e0c8b48c6/html5/thumbnails/38.jpg)
References
“How Apple and Amazon Security Flaws Led to My Epic Hacking” Wired Magazine August 6, 2012
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
Flickr Baby Photo: http://goo.gl/q2hSO
Datagenetics.com PIN Anlaysis: http://goo.gl/bCGGW
Security Now Episode 364: Twit.tv
Security Now Episode 364: Transcript from grc.com
Apple iCloud How to: http://www.apple.com/icloud/setup/ios.html
Apple iCloud: icloud.com
Sara Palin Email Hack: http://en.wikipedia.org/wiki/Sarah_Palin_email_hack
Clipart: openclipart.org
Social Engineering: http://en.wikipedia.org/wiki/Social_engineering_(security)
Password: http://en.wikipedia.org/wiki/Password