Courtney Devereux finds out how easy it is to infiltrate someone's online world
‘If you’re reading this it’s too late,’ read my Netflix account panels.
Had this happened to anyone else, I can imagine it would invoke a fair amount of panic. But fortunately I knew what was happening. I had been hacked.
But this hack wasn’t random. I had brought it on myself by employing a hacker named ‘c0mpl3x’ (his real name is Jason), who is part of a small basementdwelling ‘hacker association’ called the ‘Hacky Sacks’. And yes, they are aware they sound like a boy-band.
The Hacky Sacks are a non-profit group that approaches businesses to show how easy it is to break through their systems. They then use that information to let the businesses know where their weak points are and how they can plug the holes. If a business refuses to hire the team, they will do it regardless.
Known as “white hat hackers”, these individuals are clever but perhaps not completely morally sound. A David M. Hafele study titled, Three Different Shades of Ethical Hacking: Black, White, and Gray from 2004 defined the different approaches and said the marriage of the term ethical with hacking is something of an oxymoron, analogous to calling someone an “honest criminal”. So I wanted to see how far this ‘honest criminal’ – or, as they are sometimes known, ‘penetration specialists’ – could get into my online life.
[ i ] A panicked call from my mother reminded me that I completely forgot to tell her
about this entire thing … [+] She was unimpressed with the experiment.
The Experiment
There is no individual, group or organisation that is immune from possible attacks, and each may offer something of intrinsic value to a determined hacker. But individuals can sometimes be the easiest target because they have little to no security, and are easily tricked or blackmailed.
There has been a lot of cyber crime in the news recently, from international ransomware Wannacry threatening to steal business data in New Zealand by focusing on a vulnerability in old Windows software, to Trump’s team accusing Obama of spying on him with a microwave, to Romanian cyber criminals hacking into connected toys and leaking millions of voice recordings of children and adults.
My hack wasn’t of this scale, nor would it do any permanent damage to myself, outside parties or those included in the experiment (that is, if c0mpl3x kept his side of the bargain). And the advantage I had over a normal hack was I knew it was happening. The contract stated that no private information was to be shared, all personal information was to be returned, and the hacker had exactly one calendar week to get as much information as possible.
Before the hack began, I had 12 hours to set up as many defences as I could. I set up Norton Antivirus on my Mac to protect myself against any malware, or ‘malicious software’ that could gain access to my computer without my knowledge.
I changed all my passwords, updated my laptop and made my security questions difficult and creative.
I was advised against using open WiFi, as it makes it too easy for hackers to steal your connection and download illegal files, and unlinked my accounts from one another.
At first, this all seemed tedious. How could one person break through all the defences and cautionary measures I had taken?