Saturday, September 11, 2010

Thunder in the Cloud: Lessons from my hacked Google Account

It was just another week in the age of insecurity. Yet another low tech Windows-only trojan spread throughout American corporations, costing a day or so of economic output and probably acquiring a rich bounty of passwords. Twitter implemented a defective OAuth security framework. Oh, and my Google (Gmail) account was hacked.

The last of these was the most important.

Cough. Go head, laugh. Check back in three years and we'll talk. For now, trust me on this. There are some interesting implications.

First though, a quick review. Nothing obvious was done to my Cloud data by the hacker, I only know of the hack because of defenses Google put in place after they were hacked by China. Secondly I used a robust and unique password on my primary Google account and I'm a Phishing/social engineering hard target. So, in order of descending probability the security flaw was
  • Keystroke logging > Google false alarm (no hack) > iPhone app credential theft > WiFi intercepts >> Google was hacked > password/brute force attack.
I changed my password, but that doesn't deal with the real security problems (keystroke logging, WiFi intercepts, App credential theft). The other changes I'm making are more important.

That's the background. Why is this interesting? It's interesting because of what we can infer about motives, and the implications for the future of Cloud computing, iOS devices, and Apple.

Consider first the motives. The hackers owned my Google credentials for 24 hours, but they did nothing. They didn't change my passwords, they didn't send any email. The most likely explanation is that the next move was to identify and attack our mutual fund accounts by taking advantage of harvested data (58,000 emails, hundreds of Googel Docs), accessible internet data, and the stupidity of mutual fund security systems.

We're not rich by American standards, but emptying our accounts would be a good return on investment for most organized criminal organizations.

Secondly if I can be hacked like this, anyone can. I am the canary in this coal mine, and I just keeled over.

Ok, maybe the impractically pure and young Cryptonomicon live-in-a-thumb-drive-VM-with-SSL geeks are relatively safe, but, practically speaking, everyone is vulnerable. Windows, OS X or Linux - it doesn't make a difference. (But the iPhone/"iTouch" and iPad do make a difference. More on that below.)

When history combines motive (huge revenue hits) with opportunity then "Houston, We have a Problem". Sometimes freaking out is not unwise. 2010 network security is a market failure. The business model of Cloud Computing is in deep trouble.

I think I know how this ends up. Somehow, some day, we will all have layers of identity and data protection, designed so that one layer can fall while others endure. Our most critical data may never be committed to the network, perhaps never on a digital device. If I were running Microsoft, Google or Apple I'd be spending millions on figuring out how to do make this relatively seamless.

That part is fuzzy. What's clear is good news for Apple, though everyone else isn't far behind. Untrusted devices, untrusted software, and untrusted networks are all dead. That means shared devices are dead too. Corporations need to own their machines and trust systems, we need to own our machines and trust systems, and when we have both a corporate and a personal identity we need two machines.

Practically speaking, we all need iPhone/iTouch/iPad class devices with screened and validated software that we carry everywhere [1]. That means the equivalent of iOS and App Store, but software apps that provide Google access need to be highly screened. Practically speaking, they need to come from Google or Apple.)

We need secure network access. For the moment, that means AT&T 3G rather than, say, Cafe WiFi (Witopia VPN is not quite ready for the mass market). Within the near term we need Apple to make VPN services a part of their MobileMe offering with seamless iOS integration. Apple currently provides remote MobileMe iPhone annihilation, we need the iPhone/iPod Touch FaceTime camera to start doing facial/iris biometrics.

Yes, Apple is oddly well positioned to provide all of these, though Google's ChromeOS mayb be close behind.

Funny coincidence isn't it? It's almost as though Apple thought this through a few years ago. I wonder what they're planning now to enforce trusted hardware. Oh, right, they bought the A4.

The page is turning on the remnants of 20th century computing. Welcome to the new world.

-- footnotes

[1] Really we need iPhone/iTouch class devices with optional external displays. Maybe in 2013.

See also:

Post-hack posts (past week):
Pre-hack posts

And some warnings of mine that were premature -- because Team Obama converted Great Depression II into the Great Recession.

1 comment:

Anonymous said...

xbcd has a relevant comic today:

I didn't reuse my Google pw, but I do reuse a password on services I'm willing to sacrifice. Even that is risky!