Scorching The Earth
The sphere is lit up with the latest tale of woe, which has befallen a prominent writer in the technology space. It is a terrible event, to experience this particular invasion in one’s life, and not to mention the loss of not just the sense security but the actual loss of invaluable data, especially pictures of children that cannot be replaced/retaken. While I empathize with the plight to reconstruct his life, and appreciate the journalistic approach toward soliciting insight from the alleged hackers… I’m not entirely in agreement with the finger-pointing to Amazon and Apple. At least not in the same way that’s being discussed. Yes, two-factor authentication is desirable. Yes, it’s a good lesson for security vs. ease-of-use. Yes, entrusting information to others expose oneself to risks, when the other party isn’t demonstrating the same diligence at managing your information. However, the failure somewhat overlooked, once again, is that social engineering was the attack vector — similar to the CloudFire incident from a few months ago — and no amount of technology will solve this no-tech grandfather challenge.
As I’ve stated, while both Apple and Amazon were exploited by the attackers, can you imagine a consumer world without the conveniences offered by both companies? Imagine if you had to key in credit card numbers, every single purchase? Once upon a time, that was the practice, and people griped and likely demanded storing of their credit cards. So it came to be. Or needing to work with customer service in resetting account credentials and having to actual go through deep-dive vetting, as opposed to the PIN method? How do I know, because people are lazy and carefree about that kind of behavior, until it jumps up and bite them. Don’t believe me? Think about how many people write their PIN on the ATM cards… don’t pretend that scenario does not happen. Ease wins over security, almost all the time. So now, suddenly, it’s Apple’s and Amazon’s fault that the convenience they offered is exploited. Sure, some processes got subverted and what was a feature now became a huge risk, but that’s what happens when intention and design are not fully aligned — or at least not fully considered. The moment any personal information is put out onto the web, you have already accepted the risk that information may be subject to misuse.
Then the part of not backing up, except into “one” cloud. One cloud is better than a drive array of one’s own making, but imagine a company only backing up business critical information one time via one device. That solution would be laughed and rejected out of the room so fast, yet in our personal lives, people are a lot more cavalier about the value of personal information. LinkedIn’s breach is going to cost them millions of dollars, what is the worth for pictures of Zoe as a baby, or the simple sense of well-being and privacy? What’s more shocking is the shock that there are hackers who aren’t even looking for a financial gain necessarily, but acting destructive wanton purely for entertainment value — to amuse themselves and pass the time. I’ve seen that movie before, the one called rm -rf / because if the attack isn’t successful moving forward, let’s make sure there’s no traces left behind. In case I haven’t written the word back up enough, make sure adequate back up exists, because who knows what may happen to the data even if it were hackers erasing drives. Backups are for expecting the un-expected. That is all. Harnessing technology is clearly a Promethean effort, let’s make sure hands are not burned in the process.