Online criminals from Clan Vv3 have managed to send Amazon, Apple, Gizmodo, and Wired around the bend all together recently. Twitter and Gmail were negatively involved as well. Most of all, however, suffered the journalist Matt Honen. Not only was his Twitter account hacked, but he also lost control over his iCloud account and all Matt’s personal gadgets – iPhone, iPad, and MacBook Air were cleaned from all the data.
It all started late last week, when the official Twitter account of Gizmodo started tweeting hate sentences on behalf of the notorious Clan Vv3. Gizmodo’s administrators quickly regained control over the account and blamed in this incident their former employee Matt Honen, who left for Wired.
Journalist said in his blog on Friday that he was hacked. This case has received considerable attention in the press. On Monday, Matt Honan, in addition to his Friday’s post, published more detailed information on the issue.
It was found that an attacker was able to impersonate Matt Honan by calling the Apple help desk and providing his name, address and the last four credit card’s digits. This information was sufficient for Apple support personnel to issue a temporary password for the iCloud account. Hacker then used the service to remove information from all Apple devices linked to this account.
Originally Mr. Honan suggested that the attackers have used brute-force to compromise his seven-digit password consisting of letters and numbers. But soon the hackers themselves have contacted their victim and stated that there was no brute-force explaining that they have their own clever ways to get into other people’s mail boxes.
Attackers perfectly utilized social engineering techniques several times. Initially they used it dealing with Amazon customer service. Even before the call to Apple, Clan Vv3 first obtained access to Matt’s account at Amazon, with the purpose of finding out the last four digits of his credit card number which were necessary for the Apple hack.
To gain access to the Amazon account, cybercriminals telephoned the tech support of the Amazon, communicated the victim’s full name, street address and email address and requested to add a new credit card to his account. After that, they called back again, and said that they had forgotten the password. A new password was generated when hackers called Matt’s name, address and new credit card number, which was just added to that account.
The hacks did not end on this. iCloud account was naturally linked to Gmail. Using the password recovery system, the hackers gained access to Gmail. After a quick look at the mail, it was easy to notice that this account was also tied to the official Gizmodo’s Twitter.
Honan later found out from a conversation with a hacker, hiding under the name Phobia, that his main purpose was stealing beautiful three-digit Twitter login name owned by Matt Honan. All other break-ins, according to hacker, occurred coherently for the sake of gaining control over the journalist’s Twitter account.
Matt Honen wrote in his article later that, to a large extent, he has to blame himself, all his accounts were linked together in a garland. Once the Amazon account was hacked, attackers were able to get into Apple, it helped them then to get to Gmail, and finally access Twitter.
After this breech, Apple has blocked Apple ID password reset over the phone. Users are now directed to an online service iforgot.apple.com. Amazon also tightened the procedure for changing the password for their services. Experts note that these measures are only temporary, to exclude the possibility of such break-ins in the near future, complete reform of the security policies should be carried out.
Many pieces of news covering this issue give their security recommendations, which the journalist himself just ignored. The most common advice is to use two-factor authentication 1, and not to trust cloud services too much. Moreover, not all of them support two-factor authentication. Always back-up your most important data to physical media that you control.
1 – Two-factor authentication – an approach to authentication which requires the presentation of “two or more” of the three authentication “factors” (“something the user knows”, “something the user has”, and “something the user is”).