About the Author: Marc Goodman has spent a career in law enforcement and technology. He was appointed futurist-in-residence with the FBI, worked as a senior adviser to Interpol, and served as a street police officer. As the founder of the Future Crimes Institute and the Chair for Policy, Law, and Ethics at Silicon Valley’s Singularity University, he continues to investigate the intriguing and often terrifying intersection of science and security, uncovering nascent threats and combating the darker sides of technology.
Read an Excerpt
Connected, Dependent and Vulnerable
Technology…is a queer thing; it brings you great gifts with one hand and it stabs you in the back with the other.
-- CHARLES PERCY SNOW
Mat Honan’s life looked pretty good on-screen: in one tab of his browser were pictures of his new baby girl; in another streamed the tweets from his thousands of Twitter followers. As a reporter for Wired magazine in San Francisco, he was living an urbane and connected life and was as up-to-date on technology as anyone. Still, he had no idea his entire digital world could be erased in just a few keystrokes. Then, one August day, it was. His photographs, e-mails, and much more all fell into the hands of a hacker. Stolen in just minutes by a teenager halfway around the world. Honan was an easy target. We all are.
Honan recalls the afternoon when everything fell apart. He was play- ing on the floor with his infant daughter when suddenly his iPhone pow- ered down. Perhaps the battery had died. He was expecting an important call, so he plugged the phone into the outlet and rebooted. Rather than the usual start-up screen and apps, he saw a large white Apple logo and a mul- tilingual welcome screen inviting him to set up his new phone. How odd.
Honan wasn’t especially worried: he backed up his iPhone every night. His next step was perfectly obvious—log in to iCloud and restore the phone and its data. Upon logging in to his Apple account, he was informed that his password, the one he was sure was correct, had been deemed wrong by the iCloud gods. Honan, an astute reporter for the world’s preeminent technology magazine, had yet another trick up his sleeve. He would merely connect the iPhone to his laptop and restore his data from the hard drive on his local computer. What happened next made his heart sink.
As Honan powered up his Mac, he was greeted with a message from Apple’s calendar program advising him his Gmail password was incor- rect. Immediately thereafter, the face of his laptop—its beautiful screen— turned ashen gray and quit, as if it had died. The only thing visible on the screen was a prompt: please enter your four-digit password. Honan knew he had never set a password.
Honan ultimately learned that a hacker had gained access to his iCloud account, then used Apple’s handy “find my phone” feature to locate all of the electronic devices in Honan’s world. One by one, they were nuked. The hacker issued the “remote wipe” command, thereby erasing all of the data Honan had spent a lifetime accumulating. The first to fall was his iPhone, then his iPad. Last, but certainly not least, was his MacBook. In an instant, all of his data, including every baby picture he had taken during his daugh- ter’s first year of life, were destroyed. Gone too were the priceless photo- graphic memories of his relatives who had long since died, vanquished into the ether by parties unknown.
Next to be obliterated was Honan’s Google account. In the blink of an eye, the eight years of carefully curated Gmail messages were lost. Work conversations, notes, reminders, and memories wiped away with a click of a mouse. Finally, the hacker turned his intention to his ultimate target: Honan’s Twitter handle, @Mat. Not only was the account taken over, but the attacker used it to send racist and homophobic rants in Honan’s name to his thousands of followers.
In the aftermath of the online onslaught, Honan used his skills as an investigative reporter to piece together what had happened. He phoned Apple tech support in an effort to reclaim his iCloud account. After more than ninety minutes on the phone, Honan learned that “he” had just called thirty minutes prior to request his password be reset. As it turns out, the only information anybody needed to change Honan’s password was his billing address and the last four digits of his credit card number. Honan’s address was readily available on the Whois Internet domain record he had created when he built his personal Web site. Even if it hadn’t been, dozens of online services such as WhitePages.com and Spokeo would have pro- vided it for free.
To ascertain the last four digits of Honan’s credit card, the hacker guessed that Honan (like most of us) had an account on Amazon.com. He was correct. Armed with Honan’s full name and his e-mail and mailing addresses, the culprit contacted Amazon and successfully manipulated a customer service rep so as to gain access to the required last four credit card digits. Those simple steps and nothing more turned Honan’s life upside down. Although it didn’t happen in this case, the hacker could have just as easily used the very same information to access and pilfer Honan’s online bank and brokerage accounts.
The teenager who eventually came forward to take credit for the attack—Phobia, as he was known in hacking circles—claimed he was out to expose the vast security vulnerabilities of the Internet services we’ve come to rely on every day. Point made. Honan created a new Twitter account to communicate with his attacker. Phobia, using the @Mat account, agreed to follow Honan’s new account, and now the two could direct message each other. Honan asked Phobia the single question that was burning on his mind: Why? Why would you do this to me? As it turns out, the near decade of lost data and memories was merely collateral damage.
Phobia’s reply was chilling: “I honestly didn’t have any heat towards you . . . I just liked your [Twitter] username.” That was it. That’s all it was ever about—a prized three-letter Twitter handle. A hacker thousands of miles away liked it and simply wanted it for himself.
The thought that somebody with no “heat” toward you can obliterate your digital life in a few keystrokes is absurd. When Honan’s story appeared on the cover of Wired in December 2012, it garnered considerable atten- tion . . . for a minute or two. A debate on how to better secure our every- day technologie ensued but, like so many Internet discussions, ultimately flamed out. Precious little has changed since Honan’s trials and tribula- tions. We are still every bit as vulnerable as Honan was then—and even more so as we ratchet up our dependency on hackable mobile and cloud- based applications.
As with most of us, Honan’s various accounts were linked to one another in a self-referential web of purported digital trust: the same credit card number on an Apple profile and an Amazon account; an iCloud e-mail address that points back to Gmail. Each had information in common, including log-on credentials, credit card numbers, and passwords with all the data connected back to the same person. Honan’s security protections amounted to nothing more than a digital Maginot Line—an overlapping house of cards that came tumbling down with the slightest pressure. All or most of the information needed to destroy his digital life, or yours, is readily available online to anybody who is the least bit devious or creative.
Progress and Peril in a Connected World
In a few years’ time, with very little self-reflection, we’ve sprinted headlong from merely searching Google to relying on it for directions, calendars, address books, video, entertainment, voice mail, and telephone calls. One billion of us have posted our most intimate details on Facebook and will- ingly provided social networking graphs of our friends, family, and co- workers. We’ve downloaded billions of apps, and we rely on them to help us accomplish everything from banking and cooking to archiving baby pictures. We connect to the Internet via our laptops, mobile phones, iPads, TiVos, cable boxes, PS3s, Blu-rays, Nintendos, HDTVs, Rokus, Xboxes, and Apple TVs.
The positive aspects of this technological evolution are manifest. Over the past hundred years, rapid advances in medical science mean that the average human life span has more than doubled and child mortality has plummeted by a factor of ten. Average per capita income adjusted for infla- tion around the world has tripled. Access to a high-quality education, so elusive to many for so long, is free today via Web sites such as the Khan Academy. And the mobile phone is singularly credited with leading to bil- lions upon billions of dollars in direct economic development in nations around the globe.
The interconnectivity the Internet provides through its fundamental architecture means that disparate peoples from around the world can be brought together as never before. A woman in Chicago can play Words with Friends with a total stranger in the Netherlands. A physician in Bangalore, India, can remotely read and interpret the X-ray results of a patient in Boca Raton, Florida. A farmer in South Africa can use his mobile phone to access the same crop data as a PhD candidate at MIT. This interconnect- edness is one of the Internet’s greatest strengths, and as it grows in size, so too does the global network’s power and utility. There is much to celebrate in our modern technological world.
While the advantages of the online world are well documented and frequently highlighted by those in the tech industry, there is also a down- side to all of this interconnectivity.
Our electrical grids, air traffic control networks, fire department dis- patch systems, and even the elevators at work are all critically dependent on computers. Each day, we plug more and more of our daily lives into the global information grid without pausing to ask what it all means. Mat Honan found out the hard way, as have thousands of others. But what should happen if and when the technological trappings of our modern society—the foundational tools upon which we are utterly dependent—all go away? What is humanity’s backup plan? In fact, none exists.