How hackers destroyed the "digital life" of an IT journalist in minutes. The story of Matt Honnan.

Man

Man

Professional
Messages
3,085
Reaction score
623
Points
113
rwudixetzo2xlfxz-lz7s6hc2fo.png


Even if you are a seasoned computer journalist and blogger who has written hundreds of articles about high technology, hackers can turn your digital life into ruins in a matter of minutes. This is what happened in 2012 to tech expert and Wired writer Matt Honan: within a few hours, he lost access to his Google, Amazon, Apple and Twitter accounts, as well as all the data on his iPhone, iPad and MacBook. Personal information, family photos, work documents were lost. This happened as a result of a carefully planned hacker attack, and was made possible because Matt placed too much hope in cloud technologies. However, they ultimately helped him get back what was lost. But first things first.

It was a typical summer Friday evening, Matt came home in a bad mood because his iPhone suddenly turned off. And when he connected the phone to the charger and looked at the display, he saw not a vision of a girl, but the initial setup screen with the inscription "Hello!" in different languages - someone remotely erased all the information on his smartphone.

At first, Matt thought that this was some kind of hardware failure, and the phone could be quickly restored from a backup copy stored in iCloud. He entered his own AppleID data, but the soulless piece of iron said that the password was incorrect. Another copy of the iPhone data was stored on Honnan's MacBook, but when he opened his laptop, an iCal message appeared stating that his Gmail account details were incorrect. Then the screen went dark and a request for a four-digit PIN code appeared, which Matt did not know. A similar sad picture was found on his iPad, which he had just brought home from work. The worst part was that the MacBook contained Matt's written articles, important documents, photos and videos from his trips over the past few years. And most importantly, photos of his family and newborn daughter. All the data on his three devices was destroyed.

At that moment, Honnan realized that he had become a victim of a hacker attack, but at first he thought that the intruders had penetrated his home local network. So he turned off his router and went to his neighbor's to try to do something with his computer. It was there that he learned that his "digital losses" were not limited to just Apple devices: unknown hackers had changed the password to his Google account, which is why Matt lost access to his Gmail inbox. In addition, his Amazon account details, which Honnan also regularly used, had changed. Matt realized with horror that the bad guys had probably managed to gain access to his bank accounts, too, because despite all his tech savvy and experience, Honnan had made the same common mistake as many other people on our planet: he used the same password for many services at once. To add insult to injury, while visiting his neighbor, Matt discovered that the bad guys had taken over his Twitter account. A little later, they posted a mocking tweet on his behalf that the account had been hacked by hackers hiding behind the nicknames Vv3 and Phobia.

aowtpjykujyrzycohrz9omhymqc.png


First of all, Honnan called Apple tech support and talked to their employees for an hour and a half: he was trying to find out if he would be able to return the documents, correspondence and photos stored on the laptop, copies of which were not available anywhere else. The result of the conversation did not encourage him. In fact, this was not the first call about Honnan's account that day: half an hour earlier, a hacker who introduced himself as Matt Honnan had already called tech support. Moreover, Apple later confirmed that such a call did indeed take place, but only when Honnan directly asked the tech support employees about it. And he himself found out about the call from the hacker.

Most of all, Matt was worried about the fact that he, a journalist writing about technology since the 90s, did nothing to protect his data, which means that he himself is primarily to blame for what happened. Of course, from time to time he made backup copies of his iPhone and iPad on a MacBook, but the last such copy was created more than a year ago. And, of course, there were no copies of the MacBook itself, because Honnan considered it the main device on which all the information he needed was stored. At least, he considered it so until all three Apple devices failed at once.

81wzojjtu3hiip4xwvfvdafgjee.png


Matt was the first to bring a computer back to life. When you remotely wipe the hard drive on a stolen Mac using Find My Mac, the system asks you to create a four-digit PIN so that if the computer is found, you can reverse the process. However, when the data is wiped by a hacker who has access to your AppleID account, there is no way to get this code back - as a result, everything stored on the drive is lost forever. After Honnan contacted tech support, they created a new PIN for him - this allowed him to unlock the laptop, but the device was still inoperable: clean system, no data.

Honnan then created a new Twitter account and informed his friends and followers that he had been hacked. Matt assumed that the hackers had guessed his seven-digit alphanumeric AppleID password using a brute-force dictionary attack. However, it was at this point that the evening stopped being languid, because Phobia himself responded to Honnan, assuring the victim that brute force had nothing to do with it. Matt decided to get the stranger to talk in order to find out the details of the attack and find out how the attackers managed to take over his accounts and for what purpose they did it at all - all of his funds in his bank accounts remained untouched. At first, Phobia refused to give the journalist details, but by Sunday evening he finally agreed to create a "disposable" e-mail on an anonymous mail server and answer his questions in detail in correspondence.

So, the chronology of the attack looked like this. On Friday afternoon, hackers came across Matt Honan's Twitter account, where he posted a link to his own website. The site published a contact e-mail address in the Gmail service: mhonan@gmail.com. After a little googling, the hackers were convinced that his working e-mail address in Wired magazine looks similar: mhonan@wired.com. Then they requested a password reset in Gmail, where they found that the link to change the account would be sent to the journalist’s backup address: m••••n@me.com. It’s easy to guess that “m••••n” also stands for “mhonan,” and the Me.com service is known to belong to Apple and is associated with the iCloud service. All that was left was to gain access to this mailbox.

To recover the password for mail on Apple services, the hackers needed additional information: a billing address and the last four digits of Honnan’s bank card. They found out Matt’s address using the Whois service, by entering the domain of his website. However, even if you don’t have a website with your own domain, you can find out the address in other ways: in the US, for example, Spokeo, WhitePages, and PeopleSmart are used for this. Getting hold of the last four digits of the bank card number turned out to be a little more difficult, but the hackers successfully solved this problem.

zpsrsjhbr3nfidv6hvlyotbcsmq.png


When the hackers called Amazon's tech support, they posed as Matt Honnan and said they wanted to add a new credit card to their account. To do this, they provided their username, associated email address, and billing address — all information the hackers already had. They generated the card details using a special website that creates fake but valid credit card numbers. They then hung up, called Amazon again, posed as Matt Honnan, and said they had lost access to their account. After providing their name, billing address, and the credit card number they had linked to their account during the previous call, Amazon allowed them to add a new email address to their account. All that was left was to go to Amazon's website and reset their password to the new address. Then, after logging in with the new password, the hackers saw Matt Honnan's real credit card details in his Amazon account — or rather, only the last 4 digits, but that was enough to reset his iCloud password.

At 4:33 PM, the hacker called AppleCare and introduced himself as Matt Honnan. The caller said he couldn't log into his Me.com email. The tech support representative asked for Honnan's home address and the last 4 digits of his bank card, after which he gave the caller a new password. This happened despite the fact that the caller couldn't correctly answer the security questions Matt asked during registration.

At 4:50 PM, Honnan received a message in his Me.com mailbox about the AppleID password reset, but even if he checked his inbox every minute, he still wouldn't have been able to read the letter, because the hackers immediately deleted it.

At 4:52 p.m., an email arrived in his Me.com inbox to reset his Gmail password. Two minutes later, another email arrived notifying him that his Google account password had been successfully changed.

At 5:02 p.m., the hackers reset Honnan’s Twitter password. The hackers then used iCloud’s Find My tool to remotely wipe Matt’s iPhone, a minute later they deleted all information from his iPad, erased his iCloud backups, and five minutes later wiped his MacBook.

Around the same time, the hackers completely deleted his Google account, along with his Gmail account, which contained eight years of Honnan’s emails. At 5:10 p.m., a panicked Matt called Apple tech support himself, and at 4:12 a.m., the hackers posted a message on his Twitter account claiming responsibility for the hack.

When asked “why,” Phobia replied that he really liked Matt’s three-character Twitter account — “mat” — and decided to hijack it. All other actions, including the destruction of data on the victim’s devices, were taken only to prevent Honnan from regaining control of the account. However, after the deed was done, Phobia fully justified his nickname — he was scared of the uproar: Wired wrote about the hack of a famous journalist and CNN’s evening news reported on it. That’s when he decided to confess to Honnan, saying that the formidable hacker was only 19 years old and a college student. At the same time, the next day, Honnan personally repeated all the hacker’s actions with other accounts and made sure that the method really works.

xau5pytcmsffpvwpna8gbcnvh7w.png


Honnan quickly managed to regain control of his Twitter account: to be fair, it should be said that this was largely due to Matt’s fame — he is a popular journalist, and the social network’s support team was understanding of his problem. It’s hard to even imagine how long it would take an ordinary user to regain access. But he had to tinker with his Google account. This corporation has robotic technical support, and in order to prove that you are the owner of the deleted account, you need to correctly answer a series of security questions like “what year and what month did you register with Google?” or “name the last three recipients you sent emails to from your Gmail account.” I don’t think everyone will be able to recall this information right away. However, since Gmail is a cloud service, the information is stored in Google’s clouds for some time even after the account is deleted, and it can be restored.

Honnan’s MacBook data was partially restored at a workshop that specializes in recovering information from damaged hard drives. Well, after the press releases, Apple changed the procedure for restoring an email password. Honnan himself drew simple conclusions from what happened: if he had used two-factor authentication on his Google account, perhaps nothing bad would have happened. Hackers managed to find a kind of vulnerability in the technical support protocols of two large IT companies: the same four digits of the bank card number that Amazon considered safe information to display in plain text are the same digits that Apple considers sufficient to verify identity. Well, of course, password-based security mechanisms that can be reset using social engineering are definitely outdated in the era of cloud technologies.

Honnan himself wrote about this: “I originally signed up for Apple to buy songs for 99 cents apiece, but over the years, that same ID has evolved into a single entry point that controls my phones, tablets, computers, and data-driven life. With an AppleID, someone can instantly make thousands of dollars in purchases or cause damage the cost of which cannot be determined.”

Matt got off relatively lightly: the hackers could have used his email account to gain access to online banking or financial services. In addition, during his time as a journalist, Honnan had amassed a significant number of very influential people in his contacts who could also have suffered at the hands of attackers. It is fair to say that he was lucky that the hacker was a 19-year-old guy whose goal was simply to take over someone else’s Twitter account to brag about his achievements to his friends. If someone else had been in the place of the college student, this story might have had a less happy ending.

Source
 
You must log in or register to reply here.

Similar threads

Man
The Story of the Teen Who Hacked Twitter and Stole Millions
Replies
0
Views
135
Man
Man
Man
Enter call: how an IT company from the USA is connected to telephone scammers in Ukraine
Replies
0
Views
131
Man
Man
Man
Kamchatka carder in RU received 10 years in prison for stealing money from a bank card
Replies
0
Views
171
Man
Man
Man
🗿 A graduate of the Lokhmatus Mamontovich acting school was scammed
Replies
0
Views
136
Man
Man
Man
A fired employee of a world-famous corporation hacked the network and almost killed thousands of customers
Replies
0
Views
96
Man
Man
Back
Top