A Persistent Hacker and the Destruction of an Online Life

Tech writer becomes victim, loses photos, emails, device settings.

ByABC News
August 7, 2012, 4:17 PM

Aug. 8, 2012 — -- The Cloud has a lot of benefits. You can access your information from anywhere and any device, save space on your computer's hard drive, and more.

It can also have major downsides, as one tech writer has now learned.

Mat Honan, a senior writer at Wired and a former senior reporter for Gizmodo.com, learned the hard way on Friday evening that hackers had taken over his entire online life. They took over his Twitter account. They cleaned out his entire Google account and Gmail inbox. His iPhone, iPad, and MacBook were completely wiped. He has lost years of files and, more important, photos of his daughter.

"I was in my daughter's bedroom and I was playing with her and I saw the phone power down. At first I thought the battery died. I went and plugged in the phone and when I did that I got the 'activate your phone' screen," Honan told ABC News in a phone interview. Honan then grabbed his MacBook and saw alerts that his Google account password was incorrect. His MacBook then powered itself off. When he grabbed his iPad he got the same screen.

At this point, realizing something was very wrong, he suspected someone was hacking him.

"My first thought was that someone had gotten onto my local network, so I went upstairs and turned off the router," Honan said.

Anyone following Honan's Twitter account knew something was wrong as well. The account had been plastered with profane, homophobic, and racist comments. And because Honan previously controlled Gizmodo's Twitter account, followers there saw some offensive messages too.

How Did it Happen?

Over the last few days Honan has been trying to figure out how this happened to him. By putting the digital pieces together and chatting with the hacker himself, he got a pretty good idea of how it all went down.

The hacker, who revealed himself under the name of Phobia, initially came across his Twitter account. In fact, the hacker told Honan that his original intention was to just mess with his three-letter Twitter handle (@mat) and cause havoc for him and his followers.

"They said they liked the name and they wanted to take it. They have on the website of the group all the other Twitter accounts they have taken," Honan said.

From Twitter he ended up on Honan's personal webpage, and there found his personal Gmail address. From there he went to Google's account recovery page, and because Honan didn't have two-factor authentication turned on, it showed him that he had another email account with Apple, ending in @me.com.

Phobia knew he could get access to Honan's @me.com account with just his billing address and the last four digits of his credit card. The billing address was easy: He found it via Honan's registered domain name. The credit card number was harder to get, but thanks to a loophole at Amazon it was easy enough for the persistent hacker.

He knew that if you call Amazon and tell them you are the account holder and want to add a credit card all you need is the name on the account, the associated email address, and the billing address. Phobia had those all. Here comes the loophole: call back and tell Amazon you've lost access to your account, provide a name, billing address, and the new credit card number, and Amazon will let you send the new account info to a new email address.

Then back to Apple Phobia went with the credit card number and Honan's billing address. Phobia gained access to Honan's entire iCloud account and Apple @me.com address. That gave him access to Honan's other online accounts, including Google and Twitter, since Honan had all these accounts linked to each other via iCloud and Google.

"What happened to me exposes vital security flaws in several customer service systems, most notably Apple's and Amazon's. Apple tech support gave the hackers access to my iCloud account," Honan wrote on Wired. "Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information."

That's the very, very short version of what really happened. Honan has published a lengthy account of what happened on Wired.com.

Apple and Amazon Respond

Apple and Amazon have both issued statements on the security issues that have been exposed.

"We have investigated the reported exploit, and can confirm that the exploit has been closed as of yesterday afternoon," an Amazon spokesperson, Ty Rogers, told ABC News.