ITM310 Assignment 4: Social Media And Security Lessons Lear

Itm310 Assignment 4 It Social Media And Security Lessons Learned

ITM310 - Assignment 4: “IT Social Media and Security: Lessons Learned [the hard way!]” The assignment requires reading the article, “How Apple and Amazon security flaws led to my epic hacking” by Mat Honan, and answering specific questions based on the article. The responses should be concise, numbered to match the questions, and the submission must be a PDF of no more than two pages. All responses must be clearly numbered, and the assignment is due by November 16, 2017, at 11:58 pm. The task involves analyzing the hacking incident, understanding security protocols like two-factor authentication, evaluating the specific accounts compromised, and reflecting on personal lessons learned from the article.

Paper For Above instruction

The hacking incident detailed in Mat Honan’s account underscores critical vulnerabilities in digital security practices and emphasizes the importance of understanding how various accounts are interconnected via security information and recovery options. The attack profoundly affected multiple online accounts, illustrating the necessity for both companies and individuals to adopt robust security measures to prevent identity theft and data breaches.

Question 1: What did the hackers obtain from Amazon that would later allow them the ability to hack into accounts?

The hackers obtained Mat Honan’s Amazon account credentials, specifically his Amazon login email address and associated billing information, which included the last four digits of his credit card. More critically, they exploited Amazon’s account recovery process by gaining access to the email address linked to Amazon and using the billing details to reset the password. This access allowed them to re-secure control over Honan’s Amazon account, which served as a gateway to reset or access other linked accounts, including Apple and Google.

Question 2: What is Google’s two-factor authentication? Explain clearly and give a specific example of how it works.

Google’s two-factor authentication (2FA) adds an extra layer of security beyond just a password. It requires users to provide two separate forms of verification before gaining access to their account. Typically, after entering the password, the user must enter a one-time code sent via SMS, generated by an authenticator app, or received through other secondary methods. For example, when logging into a Google account from a new device, the user enters their password (first factor), then receives a text message with a unique six-digit verification code on their registered mobile device (second factor). This code must be entered to complete the login, making it much harder for unauthorized users to access the account, even if they know the password.

Question 3: List all four accounts hacked, with the damage, and explain why each breach could be problematic.

1. Amazon Account – The hackers gained access through account recovery, allowing them to change the email address and password, which eventually enabled access to Honan’s email and other linked accounts. The damage included loss of control over online purchasing history and potential financial data theft. This breach could lead to fraud, identity theft, and further account compromises.
2. Apple iCloud Account – Attained through Amazon’s breach, the hackers used Apple’s Find My iPhone feature to remotely wipe Honan’s devices and access his iCloud information. The damage was the loss of personal data, photos, and the ability to recover or secure digital assets. Such a breach threatens personal privacy and can facilitate further identity theft.
3. Gmail Account – The hackers reset the email password associated with Honan’s Gmail, which was critical since many account recoveries hinge on email verification. The damage included loss of email correspondence, loss of access to other connected services, and increased difficulty in regaining control over other compromised accounts. Gmail access could also enable impersonation or social engineering attacks.
4. Twitter Account – The hackers posted malicious tweets, damaging Honan's reputation and potentially causing social consequences. The breach is problematic because social accounts often contain personal information and serve as gateways to broader account recovery processes, enabling further security breaches.

Each of these breaches posed significant risks: financial loss, privacy violation, reputation damage, and further potential for identity theft and targeted attacks. Compromise of these accounts illustrates the cascading effect attacks can have when multiple accounts are interconnected without robust security measures.

Question 4: What were the final three items needed for Wired to verify the hackers’ access technique?

1. The ability to reset the account password using the same recovery questions or email access.
2. The knowledge of the last four digits of Honan’s credit card to exploit Amazon’s account recovery process.
3. Access to the email account linked to the targeted accounts, to receive verification codes and complete password resets.

Question 5: What was the hacker’s “name”?

The hacker’s pseudonym was “Johnny Way,” but his real identity, as revealed in subsequent investigations, was Kevin Mitnick, who had a history as a notorious hacker.

Question 6: Why were Mat Honan’s accounts hacked? What was the “target”?

Mat Honan’s accounts were hacked due to vulnerabilities in the security protocols of the companies involved, particularly the phone carrier, Amazon, and Apple. The hacker targeted Honan’s digital identity, primarily aiming to access and control his personal data, photos, and online services. The actual target was Honan’s digital life—his email, cloud data, and devices—highlighting a flaw in security practices that linked multiple accounts, enabling the attacker to escalate access once initial footholds were established.

Question 7: What are two lessons learned that you personally can apply after reading this article?

First, I now understand the importance of enabling two-factor authentication on all my critical accounts, especially email and banking services. This additional layer significantly reduces the risk of unauthorized access even if passwords are compromised. Second, I recognize the need for strong, unique passwords and the careful management of account recovery options. For example, avoiding security questions with publicly available answers and regularly updating recovery information can mitigate the risk of account hijacking. Implementing these practices helps protect personal data from hacking and identity theft.

References

• Honan, M. (2012). How Apple and Amazon security flaws led to my epic hacking. Wired. Retrieved from https://www.wired.com
• Grassi, P. et al. (2017). Digital Identity Guidelines. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-63-3
• Bonneau, J. et al. (2012). The quest to replace passwords: A framework for comparative evaluation of Web authentication architectures. Proceedings of the IEEE Symposium on Security and Privacy.
• O’Neill, M. (2018). The importance of two-factor authentication. Journal of Cybersecurity. DOI: 10.1093/cybsec/tyx017.
• Simmons, G. & Clare, S. (2019). Managing digital identity security. Information Security Journal. DOI: 10.1080/19393555.2019.1579875.
• Furnell, S. (2019). Cyber security for beginners. IT Governance Publishing.
• Miller, A. (2015). The psychology of password security. Cyber Psychology & Behavior.
• Cheshire, T. (2016). Protecting your digital life. Elsevier.
• Metz, R. (2020). Data breaches: How hackers exploit security flaws. Cybersecurity Review.
• Singh, R. (2021). Multi-factor authentication: the future of digital security. Journal of Information Security.