My Phone Was Hacked: How You Can Protect Yourself

About a week ago, some hackers called T-Mobile pretending to be me. Armed with only name, phone number and the last four digits of my social, these hackers were able to reassign my phone number to a SIM card that they controlled.

After taking over my phone number, they proceeded to use two-factor authentication to log into all of my email accounts, data storage accounts and nearly all of my social media accounts. After they had changed my passwords and deleted my recovery options, their next step was to call my wife (the last number to text me) and attempt to extort bitcoin from me in order to recover my accounts.

I was shocked by how vulnerable I was through this single point of failure. I have always taken security (somewhat) seriously. I do more than the bare minimum, including setting up 2FA on all of my important accounts. The problem with that approach, I learned, is that with a base level of knowledge about me and an unwitting T-Mobile employee, hackers were able to quickly do a tremendous amount of damage in a very short period of time.

As soon as the hackers called my wife, I had a sense that the problem had something to do with my SIM. I called T-Mobile and told them what happened, and they sent me on a wild goose chase for the next week. To date, T-Mobile has refused to admit that this happened, is refusing to investigate the issue or provide me with any information. They’re denying all of it.

When I called them to try to roll back the SIM card change, T-Mobile’s first step was to dump me onto Apple. On my first call, they said the issue was probably on my device and they connected me to Apple. The folks at Apple were incredibly responsive and helpful. They helped me recover my iCloud account in minutes, and set me up to do a full restore of the software on my device.

After the software reset, I still didn’t have my phone number back. I called T-Mobile again and was completely stonewalled. I explained what happened to about seven different people that they transferred me to, and the last person I spoke to told me that they would not roll back the SIM card change because whoever called had the last 4 of my social and was able to read a PIN that they sent the phone.

What I’ve learned is that there is a vibrant community of people who have figured out how to intercept SMS traffic. This is information that T-Mobile absolutely knows, but refused to consider during any of my calls with them. For whatever reason, they were willing to believe hackers in Europe, but completely unwilling to believe me when my identity was stolen.

After six different call sessions over about seven hours, I finally spoke to someone in tech support who rolled back the SIM card change. After this, I was able to quickly recover all of my accounts.

I’m not going to list out specifically what I’ve done to prevent this from happening again, but here are a few tips that I’ve learned through conversations with people far better qualified than me to discuss this:

  1. All carriers are susceptible to this type of hacking, so use alternatives for 2FA. I’ve gotten a 3rd party authenticator app and a physical device for 2FA. I’m splitting out my online accounts using a varied chain of these solutions for 2FA moving forward. The basic rule here, is if you’re using SMS for 2FA, you are absolutely vulnerable.
  2. I’ve started using 3rd party password generators and storage solutions, and set calendar invites to update my passwords every few months.
  3. I’m back to using physical paper storage for a number of documents, and I’ve deleted them from online storage.
  4. I created new email accounts to use exclusively as recovery options for some accounts, and I’m using phone numbers of friends and family as recovery options. This will hopefully remove more major points of vulnerability like my phone number.
  5. I’m getting off T-Mobile as soon as humanly possible. Their handling of this was appalling.

Good luck on the interwebs, people!

** This was originally published on medium.coom

Advertisements

Seed Investing Is Not Equity Investing

Loving Products vs. Analyzing Cash Flows

Yesterday was an awesome day for reading.

First, Hunter Walk wrote a great post on not worrying about market size when considering Seed Stage Investments. You should read that.

Then, you should read Aswath Damodaran burn down the house with his post on valuing young, growing companies.

I read both of these and was struck with something a mentor told me awhile ago: venture investing and equity investing are pretty much on opposite sides of the financing spectrum.

Did you know that most venture investors are admittedly bad public equity investors? It makes sense: the skills you need to be a great early stage investor have almost nothing to do with the skills you need to analyze a publicly traded stock.

At the early stage, you’re mostly interested in the team trying to solve a problem, and the problem they’re trying to solve.While that relates to a market and there are macro factors to consider, the bigger pieces are harder to incorporate into a framework for deciding if a Seed Stage investment is a good idea, mostly because there’s so much uncertainty around it — a market can completely shift between the time you make an investment and the time in which the broader dynamics of the market really matter.

Investing in equities, on the other hand, should be a disciplined practice of analyzing the present value of the discounted future cash flows of a business. There’s a lot more data to work with at the public equities (and probably a lot more noise), but the current market dynamics matter a ton. This is further compounded by the fact that companies are hitting the public market far later in their life cycles than they used to.

A lot of investors try to think about Seed Stage investing using the framework they learned as equity analysts. While that may work sometimes, those investors are likely to miss a bunch of opportunities by overlooking great teams building great products.

** This was originally published on medium.com

2017: Five New Life Hacks

With a new year upon us all, now seems as good time as any to pile on with everyone else’s reflections, predictions and life tweaks.

I’m a productivity enthusiast, which comes partly out of a passion for trying to extract the most ‘life’ out of my time here. Also, I find that I’m happiest when I’m slightly overwhelmed with goals. A few years ago I got into a phase of life where I was simultaneously in grad school, working full-time, interning for a VC fund, competing in triathlons and planning a wedding. I really enjoyed the discipline required to get all of that done. For whatever reason, operating at that pace makes me happy, and helps me enjoy downtime when I have it.*

As such, I’m always looking for new ways to make space on my calendar and in my head. These are a few things I’m doing right now to help with that:

1. Personal Quarterly Objectives

For the past five years, I’ve built out personal quarterly objectives for myself. I try to use the OKR format for these, taking a page out of business management frameworks for personal life management.

My objectives focus on career, personal relationships and health and wellness. Of everything I’ve done for productivity, this process is probably the highest leverage. Trying to figure out what you want to do for the next year, defining how the next three months can help get you there, and then reflecting on how you did, is simple and effective.

2. Reading and Listening > Browsing and Watching

I’ve been using most of my slack time to read books and listen to podcasts. given the choice between 15 minutes in a book versus 15 minutes browsing a social app, this one’s a no-brainer.

In terms of content, for books I’ve been mostly interested in narrative nonfiction (e.g. Michael Lewis), biographies (e.g. Walter Isaacson) and thought leadership pieces on politics, culture, technology and business. For podcasts, I’ve been listening to a lot of in-depth interview content that covers people’s life stories, or industry thought leadership. A few of my favorites right now are The Axe Files, FiveThirtyEight, a16z, and EconTalk.

It’s not easy to stay on this. The pull of scrollable content is strong. Here are a few tools I use to keep me on track:

  • I’ve got a book list list of about 50 books and I’d like to cover about eight every quarter. Having a goal gives me something to focus on, and having a list removes the ‘what should I read next’ friction.
  • I use Overcast to store podcasts on my phone for listening in the subway.
  • I deleted all social apps from my phone. I still occasionally load Facebook from my mobile browser, but it’s definitely helped to not have five different apps with feeds and notifications for me to check.
  • I use the Kindle App on my phone, and order paper books for home. I leave my phone in the kitchen at night so I’m not tempted to hop online.

3. Eating Less / Intermittent Fasting

This one is about a week old for me, but so far it’s been a great experience and I’m excited to share it. I read a blurb from Spring Chicken about the benefits of intermittent fasting, found some posts about how to do it and started trying it out. It’s shockingly simple — I don’t eat for 15–16 hours per day. I just stop eating around 9pm, and start again around noon or 1pm the following day.

A few observations:

  • My energy level is higher, not lower
  • I’m more focused and productive in the morning
  • I drink a lot more water
  • I find that even when I start eating, I’m not that hungry and I’m generally eating less throughout the day
  • I still get to drink black coffee in the morning (!)
  • I’m losing weight — but not a ton, and not in a way that feels unsustainable. This isn’t really a ‘diet’, or at least doesn’t feel like one to me. It feels more like a way to manage my energy.

4. Same Outfit

This one’s also easy, and removes another decision from my morning. At some point, I found an outfit that works for me and I bought five copies of it. Combined with skipping breakfast in the morning, I’ve removed the need to think through what to eat and what to wear when I wake up. While this sounds small, removing decisions from my morning allows me to focus on other things: planning my afternoon, spending time with my family, working out, etc. Easy win.

5. Paper for To-dos

I use a combination of Google docs and Evernote for taking notes, but I’m finding that running my personal to-dos on paper helps me remember them (because I have to write them), allows me full control (there’s no collaboration), and makes me feel like I’m making progress (crossing things off is amazing!)

That’s all I got. Happy optimizing and have a wonderful 2017!

(*As an aside, being a parent and running a company are exponentially more work than anything I’ve ever done, because both are endeavors in which your efforts are both high impact, and never sufficient. You’re never ‘done’ with either).

** This was originally published on medium.com