Last week, Wired journalist, Matt Honan detailed how his digital life was wiped out in an hour by hackers. In horrifying detail, Honan writes about how he was systematically locked out of his iPhone, iPad, MacBook, as well as his Google account and it dawned on him that something was “seriously wrong”.
Honan had made a few common mistakes that we all make like not backing up, and using the same prefix for his Apple, Amazon, and Gmail accounts making them easy to guess. He says his biggest mistake was using the Find My Mac service which allowed the hacker to remotely access his Mac.
One other key mistake Honan made, was not having a Private Registration service on his domain name. He writes:
“So how did he [the hacker] get this vital information? He began with the easy one. He got the billing address by doing a whois search on my personal web domain.”
The hacker gained access to Honan’s Apple and Amazon accounts by quoting his billing address to their customer service operators who used this as part of their authentication process. Having this information was a major factor in enabling the hack to progress. Had Private Registration been enabled for Honan’s domain name, the billing address would have been harder, although not impossible, to find.
So what is Private Registration?
Domain name registries like com, net, and org require the contact details associated with a domain name to be published in a publicly accessible database called a Whois database. Whois originated in the 1980′s as a protocol for looking up information associated with domain names and IP addresses. A Whois lookup returns registration information for a domain name including the contact information of the registrant.
Private registration masks the details that are published, whilst still maintaining the correct information as mandated by the domain name registries. This means that when someone looks up a domain name, they don’t see personal contact information that can be used for nefarious purposes, they see generic information. Instead of seeing where you live, someone looking up your domain name will see:
As Cloud services become more ubiquitous, consumers and cloud services providers need to make security a top priority. The seamless elegance offered by a lot of services can result in an apathy about security and privacy, which as Matt Honan sadly learnt can have dire consequences.