WEBVTT - More Data, More Problems 0:00:00.280 --> 0:00:02.960 Brought to you by the reinvented two thousand twelve Camray. 0:00:03.160 --> 0:00:08.880 It's ready. Are you get in touch with technology? With 0:00:08.960 --> 0:00:17.439 tech Stuff from how stuff works dot com. Hello everyone, 0:00:17.480 --> 0:00:19.840 and welcome to tech Stuff. My name is Chris Paulette 0:00:19.840 --> 0:00:21.959 and I'm an editor at how stuff works dot com. 0:00:22.000 --> 0:00:24.639 Sitting across from me, as always, his senior writer, Jonathan 0:00:24.680 --> 0:00:28.160 Strickland be there. Yes, today we have sort of a 0:00:28.200 --> 0:00:32.239 sobering topic to discuss. Yes, now, when we're recording this, 0:00:32.440 --> 0:00:37.400 it's in August, early August. It's August t actually, and 0:00:37.760 --> 0:00:40.840 earlier this week there was a news story that broke 0:00:41.040 --> 0:00:45.000 throughout the Twitter sphere really first and then beyond about 0:00:45.520 --> 0:00:49.360 a tech journalist named Matt Honan who has written for 0:00:49.600 --> 0:00:55.680 various UH publications, including Wired, and how he had his 0:00:56.000 --> 0:01:00.160 essentially his entire digital life hacked over the course of 0:01:00.240 --> 0:01:05.440 about thirty minutes and UH and to kind of explain 0:01:05.480 --> 0:01:10.160 what happened, first, we'll sort of talk about the way 0:01:10.200 --> 0:01:14.280 he discovered this through his personal experience, and then how 0:01:14.319 --> 0:01:17.000 the hackers did it, and then what needs to happen 0:01:17.120 --> 0:01:20.280 so that we protect ourselves against such things happening in 0:01:20.319 --> 0:01:25.000 the future. So to start, he was he was playing 0:01:25.000 --> 0:01:28.640 with this kid and he noticed that his iPhone had 0:01:28.840 --> 0:01:33.000 shut down, so it crashed essentially, and he thought, oh, well, 0:01:33.000 --> 0:01:35.840 that's annoying. I guess I'll have to go and uh 0:01:36.040 --> 0:01:38.760 connected to my computer, restore from back up, and just 0:01:38.880 --> 0:01:41.200 get this thing going again. He didn't really think much 0:01:41.240 --> 0:01:45.280 of it, because you know, technology occasionally fails. Yes, So 0:01:45.319 --> 0:01:47.760 then he goes and he goes over to his computer 0:01:48.120 --> 0:01:52.320 and tries to start that up, and that also isn't 0:01:52.560 --> 0:01:55.480 loading up properly. It's asking him for information that he 0:01:55.480 --> 0:01:58.480 doesn't have and it won't accept his password, and so 0:01:58.520 --> 0:02:03.400 he's thinking, well, that's weird, but he doesn't again panic yet. Uh. 0:02:03.440 --> 0:02:08.440 He then thinks about trying his iPad, which also isn't working, 0:02:09.680 --> 0:02:13.920 and he tries logging into his Google account using a 0:02:13.960 --> 0:02:19.239 different computer, and that also gives him a failure. And 0:02:19.280 --> 0:02:22.400 it's at that point where he's thinking something seriously wrong 0:02:22.520 --> 0:02:26.480 is happening. And eventually he starts noticing that his own 0:02:26.560 --> 0:02:30.720 Twitter handle is posting stuff uh, and he's not the 0:02:30.760 --> 0:02:33.959 one doing it, and so he can't access his Twitter 0:02:34.000 --> 0:02:37.639 account anymore either. And there are these horrible Twitter messages 0:02:38.080 --> 0:02:44.080 with various you know, uh inappropriate tweets going out things 0:02:44.120 --> 0:02:48.440 that are racist or homophobic, or having lots of foul 0:02:48.520 --> 0:02:52.560 language in it um and it's just, you know, it's 0:02:52.600 --> 0:02:55.880 it's just beyond his control. He gets on the phone 0:02:55.919 --> 0:02:59.440 with Apple trying to find out what's going on, UH 0:02:59.480 --> 0:03:04.000 to explore Lane that his his account has been hacked, 0:03:04.600 --> 0:03:07.920 and it takes him quite some time before they were 0:03:07.919 --> 0:03:10.520 able to sort this out. Part of the reason is 0:03:10.600 --> 0:03:13.120 that they for a while, we're looking at the wrong account. 0:03:13.720 --> 0:03:16.320 They had his name wrong, and so they were looking 0:03:16.360 --> 0:03:18.240 at an account that had none of the issues he 0:03:18.320 --> 0:03:22.520 was explaining. And then when the Apple representative repeated his 0:03:22.600 --> 0:03:25.399 name back to him, that's when he said, wait a minute, 0:03:25.440 --> 0:03:28.440 that's not who I am. I'm Matt Honan. You've got 0:03:28.440 --> 0:03:32.079 the wrong name. And then once they switched their focus, 0:03:32.200 --> 0:03:36.200 then they started seeing, oh, well, before you called in, 0:03:36.400 --> 0:03:38.520 and actually I think Honan had to ask about this. 0:03:38.760 --> 0:03:42.040 They didn't, They didn't um volunteer this information. But before 0:03:42.080 --> 0:03:44.960 Honan had called in, someone else had called in to 0:03:45.160 --> 0:03:48.840 regain access. They said, to regain access. Really it was 0:03:48.880 --> 0:03:50.640 to gain access for the first time. It was the 0:03:50.680 --> 0:03:53.520 hackers who had called in too, because they had claimed 0:03:53.520 --> 0:03:56.640 that they no longer had the password or security question answers, 0:03:56.880 --> 0:04:00.400 so they could not get the password normally. They were 0:04:00.400 --> 0:04:06.560 trying to get into his dot me email and the 0:04:06.560 --> 0:04:10.120 the reason for all of this is probably the craziest 0:04:10.120 --> 0:04:12.920 part of the story, although the pathway of how the 0:04:12.920 --> 0:04:14.720 hackers got to the point where they were able to 0:04:14.760 --> 0:04:17.080 do all these things. You know, once they got access 0:04:17.120 --> 0:04:19.240 to his iCloud account, they were able to do things 0:04:19.279 --> 0:04:22.000 like wipe his devices, which is what happened. They wiped 0:04:22.000 --> 0:04:25.680 his iPhone, his Mac, and his iPad in part to 0:04:25.800 --> 0:04:28.240 prevent him from being able to head them off. While 0:04:28.279 --> 0:04:32.240 they were going down this trail of hacking his digital life. 0:04:32.480 --> 0:04:35.599 They were also able because of the way he had 0:04:36.279 --> 0:04:39.320 interconnected various accounts. They were able to do things like 0:04:39.400 --> 0:04:43.960 reset his Google password, send the message to the dot 0:04:44.040 --> 0:04:47.400 Me address, which they already had access to yes, because 0:04:47.520 --> 0:04:49.560 they had gained it from Apple. Once they got the 0:04:49.560 --> 0:04:51.880 password for the Google account, then they were able to 0:04:51.880 --> 0:04:56.200 get the password for Twitter because that's where he had 0:04:56.240 --> 0:05:00.400 his Twitter account attached to his Google account, So it 0:05:00.480 --> 0:05:02.720 was kind of a leap frog thing, right he would 0:05:02.839 --> 0:05:05.120 they could do a password recovery from one system. It 0:05:05.160 --> 0:05:08.240 would send the message to one of the email addresses 0:05:08.279 --> 0:05:10.680 that was already compromised, and then they would get access 0:05:10.720 --> 0:05:13.400 to the next thing. Turns out what the hackers were 0:05:13.400 --> 0:05:16.800 interested in from the very beginning was getting hold of 0:05:16.920 --> 0:05:21.800 his Twitter account and posting these messages. That's really just 0:05:21.880 --> 0:05:24.160 for laughs. That's all they really wanted to do. They 0:05:24.200 --> 0:05:28.479 weren't really out to make a big show that you know, 0:05:28.560 --> 0:05:31.760 it should be Matt Honan that should suffer for this. Uh. 0:05:31.880 --> 0:05:36.080 Had nothing to do with Gizmoto, which Honan had written for, 0:05:36.320 --> 0:05:40.320 and his account was linked to Gizmodo's account. It never 0:05:40.360 --> 0:05:43.800 been unlinked, even though he no longer wrote for Gizmoto, 0:05:44.160 --> 0:05:46.720 So they also had access to Gizmoto's Twitter account and 0:05:46.800 --> 0:05:50.640 hijacked that for a while. Um so, you you know. 0:05:51.000 --> 0:05:52.800 It turned out the only reason they wanted to get 0:05:53.040 --> 0:05:56.440 his Twitter account was because he had one of the 0:05:56.480 --> 0:06:00.800 most rare things in Twitter, a three letter Twitter handle, 0:06:01.760 --> 0:06:04.480 you know, because most people had to go with a 0:06:04.480 --> 0:06:07.320 longer Twitter handle because of course, once one's taken, it's gone. 0:06:08.320 --> 0:06:10.960 So people who managed to land one of those three 0:06:11.000 --> 0:06:14.160 letter accounts are rare, and so they thought, oh, this 0:06:14.200 --> 0:06:17.000 is that's that's why they targeted this particular Twitter account 0:06:17.000 --> 0:06:20.039 had nothing to do with him personally, had nothing to 0:06:20.040 --> 0:06:22.000 do with who he worked for, and had nothing to 0:06:22.000 --> 0:06:23.520 do with the fact that he was a tech journalist. 0:06:23.520 --> 0:06:26.000 It was just because his Twitter handle was three letters long. 0:06:26.960 --> 0:06:32.200 And that's crazy to me. First of all, that you 0:06:32.240 --> 0:06:34.200 know that that was the that they were They were 0:06:34.200 --> 0:06:36.240 willing to go through the steps that they had to 0:06:36.279 --> 0:06:40.160 go through in order to get this one Twitter account. Well, 0:06:40.160 --> 0:06:42.800 that's true, although it only took them a little less 0:06:42.800 --> 0:06:46.080 than an hour to accomplish. Once they had, once they 0:06:46.120 --> 0:06:49.040 had determined their route of attack, it was all over. 0:06:49.400 --> 0:06:54.480 So the way they did this was not through any 0:06:54.600 --> 0:06:58.240 kind of crazy sit down at the computer, type in 0:06:58.279 --> 0:07:00.480 the password three times and then you may to get 0:07:00.480 --> 0:07:04.919 in type thing. And it certainly wasn't a Hollywood style 0:07:05.120 --> 0:07:08.840 hacker brute force attack where there was uh, you know, 0:07:09.240 --> 0:07:12.200 some group of of hackers trying everything they could to 0:07:12.200 --> 0:07:14.720 brute force their way in. Yeah, it wasn't like a 0:07:14.760 --> 0:07:17.800 computer program that was just running password after password and 0:07:17.840 --> 0:07:21.440 you see the little like digits flip up each time 0:07:21.480 --> 0:07:24.480 you hit one. That's correct, that wasn't what happened. What 0:07:24.640 --> 0:07:29.239 happened was much more simple really in a way, because 0:07:29.240 --> 0:07:32.600 I had nothing to do with using code. It has 0:07:32.640 --> 0:07:36.000 everything to do with manipulating systems. But from a person perspective, 0:07:36.160 --> 0:07:41.120 not or or a policy perspective, not from a technological one. Yeah, 0:07:41.360 --> 0:07:46.480 and it's it's also clear that although Apple's security procedures 0:07:47.040 --> 0:07:50.640 are in part to at fault, um, they are not 0:07:50.720 --> 0:07:54.640 the only ones the hackers targeted to get more information 0:07:54.760 --> 0:07:58.320 on hone and and that Um, it just so happened 0:07:58.320 --> 0:08:04.360 that uh, the information they needed coincided across multiple companies 0:08:04.600 --> 0:08:07.760 with his accounts, and once they got some information from 0:08:07.760 --> 0:08:11.320 a couple of places, they were easily able to go 0:08:11.400 --> 0:08:14.320 in and fiddle with other stuff. There are really three 0:08:14.360 --> 0:08:18.920 parties that are I don't want to say at fault 0:08:18.960 --> 0:08:21.080 you don't blame the victim. There are three party There 0:08:21.080 --> 0:08:23.440 are three parties that made this possible for the hackers 0:08:23.480 --> 0:08:26.040 to get the access to to the accounts. One of 0:08:26.040 --> 0:08:30.000 those is Honing himself. Yeah, and he greatly admits that. Yes, 0:08:30.200 --> 0:08:36.400 if you he has written an incredible uh article that 0:08:36.559 --> 0:08:39.920 that documents this entire process and what he went through. 0:08:39.960 --> 0:08:41.960 He blogged about it when it happened, but then he 0:08:42.000 --> 0:08:45.240 wrote up a much more comprehensive account of it. For 0:08:45.320 --> 0:08:48.120 Wired and UH and it's a very interesting read. I 0:08:48.200 --> 0:08:50.840 highly recommend you read it, especially if you're concerned with 0:08:50.880 --> 0:08:57.199 your own potential security computer security. So he was at 0:08:57.200 --> 0:09:00.360 fault and not at fault, he was he some of 0:09:00.360 --> 0:09:05.720 his choices made this possible. Uh, the Amazon Amazon dot 0:09:05.800 --> 0:09:11.480 Com also its policies made this possible. And Apple's policies 0:09:11.520 --> 0:09:15.600 made this possible. So those three parties together made it 0:09:15.600 --> 0:09:19.800 possible for the hackers to achieve this and UH, and 0:09:19.840 --> 0:09:23.680 it's kind of interesting how how they came about it. Yeah, 0:09:23.760 --> 0:09:25.560 and and some of the irony as we get into 0:09:25.640 --> 0:09:28.600 this is that some of the very things that made 0:09:28.640 --> 0:09:34.800 this possible are in place specifically to make it more 0:09:34.920 --> 0:09:40.400 difficult for someone to steal identities. So it actually UH 0:09:40.520 --> 0:09:43.320 some of these some of these procedures actually worked in 0:09:43.559 --> 0:09:47.320 exactly the opposite way in which they weren't intended when 0:09:47.360 --> 0:09:53.240 they were implemented. So the way this started off was 0:09:53.559 --> 0:09:56.800 it was fairly clever. So they they first they started 0:09:56.800 --> 0:10:00.120 to the hackers did a little recon work, and they 0:10:00.120 --> 0:10:04.360 wanted to find out, um about how they would get 0:10:05.320 --> 0:10:08.920 uh the access to the Twitter account. And then they 0:10:08.960 --> 0:10:13.960 were able to find out Honan's UH email address because 0:10:14.160 --> 0:10:17.679 he has a website. They went to the website, they 0:10:17.679 --> 0:10:20.040 did a who is look up on Honan, which gave 0:10:20.080 --> 0:10:22.920 them two things, like two things they needed. They needed 0:10:22.960 --> 0:10:27.679 the email address and they needed his physical address. Yeah. Now, 0:10:27.720 --> 0:10:30.840 if you register a domain name, you are required to 0:10:30.920 --> 0:10:35.000 have contact information available. Um, and that information is publicly 0:10:35.040 --> 0:10:39.400 available now um some well we could talk about that too, 0:10:39.440 --> 0:10:41.680 but anyway, the the who is record for the domain 0:10:41.760 --> 0:10:46.319 had his information in it. Yeah. So once they had 0:10:46.360 --> 0:10:50.480 that information the Google account and the just the email address, 0:10:50.480 --> 0:10:53.600 they didn't have access to the account yet. Um. They 0:10:54.120 --> 0:10:57.079 figured out that the Twitter account was linked to the 0:10:57.120 --> 0:10:59.520 personal website. That's what That's where they found the Gmail address. 0:10:59.520 --> 0:11:03.800 That's where they on the physical address. And then they 0:11:03.840 --> 0:11:07.720 started to look at the account recovery for a Google 0:11:07.840 --> 0:11:11.840 and without actually sending in a recovery request, they saw 0:11:12.040 --> 0:11:16.439 that the address, which was only partially obscured per Google's policy, 0:11:17.520 --> 0:11:21.960 wasn't at me dot com email address. That was the 0:11:21.960 --> 0:11:27.800 recovery address. Well that's an Apple thing, right, So that's 0:11:27.840 --> 0:11:30.840 where they said, ah, now we know how to get 0:11:30.880 --> 0:11:35.920 at him because it's because his Google address will go 0:11:36.120 --> 0:11:38.920 back if we did a password recovery. Because that will 0:11:38.920 --> 0:11:41.439 go to an Apple address, and because we know how 0:11:41.480 --> 0:11:43.680 to manipulate the system so that we can get access 0:11:43.720 --> 0:11:47.200 to his Apple account, it's all over. And the way 0:11:47.240 --> 0:11:51.280 they got access to the Apple account was kind of interesting. Now, 0:11:51.320 --> 0:11:54.920 they did not have the password, they did not have 0:11:55.040 --> 0:11:58.880 the answer to security questions, So calling up Apple and 0:11:58.920 --> 0:12:01.560 getting access to to this account would require that they 0:12:01.600 --> 0:12:05.000 have some other information. What Apple requires is that you 0:12:05.080 --> 0:12:08.360 have to have the building address and the last four 0:12:08.400 --> 0:12:12.560 digits of the credit card you used to establish that account. 0:12:13.559 --> 0:12:17.640 So what the hackers did was they said, well, there's 0:12:17.679 --> 0:12:21.720 a good chance that the same credit card this guy 0:12:21.840 --> 0:12:26.000 used to establish his iCloud account is the one that 0:12:26.040 --> 0:12:31.880 he uses for Amazon. And so instead of calling Apple first, 0:12:31.920 --> 0:12:35.680 they called Amazon first, and they said that they wanted 0:12:35.760 --> 0:12:41.360 to add a credit card number to the existing Amazon account, 0:12:42.480 --> 0:12:44.280 So they weren't trying to get the credit card number. 0:12:44.280 --> 0:12:46.320 They wanted to add a credit card number, right, So 0:12:46.360 --> 0:12:49.480 then they add a credit card number to the Amazon account. 0:12:49.960 --> 0:12:53.160 Then they hang up. Then they call Amazon back and 0:12:53.200 --> 0:12:56.200 they say that they have lost access to their account 0:12:57.280 --> 0:13:00.960 and that they will provide the name the billing address, 0:13:00.960 --> 0:13:02.840 which they already have from the who Is look up 0:13:02.880 --> 0:13:07.199 of the website and then the credit card number they 0:13:07.240 --> 0:13:11.360 gave at the at the call they made earlier. So 0:13:11.520 --> 0:13:14.960 there's now this credit card number that is legit because 0:13:15.000 --> 0:13:17.800 they provided it. It's not the same one that was 0:13:17.880 --> 0:13:20.720 used to establish the account in the first place. So 0:13:20.760 --> 0:13:24.120 then Amazon says, oh, all right, well, we'll send you 0:13:24.160 --> 0:13:27.199 the password to the account. Here's which email I addressed 0:13:27.280 --> 0:13:31.920 you wanted to go to. So they hackers give their 0:13:31.960 --> 0:13:34.680 email address or an email address that they have created 0:13:34.760 --> 0:13:38.440 for the purposes of this hack. So now Amazon sends 0:13:38.480 --> 0:13:43.160 the log in information to UH to Amazon dot Com, 0:13:43.800 --> 0:13:48.800 to that account, to the email they log into the 0:13:48.840 --> 0:13:51.920 Amazon dot Com account, and then they look for the 0:13:52.000 --> 0:13:55.360 other credit card number, the one that was actually used 0:13:55.480 --> 0:13:58.840 to establish that account. So this is Honan's actual final 0:13:58.920 --> 0:14:03.240 four digits because those are unmasked in the Amazon dot 0:14:03.240 --> 0:14:06.800 Com system. Yes, they masked the rest of it, right, Yeah, 0:14:06.800 --> 0:14:08.520 the rest of the numbers are masked. So it's not 0:14:08.600 --> 0:14:11.160 that the hackers ever had access to the credit card, 0:14:11.200 --> 0:14:13.440 other than they could have bought a whole bunch of 0:14:13.440 --> 0:14:16.720 stuff on Amazon and had it sent somewhere. But that's 0:14:16.720 --> 0:14:19.440 all that's. Yeah, that's what they could have done if 0:14:19.440 --> 0:14:22.320 they had wanted to, but they could not actually pull 0:14:22.400 --> 0:14:25.080 the credit card number itself other than the last four digits. 0:14:25.480 --> 0:14:28.240 But those last four digits are what Apple needs for 0:14:28.400 --> 0:14:32.720 account verification, right, So they take those four digits, they've 0:14:32.760 --> 0:14:35.160 got the building address, They give a call to Apple. 0:14:35.480 --> 0:14:39.320 They give that information, and because Honan used the same 0:14:39.560 --> 0:14:43.200 billing address and the same credit card for both services, 0:14:44.000 --> 0:14:47.400 Apple said, oh, well then you're clearly this guy. We 0:14:47.440 --> 0:14:52.720 will send you the account retrieval information to your email address. 0:14:52.800 --> 0:14:55.800 So then they now have the way to log into 0:14:56.040 --> 0:14:59.720 Honan's iCloud account. They do that. That's where they then 0:15:00.080 --> 0:15:04.320 disable his devices. They wipe them to help slow things 0:15:04.360 --> 0:15:07.680 down so they can continue to do this stuff. Now 0:15:07.680 --> 0:15:10.280 they have access to his Apple email, they have access 0:15:10.280 --> 0:15:12.960 to his Amazon account. That's when they go to the 0:15:12.960 --> 0:15:18.040 Google password recovery asked for the recovery information so that 0:15:18.080 --> 0:15:21.320 they can access his Google account. Well, that goes to 0:15:21.440 --> 0:15:25.640 his Apple address, which they already have access to. The 0:15:25.680 --> 0:15:27.760 information comes to the Apple address, they go into the 0:15:27.760 --> 0:15:33.840 Google account. They immediately delete the password recovery UH email 0:15:33.960 --> 0:15:36.000 out of his account so that if he has any 0:15:36.000 --> 0:15:40.880 other devices that would alert him that his password had 0:15:40.920 --> 0:15:44.000 been changed. That he would not be aware of it, 0:15:44.200 --> 0:15:47.480 so they they hide that, they change the password so 0:15:47.520 --> 0:15:49.840 that now they've locked him out, they have access to 0:15:49.840 --> 0:15:52.160 his Google account. They then were able to go and 0:15:52.200 --> 0:15:57.240 get access to the Twitter account. Um, this is kind 0:15:57.280 --> 0:16:00.440 of scary. And again it has nothing to do with 0:16:00.600 --> 0:16:04.440 sitting down encoding stuff. It is hacking. You're hacking a system, 0:16:04.480 --> 0:16:08.560 but you're doing it more through social engineering and manipulating 0:16:08.760 --> 0:16:12.400 policies and systems. Right, So if you guys remember we 0:16:12.480 --> 0:16:14.480 had that discussion and I think it was episode three 0:16:14.680 --> 0:16:17.560 D ninety nine where we interviewed Brian Brushwood and we 0:16:17.600 --> 0:16:20.960 talked about social engineering. Now with Brushwood, his approach to 0:16:21.000 --> 0:16:26.040 social engineering is more about you know, having fun and uh, like, 0:16:26.080 --> 0:16:29.280 you're in a social situation where you you know, you 0:16:29.320 --> 0:16:31.800 never have to buy a drink because you're doing these 0:16:31.800 --> 0:16:34.360 cool things and convincing other people to buy drinks for you, 0:16:34.520 --> 0:16:36.680 or you know, you're doing something so that you can 0:16:36.720 --> 0:16:40.000 get the phone number of someone you're interested in. So 0:16:40.160 --> 0:16:44.280 you're still social engineering people, but it's not necessarily this 0:16:44.520 --> 0:16:49.000 as nefarious as uh as what these hackers were doing. Yeah, 0:16:49.320 --> 0:16:52.440 and it's not typically what one thinks of when one 0:16:52.480 --> 0:16:56.120 thinks of identity theft. I mean again, UM, a lot 0:16:56.160 --> 0:16:59.360 of us would look at the specifically maybe the Amazon 0:16:59.480 --> 0:17:01.880 portion of this or an online retail portion of this, 0:17:01.960 --> 0:17:04.160 and say, oh, well, they got access to his credit 0:17:04.200 --> 0:17:06.600 card number, they can buy stuff. Well yeah, and in 0:17:06.600 --> 0:17:10.640 a lot of cases that maybe what a hacker might 0:17:10.760 --> 0:17:15.200 try to do. After all, we have talked about uh 0:17:15.280 --> 0:17:19.440 online systems being hacked for financial information and financial gain, 0:17:20.040 --> 0:17:23.760 but that's not the point of this. Um, the system 0:17:23.800 --> 0:17:25.719 that I was speaking of a few minutes ago, when 0:17:25.760 --> 0:17:28.640 I was saying that ironically, some of these things were 0:17:28.680 --> 0:17:33.040 turned against him tools that would be used to protect him. Um, 0:17:33.080 --> 0:17:36.760 if you're not in an Apple customer, you may not 0:17:37.119 --> 0:17:40.119 be aware. There's a there's a uh an I cloud 0:17:40.240 --> 0:17:44.720 system uh called find my and there're a couple of 0:17:44.760 --> 0:17:49.760 them like find my iPhone. Yeah. Um, so let's say, uh, 0:17:49.840 --> 0:17:52.399 you know, we're talking completely behind here. Let's say you 0:17:52.440 --> 0:17:55.520 have an iPhone and your kid has run off with 0:17:55.560 --> 0:17:58.879 it and stuffed it somewhere in some piece of furniture 0:17:59.080 --> 0:18:01.280 or dropped it and or you left it in a 0:18:01.280 --> 0:18:03.159 cab or you left it in a cab. Well, if 0:18:03.200 --> 0:18:06.800 you're if you're Natalie Dell Conti well yeah, um, well, 0:18:06.840 --> 0:18:09.320 I was gonna start with the the easy one. You 0:18:09.359 --> 0:18:11.199 can make it. You can make your phone make a 0:18:11.240 --> 0:18:13.840 noise so you know it's in the house, but you 0:18:13.840 --> 0:18:16.000 can't figure out where it went. I'd like to have 0:18:16.040 --> 0:18:17.840 one of these for my keys and maybe the remote. 0:18:18.240 --> 0:18:20.280 But you know you can. You can make it make 0:18:20.320 --> 0:18:22.480 a noise, or if you've left it in a cab, 0:18:23.400 --> 0:18:27.239 you can have it tell you roughly where it is. Uh. 0:18:27.400 --> 0:18:29.359 This is especially useful if you can't remember if you 0:18:29.440 --> 0:18:31.600 left it in a cab, or if you at a 0:18:31.680 --> 0:18:34.360 restaurant whatever, or you know, you were at a bar 0:18:34.720 --> 0:18:39.040 and you had a prototype version of the newest iPhone 0:18:39.640 --> 0:18:41.119 and it was sitting on the stool next to you 0:18:41.200 --> 0:18:42.560 when you were sitting there at the bar, but then 0:18:42.560 --> 0:18:44.879 when you turned around it was gone, and then it 0:18:44.960 --> 0:18:49.320 ends up at some tech blog. Yeah, well that could happen. Yeah, 0:18:49.520 --> 0:18:53.200 they're they're Twitter feed could be hacked to um. But yeah, 0:18:53.240 --> 0:18:55.000 I mean, so you can find out where it is. 0:18:55.080 --> 0:18:56.600 You can have it make a noise so that if 0:18:56.640 --> 0:18:59.080 it is in the same location as you are, Uh, 0:18:59.119 --> 0:19:01.760 you know you can you can track it down. Um. 0:19:01.800 --> 0:19:03.399 If you don't know where it is, let's say you 0:19:03.440 --> 0:19:06.640 did leave it in a in a bar somewhere and uh, 0:19:06.840 --> 0:19:09.400 you say, oh, well, you know it's not I don't 0:19:09.400 --> 0:19:11.760 know where that is. And you could see a location 0:19:11.800 --> 0:19:14.480 it shows you on the map where where it might be. Oh, 0:19:14.480 --> 0:19:16.919 it's no longer in my control. It's somewhere where I 0:19:16.960 --> 0:19:19.880 don't know where it is. I'm I have sensitive information 0:19:19.880 --> 0:19:22.560 on there. My my calendars on there, my contacts are 0:19:22.600 --> 0:19:25.359 on there. Um as as Honan himself said, you know 0:19:25.440 --> 0:19:30.880 he had um information from many other tech journalists. Um, 0:19:31.320 --> 0:19:33.760 so he might just let's say he was still in 0:19:33.760 --> 0:19:35.960 control of his accounts, but no longer in control of 0:19:36.000 --> 0:19:39.520 the device. He could say, wipe this device. I don't 0:19:39.520 --> 0:19:43.159 want anything on it anymore. You know, I want to 0:19:43.200 --> 0:19:45.520 wipe it clean so that nobody else gains information in 0:19:45.600 --> 0:19:47.800 my personal stuff. It's only a matter of time before 0:19:47.840 --> 0:19:51.200 they figure out my my pass code. Wipe it clean. 0:19:51.520 --> 0:19:52.800 You know, you can tell it to do that and 0:19:52.800 --> 0:19:55.879 it will remotely do that. Apple has added that for 0:19:56.040 --> 0:19:59.600 the Mac to find my mac. So in that case, 0:20:00.040 --> 0:20:05.640 let's say he had corporate information. Many companies have have 0:20:06.040 --> 0:20:08.920 this policy in place. Yes, you can check your corporate 0:20:08.920 --> 0:20:12.960 email on your personal device, but if you do that. Um, 0:20:13.040 --> 0:20:15.919 we retain the right to wipe the information on the 0:20:15.960 --> 0:20:20.320 device if it should fall into somebody else's hands, or 0:20:20.520 --> 0:20:23.480 let's say that you were to, uh, you were to 0:20:23.480 --> 0:20:27.240 to either be fired or you you know, you left 0:20:27.320 --> 0:20:29.159 or whatever. They might retain that right so that they 0:20:29.160 --> 0:20:32.400 can protect themselves as a corporate entity. Yeah, so there 0:20:32.440 --> 0:20:36.040 there are positive reasons to be able to do this 0:20:36.400 --> 0:20:40.800 in this case. Once the hackers gained information about his 0:20:40.840 --> 0:20:43.159 account and we're able to get access to his account 0:20:43.200 --> 0:20:48.200 and lock him out, Um, they also chose to completely 0:20:48.240 --> 0:20:54.840 wipe his phone, his iPad, and his Mac laptop. And 0:20:54.920 --> 0:20:58.879 in doing so, they not only wiped out any you know, 0:20:59.359 --> 0:21:02.320 corporate in formation. He's he's a freelance writer, so any 0:21:02.440 --> 0:21:04.040 articles he might have been working on that were on 0:21:04.080 --> 0:21:07.760 his hard drive gone. He also lost a year's worth 0:21:08.119 --> 0:21:11.440 or more, I guess the photos of personal photos, personal 0:21:11.520 --> 0:21:17.680 stuff that that he had created. And Yeah, Liz leads 0:21:17.720 --> 0:21:20.720 us to the the thing that we have said a 0:21:20.800 --> 0:21:23.479 billion times on this podcast that is an exaggeration, but 0:21:24.119 --> 0:21:27.600 back up your data. Yeah, and he admits, he admits 0:21:27.640 --> 0:21:30.880 he was not regularly backing up his hard drive. This 0:21:30.920 --> 0:21:33.280 is not to to pick on him or anything else. 0:21:33.440 --> 0:21:36.120 It's something that he wishes in retrospect he had been 0:21:36.160 --> 0:21:40.919 doing on a regular basis because, um, oddly enough, this 0:21:41.000 --> 0:21:42.840 is where this this is where this story takes an 0:21:42.920 --> 0:21:46.600 unusual turn. He has been in contact with his hackers 0:21:47.000 --> 0:21:51.560 and has agreed not to put in in return. They 0:21:51.560 --> 0:21:54.120 were telling him how they did it. Yes, and uh, 0:21:54.200 --> 0:21:55.800 I think first of all, the first thing we can 0:21:55.840 --> 0:21:59.880 agree on easily is that Amazon has to change its policy. 0:22:00.240 --> 0:22:05.000 Well yeah, because because that's the first step that means 0:22:05.000 --> 0:22:11.359 that anyone could access anyone else's Amazon account. Well, um, 0:22:11.720 --> 0:22:14.159 I wasn't gonna get there quite yet. I wanted to 0:22:14.200 --> 0:22:17.159 make the point that this is where it kind of 0:22:17.160 --> 0:22:20.439 gets a little weird, because they they shared all this 0:22:20.520 --> 0:22:23.000 information with him, and this is how he was able 0:22:23.040 --> 0:22:26.399 to write such a comprehensive, uh post on on Wired 0:22:26.400 --> 0:22:29.119 about it was they they told him what they were doing, 0:22:29.240 --> 0:22:32.200 what the point of it was. Um, they admitted, look, 0:22:32.240 --> 0:22:35.720 you know, we weren't trying to to steal your your stuff. 0:22:35.760 --> 0:22:38.320 We weren't really trying to wipe out your your personal life. 0:22:38.560 --> 0:22:42.800 We have nothing against you personally. We wanted your Twitter account. Um. 0:22:43.240 --> 0:22:48.040 The guy that that that he talked to primarily um 0:22:48.440 --> 0:22:52.359 was saying, essentially, hey, uh, you know, my partner was 0:22:52.400 --> 0:22:55.399 the one who wiped out your computer. And now that 0:22:55.440 --> 0:22:57.919 you tell me all your personal files, your your the 0:22:57.920 --> 0:23:01.800 pictures of your your kid were on here, I'm really sorry. Yeah, 0:23:02.040 --> 0:23:05.200 I'm actually really sorry. I didn't mean to to cause 0:23:05.240 --> 0:23:08.959 you personal harm as a result of this. And they say, now, 0:23:09.000 --> 0:23:12.480 I don't know, you know, I don't know whether their 0:23:12.480 --> 0:23:14.879 motives are are as pure as they say. You know, 0:23:14.880 --> 0:23:16.600 they say part of it was that they wanted to 0:23:16.640 --> 0:23:20.080 point out that it really is this easy to hack 0:23:20.119 --> 0:23:22.160 into your personal account, and they wanted to draw attention 0:23:22.200 --> 0:23:25.880 to that. Now, I took her say that all the time. 0:23:25.960 --> 0:23:29.560 I suspect, based upon the messages that they posted on Twitter, 0:23:30.560 --> 0:23:35.359 that that's something they they that's covering their tracks. I 0:23:35.359 --> 0:23:39.040