Disclaimer: The actual data breach was a personal google hosted Gmail service for a personal domain. No company or client data was accessed or manipulated during the below hack. Using a two-factor authentication would have stopped this hack.
When the attack happened I was at the grocery store with my wife and kids. We just got back from the park and were enjoying a rare moment in Seattle with sunshine. The memories of the event are vivid in my head and I will never forget the experience.
It was the morning and I was at the grocery store. I was in the cereal aisle and trying to decide between a Cheerios and Fruit Loops. I wanted to be healthy, but the Fruit Loops looked really good and it was going to be a busy week. Even though I believe everyone should start their day with a healthy breakfast, we all have our weaknesses sometimes.
Right after I decided to buy the Fruit Loops my phone starts to go crazy. My phone would buzz and react in a way that would only be exampled by the phone being possessed. I was frustrated because when my phone would not stop giving me a new message and I was receiving 1,000+ email messages every minute. The attack lasted only 30 minutes and sent about 1.5 million email messages.
After about 30 minutes the attack just stopped. My phone crashed before it could finish displaying all the new email messages. I had no idea what the scope or cause of the hack. I was not sure if the attack was going to resume because I did nothing to stop it. I could not do anything when the attack was running.
What just happened and what did the hackers do? I was not sure if someone started to send a fake bogus email message and never compromised my systems. My worst fear was the hack infected my business computer or my personal financial money was stolen. In this moment in the digital world, I learned that the internet can go to war with you and we have not learned what this war will be. Our life and business increasingly revolve around the digital life and the possibility of collateral damage or fraud affecting us is a risk we live with every day. This is the new cold war and we do not know who is attacking us.
I remember being worried that my credit card would be rejected at the grocery store when we checked out. It was the first test I would have to understand the scope of the hack. Thankfully my financial account and my work computers were not targeted by the breach.
I felt violated and understood right away the chance of getting justice for this breach was unlikely. Our digital life has become central to our lives and everything is attached to our digital lives. Having a stranger or foreign organization take over a part of my life in the digital age was a breach of my trust with technology. In the moment of the hack and after I felt like I could never trust a computer again.
After the initial response of violation and anger disappeared, I was determined to focus on tracking down how they hacked me, where the attack originated, and how to prevent this from happening again.
After reviewing all my logs and looking for suspicious activity I was able to confirm only my Google hosted personal domain email was comprimised. This was a attack that would only attack cloud services and stay away from hardware attack. I was lucky but I needed to protect my digital life to have trust again.
After the attack everything is fuzzy but I remember only one thing. I could not access my email and to make matters worse google locked my account and would not let me unlock it. At this moment I did not know but Google identified my account as comprimised and thankfully locked me and the hacker out of the system. Thankfully Google has the security knowledge and expertise to react quickly. However, it does not take a rocket scientist to figure out the email has been comprimised with such a large attack and very suspicious login.
To get access to my account I needed to send form to google with goverment identification and account information to regain my account. After I submitted the report I had to wait 5 business days before I get a response. Once the form was submitted I had nothing else to do. I had to wait and see what my digital life was after the attack ended. I was worried important moments in my digital life was lost forever or worse I would be forced to pay a ransom to get my digital life back. Some of the data I was scared of losing was emails between me and my wife when we first met. The emails allow me to relive my youth and re-experience the time when I first started dating my wife. I was worried I would lose pictures stored on my google drive.
After five days passed I received a email from Google Security informing me how to gain access to the email again. They informed me I was comprimised and how to reset my account. This was definetly not the first time google had this issue and as I would later learn this was a major problem for Google.
The first thing I did when I logged in was to enable two factor authentication. Two factor authentication enables restricts access by forcing to use one-time user code sent by text message or through a key fob. This is the best method to secure your digital life. This is the equivalent of airlines putting a door to the cockpit after 9/11.
Once I was able to log into my email account after the hack was strange experience. Logging into Google I was expecting resolve and wanted to rebuild my digital life. I wanted to understand what was lost. The first experience after the attack when I went back to the seen of the crime. The experience maybe me feel like my digital life was foreign and different.
Next I reviewed Google logs to see if I can find how the hack happen. To my suprise the password was not changed and the user did not have any failed logins. The hacker had my email and password before they started the attack. They had a copy of the golden key to my digital life. The password I used to access all my personal website was open with this specif golden key. I was now paranoid if I was ever safe. I had no idea how they got the password and it made me wonder if someone close initiated the attacked or I was had not follow opsec with my password. I would soon find out how they accessed my account in the news only a few months later.
At this point trying to find the why, what and who for the hack was my only goal. I was at a dead end and no clues to follow. I tracked down the hack from Brazil and Brazil is known for a large hacking community. It is possible the hack was initiated from another country and Brazil was used to hide the hacker identify. I needed to a have an understanding how the hack happen.
The day I got my answer was probably karma because the disclosure and solution happened on my birthday. The key to identifing how they received my password was disclosed when Yahoo announce a data breach. The data breach was bad and in the end the sale price of Yahoo was specifically a discount at $350 million. Shareholds lost alot of money for the breach. What happened was Yahoo stored my username and passwords in MD5 algorithm. The MD5 specific algorithm is not secure and easly hacked using modern computer (Less than a day). Someone was able to access the Yahoo data and download all the users email, name and password.
With this information I was able to identify how I was comprimised. Yahoo was hacked and the password was not stored in a secure method using modern best practices. This is the equivalent of putting a door lock and not actually locking the door. The hacker that attacked me probably bought the data through a dark net website. Once he purchased the information and the weakness of the implemented security allowed the hacker to access to the password. The password I used to access my account for Yahoo was the same password Gmail account. The hacker had my key to my digital life.
Understanding how I was hacked allowed me to harden my digital life. Enable two factor authenation allows me to block this attack. This is the allows me to add a steel door to my own digital life and clients I work for. If two factor authencation was enabled a one time password would have been sent to my phone. The hacker would need access to my phone to view my text message. This would have stopped the hack before it would have started.