Apple tech support 'socially engineered' in hack of journalist's iCloud account

12467

Comments

  • Reply 61 of 121
    richlrichl Posts: 2,213member

    Quote:

    Originally Posted by djsherly View Post





    Only if you think those at giz are douches to a man/woman. As best I can tell its just the douche holding the phone that's the douche.


     


    Nope, Gizmodo is a rotten tech blog that will resort to any tactic to generate page views.

  • Reply 62 of 121
    enzosenzos Posts: 344member

    Quote:

    Originally Posted by nitewing98 View Post


    I second that emotion. I have Time Machine plus I have Carbon Copy Cloner making a bootable backup of my main hard drive. No sympathy at all.



    That's why I smell a rat. A tech geek without a hard-drive back-up = Unbelievable!


     


    And this is a site/company known for receiving stolen property then lying about it.  


     


    The breach might well be real but I see no reason to believe it until independently confirmed.


     


    And if confirmed, that only confirms that Apple staff can be conned and that the Giz journo is an idiot. 


     


    Enz

  • Reply 63 of 121
    I would love to see Apple come out with the specifics of this story - which questions (if any) were bypassed by the hacker and then show how the answers to the questions were easily discoverable, An Apple press release detailing exactly what went down would slap a richly-deserved STFU to a site that's been begging for it for at least 3 years.

    Gizmodo has no integrity. As people have already pointed out, the fact that a person supposedly knowledgable about technology would allow his digital life to exist without backup is laughable or a deliberate attempt to make the story more dramatic. Given what I know about these shitheads, I'm inclined to believe the latter. Maybe it's just a simple screwup on the part of a single person, but I'm firmly in the skeptic's camp.
  • Reply 64 of 121
    mazda 3smazda 3s Posts: 1,608member
    Why does everyone keep saying he works for Gizmodo? He USED to work for Gizmodo, he now works for WIRED. I find WIRED to be much higher quality than Gizmodo and tends to attract good writers.

    Not everyone that was attached to Gizmodo in the past is trash, so get the stick out of your ass.
  • Reply 65 of 121
    lilgto64lilgto64 Posts: 1,147member

    Quote:

    Originally Posted by SolipsismX View Post





    The story says that wasn't a factor because they didn't use brute force.

    According to the story I read his account passwords were all different. It was having access to the one email account that allowed for the password retrieval process for the other accounts.

    While he should have backups having Find My Device turned on is a good thing in case it's lost. I've taken issue with Find My Device on many occasion on this site for the lack of a passcode for turning it on/off and for the lack of additional authentication for accessing the data. There should be an additional link between devices, much like BT pairing, and an additional code, even just a PIN after you've inputed the iCloud password.

    That isn't what I read. Still, it does sound like he did use real answers to security questions which is a big mistake for anyone serious about security. I also sounds like that info wasn't used in Apple's reseting of his account.


     


    I hadn't really thought about it before but this would be a good idea - some additional warning and pin code before you can remotely wipe your device - of course how often will you do that and how likely might you be to forget the PIN code. 


     


    Using fake info when setting up some accounts may sound like a good idea but I have a buddy who got locked out of an account and when trying to reset his password he could not remember what fake info he used when he set it up. So best to do something that you can remember perhaps if our real birthdate is 2/4 use 4/2 instead, or 3/5. 


     
  • Reply 66 of 121

    Quote:

    Originally Posted by Mazda 3s View Post



    Why does everyone keep saying he works for Gizmodo? He USED to work for Gizmodo, he now works for WIRED. I find WIRED to be much higher quality than Gizmodo and tends to attract good writers.

    Not everyone that was attached to Gizmodo in the past is trash, so get the stick out of your ass.


     


    Still. Gizmodo or Wired he's an idiot for not making any backups especially his works as a reporter/blogger are probably drafted on his computer.


     


    Did he seriously think that his hard drive will last forever? Even servers have mirroring RAID.

  • Reply 67 of 121
    mazda 3smazda 3s Posts: 1,608member
    makingdots wrote: »
    Still. Gizmodo or Wired he's an idiot for not making any backups especially his works as a reporter/blogger are probably drafted on his computer.

    Did he seriously think that his hard drive will last forever? Even servers have mirroring RAID.

    I won't disagree with you there. I'm just saying that people are using the name "Gizmodo" to sweep this incident under the rug because it's seen as some "stunt".

    I seriously doubt that a respected magazine/site like Wired would want to be part of such shenanigans.
  • Reply 68 of 121
    howiehowie Posts: 68member


    Yes, we certainly wouldn't want to embarrass Apple just because a customer's security was compromised by a "glitch" resulting in the customer's ownership being stolen and data destroyed. No, preserve Apple's image at any cost!

  • Reply 69 of 121
    jragostajragosta Posts: 10,473member
    nitewing98 wrote: »
    I second that emotion. I have Time Machine plus I have Carbon Copy Cloner making a bootable backup of my main hard drive. No sympathy at all.

    Same here - except that Time Machine backup is on a RAID 5 device. Plus, I have the entire thing backed up on SkyDrive so I have an off-site.
    hill60 wrote: »
    I'd like to know more about the "social engineering" as I suspect it would involve identity theft.
    "This is my name, my date of birth, my home address, my phone number, my email address, I've forgotten my password and my questions don't work, can you help me out here, is there any more information I need to give you?"
    I doubt Apple reps (like anyone else working for a holder of secure information) would have access to credit card and social security numbers, maybe the last 3 or 4 digits but not the whole number.
    It will be interesting to see what this "social engineering" involved.

    There are just too few facts here to be of any use. What information did the criminal have? If he had personal information given to him by the 'victim', it's not a crime.

    Oh, and btw, he confirmed it with the 'hacker'. So why hasn't he filed a criminal complaint? This is a clear violation of DMCA. If that law were enforced a little more frequently, maybe security would increase. The blogger could probably do more good by turning the criminal over to the authorities than by writing a sensationalistic article about something that may or may not have involved negligence on Apple's part (if the 'hacker' had the answers to all the security questions, Apple is SUPPOSED to release the information.)

    I hate these stupid security questions. Often, I can't remember or don't know the answers. "whose birthday party did you attend when you were 4?" or "what is the name of your first girlfriend's pet snail?" or "where did you go for your first vacation?" or other such nonsense.
  • Reply 70 of 121
    rogifanrogifan Posts: 10,669member
    Is it wrong for me to not care about or have much sympathy for tech bloggers, especially ones that are referred to as "Apple fanboys"? Maybe it's just me being cynical because most of the tech sites these days are so anti-Apple it isn't even funny. And why is it that only users of Apple products get labeled as "fanboys" by the media. So the 50M people who bought Samsung phones last quarter aren't Samsung fanboys? And pro-Android posters on just about every tech site aren't fanboys, but Apple customers are?
  • Reply 71 of 121
    jragostajragosta Posts: 10,473member
    howie wrote: »
    Yes, we certainly wouldn't want to embarrass Apple just because a customer's security was compromised by a "glitch" resulting in the customer's ownership being stolen and data destroyed. No, preserve Apple's image at any cost!

    We don't know if anything was stolen.

    The only thing we know (and none of it has been confirmed by anyone outside of the publicity hounds):
    - Apple allegedly released information
    - The 'hacker' allegedly had access to the security passwords
    - The author (who is a tech blogger) didn't have any backups - and doesn't seem too concerned about the loss of data, anyway
    - The author knows the 'hacker' since he was able to confirm what happened
    - The author did not file a criminal complaint

    Now, that doesn't guarantee that Apple didn't do anything wrong. It does, however, raise some questions about the entire incident. From what is presented, it looks as though Apple was presented with the right answers to the security questions and therefore released the information as they were supposed to do. I'm not sure what you wanted them to do.
  • Reply 72 of 121
    gtrgtr Posts: 3,231member

    Quote:

    Originally Posted by djsherly View Post



    So for the benefit of the less enlightened, elucidate.


     


    LOL.


     


    That's twice.

  • Reply 73 of 121
    boeyc15boeyc15 Posts: 986member
    jragosta wrote: »
    We don't know if anything was stolen.
    The only thing we know (and none of it has been confirmed by anyone outside of the publicity hounds):
    - Apple allegedly released information
    - The 'hacker' allegedly had access to the security passwords
    - The author (who is a tech blogger) didn't have any backups - and doesn't seem too concerned about the loss of data, anyway
    - The author knows the 'hacker' since he was able to confirm what happened
    - The author did not file a criminal complaint
    Now, that doesn't guarantee that Apple didn't do anything wrong. It does, however, raise some questions about the entire incident. From what is presented, it looks as though Apple was presented with the right answers to the security questions and therefore released the information as they were supposed to do. I'm not sure what you wanted them to do.

    From what I read/heard on twit with Leo laporte.
    He was very upset he lost his data
    Apple did release information
    He did backup his other home computers.
    The hacker/thief sent a twitter message after he made a comment on his blog. They just wanted his twitter account (how in the world did you jumped to 'knows the hacker' ... Did you assume.)
    They bypassed the security message/answer at apple tech support(which is the real story if true.)
  • Reply 74 of 121
    charlitunacharlituna Posts: 7,217member
    muppetry wrote: »
    Now that should not be possible. If it's true then I'll bet Apple are scrambling to roll out some new training.

    Until we know in detail what happened, no blame can really be placed.

    The 4chan of the guy claiming to be the hacker says he did it because he was pissed at Honan for putting up a front that he's a tech expert when it was 'obvious he's a total moron'. The hacker wanted to teach Honan a lesson. That Honan had no backups was not a smart move for sure and if he is as tech stupid as this hacker claims we can't take him saying it was 'social engineering' at face value as who knows how he is defining that term

    Honan was on TWiT yesterday and it was a mess. What little he did answer didn't make sense and felt more like a pitch for his upcoming article about he whole thing. Frankly I was left with the feeling the hacker is right and Honan is basically clueless. So the suggestion that Apple did everything by a very strict book and the caller had plenty of info, given out by Honan at one time or another, to prove who he was is a viable one to me
  • Reply 75 of 121
    asdasdasdasd Posts: 5,678member


    It would be interesting to see how the supposed social engineering worked. If it was guessing the security questions it would be the user mistake. Otherwise I doubt if calling Apple would work easily, let's see what his excuse is. I bet we will find out that he gave some information, which could be used on the phone, to somebody to do this.


     


    The whole thing sounds so rehearsed. Somebody worked out that if you got someones email  iCloud or other - you could use it go retrieve other emails, and reset passwords, and close down systems. Since the iCloud password couldnt be hacked he is claiming some kind of social engineering. Possible,  the people in AppleCare might relent with someone who genuinely forgot his password and had lost email, if there was some other information which only the user should know. 


     


    So I could see this happening, if it didnt then some people would lose their iCloud for ever. However, how likely is that it happened to a gizmodo journalist, and not to a random guy on the street who then called gizmodo? Think about that. There are no known social engineering cases except a journalist for Gizmodo. 

  • Reply 76 of 121
    charlitunacharlituna Posts: 7,217member
    sabuga wrote: »
    Just wondering, If you set really easy questions for the "confirm it's you" bit, then Google searches may have the answers.

    But according to Honan that's not what happened. He wants us to believe that this hacker called Apple bad basically 'hi my name is Mat Honan and my password isn't working and I can't remember the answers to my security questions' and they just said okay and reset them.

    Other reporters have tried the same call over the past year or so, even recently, and said it was hell to get anything. And yet Honan wants us to believe someone broke protocol cause it was tea time or such.
  • Reply 77 of 121


    What do they mean by "clever social engineering"...thanks for the deets...NOT

  • Reply 78 of 121
    scott rscott r Posts: 38member

    Quote:

    Originally Posted by Mazda 3s View Post



    Why does everyone keep saying he works for Gizmodo? He USED to work for Gizmodo, he now works for WIRED. I find WIRED to be much higher quality than Gizmodo and tends to attract good writers.

    Not everyone that was attached to Gizmodo in the past is trash, so get the stick out of your ass.


    Wired is much worse, in fact.  They are largely responsible for the indefinite detention of an American whistleblower:


    http://www.salon.com/2010/06/18/wikileaks_3/


     


    It would not surprise me if this latest story is just another attempt at giving Apple a black eye and getting them to kowtow to the US government in some way or another.  Stay tuned...the next piece of news we'll hear is that some congressmen will be demanding that Tim Cook appear before them and provide answers regarding what occurred here.

  • Reply 79 of 121
    charlitunacharlituna Posts: 7,217member
    wizard69 wrote: »
    ICloud as a service is extremely flawed. If nothing else the service should have a way to backup to an owners Mac OS machine.

    There is, it's called iTunes. Been there since before iCloud.

    Not that it would help Honan cause he didn't back up his laptop and chances are that Apple won't have any method to unwipe it and they will refer him back to the warranty terms where it says they don't cover personal data
  • Reply 80 of 121
    charlitunacharlituna Posts: 7,217member
    I sure hope that AI is not going to make this a major story. Yes, a tech support guy (or gal) screwed up. Yes, Apple is going to tighten the process. But AI is going to blow this way out of porportion. AI give it a rest......

    IF someone at Apple screwed up then I'm fine with them making it a major story, but only if they can prove it was an Apple screw up. At this point the deck is still equally spilt on yea or nay.
Sign In or Register to comment.