Apple, Amazon prove the "cloud" isn't safe
(MoneyWatch) Everyone in the high-tech industry, along with the usual ardent early-adopters, is betting heavily on the emerging Internet "cloud." What often gets overlooked are the drawbacks, as tech writer Mat Honan learned when hackers destroyed his digital life. Not inconvenienced; not interrupted. Destroyed. He lost all the photos he had of his daughter, as well as many documents and emails that were presumably important to him.
Honan had trusted heavily in the convenience and seeming ubiquitous nature of cloud computing. That approach calls for storing all your content on the cloud, tying all your devices together with grand and expansive systems, and using uber-sophisticated software to control and protect everything. The payback: You always have access to everything you want when you need it.
However, systems and machines ultimately rely on human beings, and getting people to always do what is prescribed is a losing battle.
What happened
Here is the nut of Honan's experience in his own words:
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
How did hackers pull this off? Was it some powerful new virus or spyware that peeled back all Honan's secrets? Nope. It was a practice called social engineering, when a determined person or group plays on the weaknesses of business processes and the gullibility and laziness of other human beings.
Plenty of blame to go around
The most basic fault was Honan's. He didn't back up his data in his home, trusting that what he put into someone's cloud would always be there and that the security procedures were adequate. He "daisy-chained" his accounts at Apple (AAPL) and Amazon (AMZN) for convenience. That allowed the hackers to crack his Amazon account and then use that information to access his Apple account, which got them into his Gmail account and eventually his Twitter account (apparently what they had wanted all along).
But his nonchalance was aided and abetted by how Amazon and Apple -- and entirely too many other technology companies -- conduct business:
But what happened to me exposes vital security flaws in several customer service systems, most notably Apple's and Amazon's. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information -- a partial credit card number -- that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.
Vendors aren't ready
Every time new technology comes about, it takes time for industries to realize just how dangerous their previous practices were. ATM receipts were one of the big drivers for banks to realize that printing out the entire account number was dangerous. And how long did it take for credit card companies to eradicate the carbon paper between copies of credit card slips after it became clear that the unscrupulous could walk off with an identity theft cheat sheet? How many companies online still use the last four numbers of an account to verify a user?
If such issues are problematic in general, they are devastating when it comes to cloud computing, especially when people place too much trust in what are, after all, inherently fallible systems (even when they are technically adept and should know better). What does that suggest for the average consumer or business who trusts too unwisely and yet too well?