Saturday, August 18, 2012

Epic Hacking

Interesting read from Wired.com

Mat Honan: How I Resurrected My Digital Life After an Epic Hacking

When my data died, it was the cloud that killed it. The triggers hackers used to break into my accounts and delete my files were all cloud-based services — iCloud, Google, and Amazon. Some pundits have latched onto this detail to indict our era of cloud computing. Yet just as the cloud enabled my disaster, so too was it my salvation.

Yes, you can die by the cloud. But you can live by it too. Here’s how I regained my digital life after it was taken away from me.

When hackers broke into my iCloud account and wiped my devices, my first assumption was that someone had broken into my local network. So the first thing I did was shut down the internet and turn off all of my other machines. I wanted those assholes out of my house. But that also meant I had no way to send or receive data.

AppleCare’s phone support was useless. The 90 fruitless minutes I spent on the phone accomplished nothing at all to regain control of my AppleID. Nor did a follow-up help to stop the remote wipe taking over my MacBook Air. I had to get online. So to reconstruct my life, I started off by going next door, where I borrowed my neighbor’s computer to use their internet.

Ultimately, I was able to get back into my iCloud account by resetting the password online. Once I did, I began restoring my iPhone and iPad from iCloud backups. The phone took seven hours to restore. The iPad took even longer. I could use neither during this time.

From my wife’s phone, I called my bank and completely changed my logins. Then I set about checking online to see which other accounts might have been compromised. By now I felt safe turning on our own home internet and using one of my other computers to check these accounts. But I hit an immediate problem: I didn’t know any of my passwords.

I’m a heavy 1Password user. I use it for everything. That means most of my passwords are long, alphanumeric strings of gibberish with random symbols. It’s on my iPhone, iPad and Macbook. It syncs up across all those devices because I store the keychain in the cloud on Dropbox. Update a password on my phone, and the file is saved on Dropbox, where my computer will pull it down later, and vice versa.

But I didn’t have it on any of our other systems. So now I couldn’t get to my keychain. And so I was stuck in a catch-22. My Dropbox password was itself a 1password-generated litany of nonsense. Without access to Dropbox, I couldn’t get my keychain. Without my keychain, I couldn’t get into Dropbox.

And then I remembered that I had also used Dropbox previously on my wife’s machine. Had I stored the password there?

Five hours after the hack started, still locked out of everything, I flipped open the lid of her computer, and nervously powered it up. And there it was: my Dropbox. And in it, my 1Password keychain, the gateway to my digital life.

It was time to get cranking. I set up a new Twitter account. And then, with my now-found password manager, I logged into Tumblr.

more @ http://www.wired.com/gadgetlab/2012/08/mat-honan-data-recovery/

No comments: