WEBVTT - TechStuff Classic: More Data, More Problems 0:00:04.240 --> 0:00:07.240 Welcome to Tech Stuff, a production of I Heart Radios, 0:00:07.320 --> 0:00:13.680 How Stuff Works. Hey there, and welcome to tech Stuff. 0:00:13.720 --> 0:00:16.759 I'm your host, Jonathan Strickland. I'm an executive producer with 0:00:16.800 --> 0:00:18.599 How Stuff Works and I heart Radio and I love 0:00:18.680 --> 0:00:23.239 all things tech. And today we're gonna talk about a 0:00:23.320 --> 0:00:28.240 really pretty serious issue about hacking and personal information. That 0:00:28.400 --> 0:00:32.080 this was inspired by a real world incident that happened 0:00:32.200 --> 0:00:35.760 several years ago. This particular episode actually originally published on 0:00:35.800 --> 0:00:39.000 September three, two twelve, and at the time it was 0:00:39.040 --> 0:00:43.159 extremely topical. But I would argue that the message behind 0:00:43.200 --> 0:00:46.480 the show is one that we still should heed today, 0:00:46.520 --> 0:00:50.560 even though the actual incident now is more than seven 0:00:50.640 --> 0:00:54.640 years old. But this episode was called More Data, More Problems, 0:00:54.760 --> 0:00:58.160 and I hope you enjoy now when we're recording this, 0:00:58.360 --> 0:01:02.440 it's in August, early August twelve. It's August ten, actually, 0:01:03.000 --> 0:01:06.400 and earlier this week, there was a news story that 0:01:06.440 --> 0:01:09.960 broke throughout the Twitter sphere really first and then beyond 0:01:10.520 --> 0:01:15.120 about a tech journalist named Matt Honan who has written 0:01:15.240 --> 0:01:21.479 for various UH publications including Wired, and how he had 0:01:21.560 --> 0:01:25.880 his essentially his entire digital life hacked over the course 0:01:26.000 --> 0:01:30.920 of about thirty minutes and uh, and to kind of 0:01:30.959 --> 0:01:35.200 explain what happened. First, we'll sort of talk about the 0:01:35.840 --> 0:01:39.920 way he discovered this through his personal experience, and then 0:01:40.000 --> 0:01:42.560 how the hackers did it, and then what needs to 0:01:42.640 --> 0:01:46.120 happen so that we protect ourselves against such things happening 0:01:46.160 --> 0:01:50.560 in the future. So to start, he was he was 0:01:50.600 --> 0:01:53.720 playing with his kid and he noticed that his iPhone 0:01:54.000 --> 0:01:58.280 had shut down. It was so it crashed essentially, and 0:01:58.280 --> 0:01:59.960 he thought, oh, well, that's annoying. I guess I'll have 0:02:00.040 --> 0:02:03.520 to go and uh connected to my computer over store 0:02:03.560 --> 0:02:06.120 from back up and just get this thing going again. 0:02:06.200 --> 0:02:08.680 He didn't really think much of it, because you know, 0:02:08.760 --> 0:02:12.480 technology occasionally fails. Yes, So then he goes and he 0:02:12.560 --> 0:02:16.160 goes over to his computer and tries to start that up, 0:02:16.720 --> 0:02:20.280 and that also isn't loading up properly. It's asking him 0:02:20.360 --> 0:02:23.280 for information that he doesn't have and it won't accept 0:02:23.280 --> 0:02:26.440 his password, and so he's thinking, well, that's weird, but 0:02:26.520 --> 0:02:30.639 he doesn't again panic yet. Uh. He then thinks about 0:02:31.040 --> 0:02:36.280 trying his iPad, which also isn't working, and he tries 0:02:36.360 --> 0:02:41.280 logging into his Google account using a different computer, and 0:02:41.360 --> 0:02:45.800 that also gives him a failure, and it's at that 0:02:45.840 --> 0:02:49.440 point where he's thinking something seriously wrong is happening, and 0:02:49.480 --> 0:02:54.000 eventually he starts noticing that his own Twitter handle is 0:02:54.080 --> 0:02:57.320 posting stuff uh, and he's not the one doing it, 0:02:58.120 --> 0:03:01.120 and so he can't access his Twitter account anymore either. 0:03:01.320 --> 0:03:07.679 And they are these horrible Twitter messages with various you know, uh, 0:03:07.840 --> 0:03:12.440 inappropriate tweets going out things that are racist or homophobic 0:03:12.800 --> 0:03:16.359 or having lots of foul language in it um and 0:03:16.480 --> 0:03:20.680 it's just, you know, it's it's just beyond his control. 0:03:21.000 --> 0:03:22.720 He gets on the phone with Apple trying to find 0:03:22.720 --> 0:03:28.600 out what's going on, uh, to explain that his his 0:03:28.639 --> 0:03:32.640 account has been hacked, and it takes him quite some 0:03:32.720 --> 0:03:35.240 time before they're able to sort this out. Part of 0:03:35.240 --> 0:03:38.200 the reason is that they, for a while, we're looking 0:03:38.200 --> 0:03:41.360 at the wrong account. They had his name wrong, and 0:03:41.440 --> 0:03:43.520 so they were looking at an account that had none 0:03:43.520 --> 0:03:46.440 of the issues he was explaining. And then when the 0:03:46.680 --> 0:03:50.560 Apple representative repeated his name back to him, that's when 0:03:50.600 --> 0:03:52.720 he said, wait a minute, that's not who I am. 0:03:52.960 --> 0:03:55.800 I'm Matt Honan. You've got the wrong name. And then 0:03:55.840 --> 0:03:59.560 once they switched their focus, then they started seeing oh, 0:03:59.600 --> 0:04:03.400 well before you called in, and actually I think Honan 0:04:03.480 --> 0:04:07.000 had to ask about this. They didn't. They didn't volunteer 0:04:07.040 --> 0:04:09.800 this information. But before Honan had called in, someone else 0:04:09.840 --> 0:04:14.360 had called in to regain access. They said, to regain access. 0:04:14.360 --> 0:04:16.320 Really it was to gain access for the first time. 0:04:16.320 --> 0:04:18.839 It was the hackers who had called in too, because 0:04:18.839 --> 0:04:21.120 they had claimed that they no longer had the password 0:04:21.160 --> 0:04:24.720 or security question answers, so they could not get the 0:04:24.760 --> 0:04:27.720 password normally. They were trying to get into his dot 0:04:27.839 --> 0:04:33.919 me email right and the the reason for all of 0:04:33.960 --> 0:04:37.440 this is probably the craziest part of the story, although 0:04:37.839 --> 0:04:39.920 the pathway of how the hackers got to the point 0:04:39.960 --> 0:04:42.120 where they were able to do all these things. You know, 0:04:42.160 --> 0:04:44.520 once they got access to his iCloud account, they were 0:04:44.520 --> 0:04:46.599 able to do things like wipe his devices, which is 0:04:46.600 --> 0:04:49.839 what happened. They wiped his iPhone, his Mac, and his 0:04:50.000 --> 0:04:53.240 iPad in part to prevent him from being able to 0:04:53.279 --> 0:04:55.799 head them off. While they were going down this trail 0:04:56.640 --> 0:04:59.720 of hacking his digital life. They were also able because 0:05:00.040 --> 0:05:04.400 of the way he had interconnected various accounts. They were 0:05:04.400 --> 0:05:08.400 able to do things like reset his Google password, send 0:05:08.440 --> 0:05:11.520 the message to the dot Me address, which they already 0:05:11.520 --> 0:05:14.599 had access to. Yes, because they had gained it from Apple. 0:05:14.880 --> 0:05:17.080 Once they got the password for the Google account, then 0:05:17.120 --> 0:05:20.200 they were able to get the password for Twitter because 0:05:20.480 --> 0:05:23.919 that's where he had his Twitter account attached to his 0:05:23.960 --> 0:05:28.039 Google account, So it was kind of a leap frog thing, right, 0:05:28.080 --> 0:05:31.000 he would they could do a password recovery from one system, 0:05:31.000 --> 0:05:33.680 It would send the message to one of the email 0:05:33.680 --> 0:05:36.280 addresses that was already compromised, and then they would get 0:05:36.320 --> 0:05:39.200 access to the next thing. Turns out what the hackers 0:05:39.200 --> 0:05:42.479 were interested in from the very beginning was getting hold 0:05:42.600 --> 0:05:46.880 of his Twitter account and posting these messages. That's really 0:05:47.600 --> 0:05:49.920 just for laughs. That's all they really wanted to do. 0:05:49.960 --> 0:05:54.080 They weren't really out to make a big show that 0:05:54.240 --> 0:05:56.600 you know, it should be Matt Honan that should suffer 0:05:56.640 --> 0:05:59.640 for this. Uh. They had nothing to do with Gizmodo, 0:06:00.040 --> 0:06:04.799 which Owen had written for, and his account was linked 0:06:04.800 --> 0:06:07.839 to Gizmoto's account. It never been unlinked, even though he 0:06:07.880 --> 0:06:11.320 no longer wrote for Gizmoto, so they also had access 0:06:11.360 --> 0:06:13.800 to Gizmodo's Twitter account and hijack that for a while. 0:06:14.320 --> 0:06:17.680 Um so, you you know, it turned out the only 0:06:17.760 --> 0:06:21.120 reason they wanted to get his Twitter account was because 0:06:21.480 --> 0:06:24.159 he had one of the most rare things in Twitter. 0:06:24.640 --> 0:06:28.640 A three letter Twitter handle, yes, you know, because most 0:06:28.680 --> 0:06:31.560 people had to go with a longer Twitter handle because 0:06:31.600 --> 0:06:35.320 of course, once one's taken, it's gone. Yes, so people 0:06:35.360 --> 0:06:38.039 who managed to land one of those three letter accounts 0:06:38.080 --> 0:06:40.679 are rare, and so they thought, oh, this is that's 0:06:40.680 --> 0:06:43.320 that's why they targeted this particular Twitter account. Had nothing 0:06:43.320 --> 0:06:46.280 to do with him personally, had nothing to do with 0:06:46.320 --> 0:06:48.120 who he worked for, and had nothing to do with 0:06:48.120 --> 0:06:49.640 the fact that he was a tech journalist. It was 0:06:49.760 --> 0:06:52.960 just because his Twitter handle was three letters long. And 0:06:55.200 --> 0:06:58.240 that's crazy to me. First of all, that you know 0:06:58.320 --> 0:07:00.599 that that was the that they were were willing to 0:07:00.600 --> 0:07:02.720 go through, the steps that they had to go through 0:07:03.120 --> 0:07:06.599 in order to get this one Twitter account. Well, that's true, 0:07:06.800 --> 0:07:09.040 although it only took them a little less than an 0:07:09.040 --> 0:07:12.640 hour to accomplish. Once they had, once they had determined 0:07:12.680 --> 0:07:16.800 their route of attack, it was all over. So the 0:07:16.840 --> 0:07:20.920 way they did this was not through any kind of 0:07:21.000 --> 0:07:24.760 crazy sit down at the computer, type in the password 0:07:24.800 --> 0:07:27.400 three times and then you managed to get in type thing. 0:07:27.640 --> 0:07:32.120 And it certainly wasn't a Hollywood style hacker brute force 0:07:32.160 --> 0:07:36.240 attack where there was uh, you know, some group of 0:07:36.240 --> 0:07:38.920 of hackers trying everything they could to brute force their 0:07:38.960 --> 0:07:41.720 way in. Yeah, it wasn't like a computer program that 0:07:41.800 --> 0:07:44.160 was just running password after password and you see the 0:07:44.200 --> 0:07:48.080 little like digits flip up each time you hit one. 0:07:48.160 --> 0:07:52.000 That's correct, That wasn't what happened. What happened was much 0:07:52.080 --> 0:07:55.720 more simple, really in a way, because I had nothing 0:07:55.760 --> 0:07:59.040 to do with using code. It has everything to do 0:07:59.080 --> 0:08:02.200 with manipulating SISS stems, but from a person perspective, not 0:08:02.480 --> 0:08:07.080 or or a policy perspective, not from a technological one. Yeah. 0:08:07.320 --> 0:08:12.400 And it's it's also clear that although Apple's security procedures 0:08:12.960 --> 0:08:16.600 are in part to at fault, um, they are not 0:08:16.640 --> 0:08:20.560 the only ones the hackers targeted to get more information 0:08:20.680 --> 0:08:25.640 on on Honan and that um, it just so happened that, uh, 0:08:26.120 --> 0:08:31.440 the information they needed coincided across multiple companies with his accounts, 0:08:31.760 --> 0:08:34.800 and once they got some information from a couple of places, 0:08:34.840 --> 0:08:38.440 they were easily able to go in and fiddle with 0:08:38.480 --> 0:08:43.719 other stuff. There are really three parties that are I 0:08:43.920 --> 0:08:45.840 don't want to say at fault you don't blame the victim. 0:08:46.000 --> 0:08:47.920 There are three party There are three parties that made 0:08:47.920 --> 0:08:50.280 this possible for the hackers to get the access to 0:08:50.520 --> 0:08:53.920 to the accounts. One of those is Honan himself. Yeah, 0:08:54.240 --> 0:08:56.920 and he freely admits that, yes, if you he has 0:08:56.960 --> 0:09:03.480 written an incredible uh uh article that that documents this 0:09:03.720 --> 0:09:06.560 entire process and what he went through. He he blogged 0:09:06.559 --> 0:09:08.400 about it when it happened, but then he wrote up 0:09:08.800 --> 0:09:12.360 a much more comprehensive account of it for Wired and 0:09:12.480 --> 0:09:14.800 uh and it's a very interesting read. I highly recommend 0:09:14.840 --> 0:09:17.240 you read it, especially if you're concerned with your own 0:09:17.920 --> 0:09:23.840 potential security computer security. So he was at fault and 0:09:23.960 --> 0:09:26.840 not at fault. He was. He some of his choices 0:09:26.920 --> 0:09:32.400 made this possible. Uh. The Amazon, Amazon dot Com also, 0:09:32.840 --> 0:09:38.280 its policies made this possible, and Apple's policies made this possible. 0:09:38.320 --> 0:09:42.160 So those three parties together made it possible for the 0:09:42.200 --> 0:09:46.520 hackers to achieve this and uh and it's kind of 0:09:46.920 --> 0:09:49.960 interesting how how they came about it. Yeah, and and 0:09:50.120 --> 0:09:52.000 some of the irony as we get into this, is 0:09:52.040 --> 0:09:55.520 that some of the very things that made this possible 0:09:56.360 --> 0:10:01.920 are in place specifically to make it more difficult for 0:10:02.000 --> 0:10:06.720 someone to steal identities. So it actually uh, some of 0:10:06.760 --> 0:10:10.120 these some of these procedures actually worked in exactly the 0:10:10.120 --> 0:10:14.160 opposite way in which they weren't intended when they were implemented. 0:10:15.040 --> 0:10:20.480 So the way this started off was it was fairly clever. 0:10:20.640 --> 0:10:23.680 So they they first they started the hackers did a 0:10:23.679 --> 0:10:28.240 little recon work and they wanted to find out, um 0:10:28.280 --> 0:10:33.079 about how they would get uh the access to the 0:10:33.120 --> 0:10:36.200 Twitter account. And then they were able to find out 0:10:36.400 --> 0:10:42.200 Honan's uh email address because he has a website. They 0:10:42.240 --> 0:10:44.600 went to the website, they did a who is look 0:10:44.679 --> 0:10:47.520 up on Honan, which gave them two things, like two 0:10:47.520 --> 0:10:50.800 things they needed. They needed the email address and they 0:10:50.840 --> 0:10:54.400 needed his physical address. Yeah. Now, if you register a 0:10:54.480 --> 0:10:59.560 domain name, you are required to have contact information available. Um, 0:10:59.559 --> 0:11:04.240 and that information is publicly available now um some well 0:11:04.320 --> 0:11:06.120 we could talk about that too, but anyway, the the 0:11:06.200 --> 0:11:10.280 who is record for the domain had his information in it. Yeah. 0:11:10.440 --> 0:11:14.760 So once they had that information, the Google account and 0:11:14.800 --> 0:11:17.240 the just the email address didn't have access to the 0:11:17.320 --> 0:11:21.680 account yet. Um. They figured out that the Twitter account 0:11:21.840 --> 0:11:24.400 was linked to the personal website. That's what That's where 0:11:24.400 --> 0:11:26.240 they found the Gmail address, That's where they found the 0:11:26.800 --> 0:11:31.160 physical address. And then they started to look at the 0:11:31.200 --> 0:11:35.080 account recovery for a Google and without actually sending in 0:11:35.120 --> 0:11:39.280 a recovery request, they saw that the address, which was 0:11:39.320 --> 0:11:45.839 only partially obscured per Google's policy, wasn't at me dot 0:11:45.880 --> 0:11:50.080 com email address. That was the recovery address. Yeah, well 0:11:50.559 --> 0:11:54.960 that's an Apple thing, right. So that's where they said, Ah, 0:11:55.120 --> 0:11:58.040 now we know how to get at him because it's 0:11:58.400 --> 0:12:03.120 because his Google address, uh will go back if we 0:12:03.200 --> 0:12:05.200 did a password recovery, because that will go to an 0:12:05.240 --> 0:12:08.200 Apple address. And because we know how to manipulate the 0:12:08.200 --> 0:12:10.720 system so that we can get access to his Apple account. 0:12:11.400 --> 0:12:13.880 It's all over. And the way they got access to 0:12:13.880 --> 0:12:17.520 the Apple account was kind of interesting. Now, they did 0:12:17.600 --> 0:12:21.440 not have the password, they did not have the answer 0:12:21.480 --> 0:12:25.480 to security questions. So calling up Apple and getting access 0:12:25.520 --> 0:12:28.719 to this account would require that they have some other information. 0:12:29.080 --> 0:12:32.200 What Apple requires is that you have to have the 0:12:32.240 --> 0:12:35.199 building address and the last four digits of the credit 0:12:35.240 --> 0:12:40.840 card you used to establish that account. So what the 0:12:40.840 --> 0:12:44.360 hackers did was they said, well, there's a good chance 0:12:44.920 --> 0:12:48.959 that the same credit card this guy used to establish 0:12:49.080 --> 0:12:53.920 his iCloud account is the one that he uses for Amazon. 0:12:55.280 --> 0:12:59.520 And so instead of calling Apple first, they called Amazon first, 0:13:00.120 --> 0:13:03.480 and they said that they wanted to add a credit 0:13:03.520 --> 0:13:08.480 card number to the existing Amazon account. That's right, So 0:13:08.520 --> 0:13:10.320 they weren't trying to get the credit card number. They 0:13:10.320 --> 0:13:12.439 wanted to add a credit card number, right, So then 0:13:12.480 --> 0:13:15.440 they add a credit card number to the Amazon account. 0:13:15.920 --> 0:13:19.120 Then they hang up. Then they call Amazon back and 0:13:19.120 --> 0:13:22.160 they say that they have lost access to their account 0:13:23.200 --> 0:13:26.880 and that they will provide the name, the billing address, 0:13:26.920 --> 0:13:28.800 which they already have from the who is look up 0:13:28.840 --> 0:13:33.120 of the website, and then the credit card number they 0:13:33.160 --> 0:13:37.320 gave at the at the call they made earlier. So 0:13:37.440 --> 0:13:40.840 there's now this credit card number that is legit because 0:13:40.920 --> 0:13:43.760 they provided it. It's not the same one that was 0:13:43.840 --> 0:13:46.640 used to establish the account in the first place. So 0:13:46.679 --> 0:13:50.080 then Amazon says, oh, all right, well we'll send you 0:13:50.120 --> 0:13:53.320 the password to the account. Here's which email addressed you 0:13:53.760 --> 0:13:58.200 wanted to go to. So they hackers give their email 0:13:58.200 --> 0:14:00.760 address or an email address that they have created for 0:14:00.800 --> 0:14:04.480 the purposes of this hack. So now Amazon sends the 0:14:04.559 --> 0:14:09.840 log in information to UH to Amazon dot Com to 0:14:09.960 --> 0:14:15.240 that account, to the email they log into the Amazon 0:14:15.320 --> 0:14:18.199 dot Com account, and then they look for the other 0:14:18.679 --> 0:14:21.520 credit card number, the one that was actually used to 0:14:21.640 --> 0:14:25.520 establish that account. So this is Honan's actual final four digits, 0:14:25.520 --> 0:14:30.280 because those are unmasked in the Amazon dot Com system. Yes, 0:14:30.760 --> 0:14:33.000 they mask the rest of it, right, Yeah, the rest 0:14:33.040 --> 0:14:34.840 of the numbers are mass So it's not that the 0:14:34.880 --> 0:14:37.600 hackers ever had access to the credit card, other than 0:14:37.960 --> 0:14:39.800 they could have bought a whole bunch of stuff on 0:14:39.840 --> 0:14:44.080 Amazon and had it sent somewhere. But that's all. That's. Yeah, 0:14:44.120 --> 0:14:46.080 that's what they could have done if they had wanted to, 0:14:46.360 --> 0:14:49.200 But they could not actually pull the credit card number 0:14:49.200 --> 0:14:51.960 itself other than the last four digits. But those last 0:14:51.960 --> 0:14:56.080 four digits are what Apple needs for account verification, right, 0:14:56.720 --> 0:14:59.760 So they take those four digits, they've got the building address, 0:15:00.080 --> 0:15:02.560 they give a call to Apple, they give that information, 0:15:02.680 --> 0:15:06.560 and because Honan used the same billing address and the 0:15:06.600 --> 0:15:11.080 same credit card for both services, Apple said, oh, well 0:15:11.120 --> 0:15:14.160 then you're clearly this guy. We will send you the 0:15:14.200 --> 0:15:19.400 account retrieval information to your email address. So then they 0:15:19.440 --> 0:15:23.760 now have the way to log into Honan's iCloud account. 0:15:23.760 --> 0:15:27.479 They do that. That's where they then disable his devices. 0:15:27.520 --> 0:15:30.760 They wipe them to help slow things down so they 0:15:30.760 --> 0:15:34.320 can continue to do this stuff. Now they have access 0:15:34.360 --> 0:15:37.280 to his Apple email, they have access to his Amazon account. 0:15:37.720 --> 0:15:41.360 That's when they go to the Google password recovery asked 0:15:41.440 --> 0:15:45.000 for the recovery information so that they can access his 0:15:45.040 --> 0:15:48.920 Google account. Well, that goes to his Apple address, which 0:15:48.920 --> 0:15:52.400 they already have access to. The information comes to the 0:15:52.440 --> 0:15:54.960 Apple address, they go into the Google account. They immediately 0:15:55.000 --> 0:16:00.760 delete the password recovery UH email out of his account 0:16:00.840 --> 0:16:03.280 so that if he has any other devices that would 0:16:03.320 --> 0:16:08.760 alert him that his password had been changed, that he 0:16:08.800 --> 0:16:11.520 would not be aware of it. So they they hide 0:16:11.560 --> 0:16:14.280 that they changed the password, so that now they've locked 0:16:14.360 --> 0:16:17.040 him out, they have access to his Google account. They 0:16:17.040 --> 0:16:18.840 then were able to go and get access to the 0:16:18.840 --> 0:16:25.040 Twitter account. Um, this is kind of scary, and again 0:16:25.120 --> 0:16:27.920 it has nothing to do with sitting down encoding stuff. 0:16:28.080 --> 0:16:30.960 It is hacking. You're hacking a system, but you're doing 0:16:31.000 --> 0:16:36.680 it more through social engineering and manipulating policies and systems. 0:16:36.720 --> 0:16:39.440 So if you guys remember we had that discussion and 0:16:39.520 --> 0:16:41.560 I think it was episode three ninety nine where we 0:16:41.600 --> 0:16:45.080 interviewed Brian Brushwood and we talked about social engineering. Now 0:16:45.080 --> 0:16:48.560 with Brushwood, his approach to social engineering is more about 0:16:49.080 --> 0:16:52.600 you know, having fun and uh, like, you're in a 0:16:52.640 --> 0:16:55.640 social situation where you you know, you never have to 0:16:55.680 --> 0:16:58.400 buy a drink because you're doing these cool things and 0:16:58.440 --> 0:17:01.280 convincing other people to buy drinks for you, or you know, 0:17:01.320 --> 0:17:03.920 you're doing something so that you can get the phone 0:17:04.000 --> 0:17:06.919 number of someone you're interested in. So you're still social 0:17:06.920 --> 0:17:11.880 engineering people. But it's not necessarily this as nefarious as 0:17:12.040 --> 0:17:15.719 as what these hackers were doing. Yeah, and it's not 0:17:15.800 --> 0:17:19.600 typically what one thinks of when one thinks of identity theft. 0:17:19.600 --> 0:17:23.040 I mean again, Um, a lot of us would look 0:17:23.080 --> 0:17:26.240 at the specifically maybe the Amazon portion of this or 0:17:26.280 --> 0:17:28.760 an online retail portion of this and say, oh, well, 0:17:28.800 --> 0:17:30.919 they got access to his credit card number, they can 0:17:30.960 --> 0:17:32.879 buy stuff well you and and in a lot of 0:17:32.920 --> 0:17:37.199 cases that maybe what a hacker might try to do. 0:17:37.960 --> 0:17:42.600 After all, we have talked about uh online systems being 0:17:42.640 --> 0:17:46.679 hacked for financial information and financial gain, but that's not 0:17:46.960 --> 0:17:50.119 the point of this. Um, the system that I was 0:17:50.119 --> 0:17:52.200 speaking of a few minutes ago, when I was saying 0:17:52.280 --> 0:17:55.680 that ironically, some of these things were turned against him 0:17:56.280 --> 0:17:59.200 tools that would be used to protect him. Um, if 0:17:59.240 --> 0:18:03.159 you're not in an Apple customer, you may not be 0:18:03.240 --> 0:18:07.000 aware there's a there's a uh an I cloud system 0:18:07.560 --> 0:18:10.920 called find my and there're a couple of them like 0:18:11.000 --> 0:18:15.720 to find my iPhone. Yeah. Um, so let's say Uh, 0:18:15.760 --> 0:18:18.320 you know, we're talking completely behind here. Let's say you 0:18:18.359 --> 0:18:21.600 have an iPhone and your kids run off with it 0:18:21.680 --> 0:18:25.080 and stuffed it somewhere in some piece of furniture or 0:18:25.200 --> 0:18:27.520 dropped it and or you left it in a cab, 0:18:27.760 --> 0:18:29.320 or you left it in a cab. Well, if you're 0:18:29.359 --> 0:18:32.800 if you're Natalie Dell Conti, well yeah, um, well, I 0:18:33.320 --> 0:18:35.280 was going to start with the the easy one. You 0:18:35.320 --> 0:18:37.159 can make it. You can make your phone make a 0:18:37.200 --> 0:18:39.760 noise so you know it's in the house, but you 0:18:39.760 --> 0:18:41.959 can't figure out where it went. I'd like to have 0:18:41.960 --> 0:18:43.760 one of these for my keys and maybe the remote. 0:18:44.160 --> 0:18:46.239 But you know you can you can make it make 0:18:46.240 --> 0:18:48.440 a noise, or if you've left it in a cab, 0:18:49.320 --> 0:18:53.199 you can have it tell you roughly where it is. Uh. 0:18:53.320 --> 0:18:55.280 This is especially useful if you can't remember if you 0:18:55.359 --> 0:18:57.520 left it in a cab, or if you at a 0:18:57.600 --> 0:19:00.840 restaurant whatever, or you know, you were at bar and 0:19:01.160 --> 0:19:05.760 you had a prototype version of the newest iPhone and 0:19:05.800 --> 0:19:07.280 it was sitting on the stool next to you when 0:19:07.280 --> 0:19:08.639 you were sitting there at the bar, but then when 0:19:08.640 --> 0:19:11.080 you turned around, it was gone, and then it ends 0:19:11.160 --> 0:19:15.240 up at some tech blog. Yeah, that could happen. Yeah, 0:19:15.440 --> 0:19:19.080 there their Twitter feed could be hacked to UM. But yeah, 0:19:19.160 --> 0:19:20.959 I mean, so you can find out where it is. 0:19:21.040 --> 0:19:22.520 You can have it make a noise so that if 0:19:22.560 --> 0:19:25.040 it is in the same location as you are, Uh, 0:19:25.080 --> 0:19:27.360 you know you can you can track it down. UM 0:19:27.760 --> 0:19:29.359 if you don't know where it is, Let's say you 0:19:29.359 --> 0:19:31.920 did leave it in a in a bar somewhere and 0:19:32.119 --> 0:19:35.080 uh you say, oh, well, you know it's not I 0:19:35.119 --> 0:19:37.240 don't know where that is, and you could see a 0:19:37.280 --> 0:19:39.119 location it shows you on the map where where it 0:19:39.200 --> 0:19:42.160 might be. Oh, it's no longer in my control. It's 0:19:42.240 --> 0:19:44.720 somewhere where I don't know where it is. I'm I 0:19:44.760 --> 0:19:47.480 have sensitive information on there. My my calendars on there, 0:19:47.560 --> 0:19:51.080 my contacts are on there. Um as as Honan himself said, 0:19:51.119 --> 0:19:56.800 you know he had um information from many other tech journalists. UM, 0:19:57.280 --> 0:19:59.639 so he might just let's say he was still in 0:19:59.680 --> 0:20:01.879 control of his accounts, but no longer in control of 0:20:01.920 --> 0:20:05.440 the device. He could say, wipe this device. I don't 0:20:05.480 --> 0:20:09.119 want anything on it anymore, you know, I want to 0:20:09.119 --> 0:20:11.440 wipe it clean so that nobody else gains information in 0:20:11.560 --> 0:20:13.720 my personal stuff. It's only a matter of time before 0:20:13.760 --> 0:20:17.160 they figure out my my pass code, wipe it clean. 0:20:17.480 --> 0:20:18.760 You know, you can tell it to do that and 0:20:18.840 --> 0:20:22.080 will remotely do that. Apple has added that for the 0:20:22.119 --> 0:20:26.040 Mac to find my Mac. So in that case, let's 0:20:26.040 --> 0:20:32.200 say he had corporate information. Many companies have have this 0:20:32.480 --> 0:20:35.200 policy in place. Yes, you can check your corporate email 0:20:35.240 --> 0:20:38.880 on your personal device, but if you do that, um, 0:20:39.000 --> 0:20:42.280 we retain the right to wipe the information on the device. 0:20:42.440 --> 0:20:46.680 If it should fall into somebody else's hands. Or let's 0:20:46.720 --> 0:20:49.480 say that you were to uh, you were to to 0:20:50.080 --> 0:20:53.600 either be fired or you you know, you left or whatever, 0:20:53.600 --> 0:20:55.639 they might retain that right so that they can protect 0:20:55.640 --> 0:20:58.760 themselves as a corporate entity. Yeah, so there there are 0:20:59.160 --> 0:21:02.520 positive reason uh to be able to do this in 0:21:02.520 --> 0:21:07.159 this case. Once the hackers gained information about his account 0:21:07.160 --> 0:21:09.240 and we're able to get access to his account and 0:21:09.280 --> 0:21:14.480 lock him out, um, they also chose to completely wipe 0:21:14.560 --> 0:21:21.040 his phone, his iPad, and his Mac laptop. And in 0:21:21.080 --> 0:21:24.840 doing so, they not only wiped out any you know, 0:21:25.280 --> 0:21:28.760 corporate information. He's he's a freelance writer, so any articles 0:21:28.800 --> 0:21:30.040 he might have been working on that we're on his 0:21:30.160 --> 0:21:34.400 hard drive gone. He also lost a year's worth or more, 0:21:34.440 --> 0:21:38.440 I guess the photos of personal photos personal stuff that 0:21:38.440 --> 0:21:43.879 that he had created. And yeah, Liz leads us to 0:21:43.960 --> 0:21:47.520 the the thing that we have said a billion times 0:21:47.520 --> 0:21:50.439 on this podcast that is an exaggeration, but back up 0:21:50.480 --> 0:21:54.199 your data. Yeah, and he admits he admits he was 0:21:54.240 --> 0:21:57.080 not regularly backing up his hard drive. This is not 0:21:57.480 --> 0:22:00.119 to pick on him or anything else. It's something that 0:22:00.160 --> 0:22:02.879 he wishes in retrospect he had been doing on a 0:22:02.880 --> 0:22:07.520 regular basis. Because, um, oddly enough, this is where this 0:22:07.520 --> 0:22:10.840 this is where the story takes an unusual turn. He 0:22:10.880 --> 0:22:13.680 has been in contact with his hackers and has agreed 0:22:13.760 --> 0:22:18.359 not to in return, they were telling him how they 0:22:18.359 --> 0:22:21.040 did it. Yes, and uh, I think first of all, 0:22:21.080 --> 0:22:24.040 the first thing we can agree on easily is that 0:22:24.119 --> 0:22:28.600 Amazon has to change its policy. Well, yeah, because because 0:22:29.400 --> 0:22:32.360 that's the first step that means that anyone could access 0:22:32.400 --> 0:22:38.080 anyone else's Amazon accounting. This Well, um, I wasn't going 0:22:38.119 --> 0:22:40.320 to get there quite yet. I wanted to make the 0:22:40.359 --> 0:22:43.359 point that this is where it kind of gets a 0:22:43.400 --> 0:22:47.320 little weird, because they they shared all this information with him. 0:22:47.920 --> 0:22:49.639 This is how he was able to write such a 0:22:49.680 --> 0:22:54.040 comprehensive post on onn Wired about it was. They told 0:22:54.119 --> 0:22:57.000 him what they were doing, what the point of it was, Um, 0:22:57.040 --> 0:23:00.359 they admitted, look, you know, we weren't trying to deal 0:23:00.480 --> 0:23:03.120 your your stuff. We weren't really trying to wipe out 0:23:03.119 --> 0:23:06.160 your your personal life. We have nothing against you personally. 0:23:06.560 --> 0:23:10.520 We wanted your Twitter account. Um. The guy that that 0:23:10.520 --> 0:23:16.240 that he talked to primarily UM was saying, essentially, hey, 0:23:17.240 --> 0:23:19.160 you know, my partner was the one who wiped out 0:23:19.160 --> 0:23:22.200 your computer. And now that you tell me, all your 0:23:22.240 --> 0:23:25.160 personal files, your your the pictures of your your kid 0:23:25.240 --> 0:23:29.560 were on here. I'm really sorry. I'm actually really sorry. 0:23:29.600 --> 0:23:32.240 I didn't mean to to cause you personal harm as 0:23:32.240 --> 0:23:35.000 a result of this. And and they say, now, I 0:23:35.040 --> 0:23:38.760 don't know, you know, I don't know whether their motives 0:23:38.760 --> 0:23:40.959