Saturday, August 4, 2012

How @Gizmodo Got Hacked And How You Should Defend Yourself

If you follow Gizmodo US on Twitter, you may have noticed its account started spewing some garbage last night. It got hacked. Here's how it happened and some steps you can take to keep it from happening to you.

The weak link in the security chain turned out to be the seven digit alphanumeric password to Gizmodo US's good buddy and former contributor Mat Honan's iCloud account. After presumably brute-forcing his way into iCloud, the hacker was able change the password of and gain access to Mat's Google account, remote wipe his Macbook Air, iPhone, and iPad, get into his Twitter and then use that to get access to the Gizmodo US account. While it managed to snatch the Twitter account back claws of evil, Mat's been having a bit more trouble. You can read more about his harrowing tale on his blog.

Awful as getting hacked always is, it's a learning experience. So what can you do to help avoid a similar fate? A few things.

Use super-secure passwords and use different ones for everything. Use numbers, symbols, uppercase letters, lowercase letters, all that jazz. You probably know how to make a secure password, it's just annoying to do. If you can't be bothered to memorise a whole bunch of alphanumeric gibberish, pick up a password manager like 1Password or LastPass and lock it down with one insanely secure (and unique) master password.

Whenever the you've got the option, turn on two-step authentication, especially on your Google account or any other account you use as a hub. That way, even if script kiddies manage to get your (super-secure) password, it'll be useless unless they have access to your phone or computer.

Check up on and clean out your permissions from time to time. There's pretty much a 100 per cent chance that somewhere in your web of accounts, something has access to account it doesn't need to have access to anymore. In Gizmodo US's case, Mat's Twitter still had access to it. By going through and cutting these deprecated ties, you can make it less likely that one of your less used, possibly less secure accounts can help a hacker get to one of your more important ones.

Don't rely on the cloud. It's great to have online storage you can get at from all your various devices, but when the shit goes down and you're under attack, nothing is more secure than a hard drive you can unplug and hide in a shoebox in the closet. It's not the most convenient way to back up, but you'll thank yourself for it.

No matter what steps you take, you can't totally rule out the possibility of getting hacked; if someone's really out to get you, they can probably get you eventually. You're going to want to take every step you can though, just be safe, because if you do get hacked, you're going to be kicking yourself hard for every little precaution you could have taken but didn't.

No comments:

Post a Comment