What other in­for­ma­tion was Ja­son able to re­trieve in just seven days?

Idealog - - OPEN SEASON -

• My Air New Zealand lo­gin de­tails, sourced from an Air­points up­date email. • My tax num­ber, and with that my IRD num­ber from my tax re­turn email. • Pay­Pal de­tails and ac­count bal­ance from the with­drawal I made. • My credit card num­ber, sourced from the card saved on My Voda­fone site. • My Face­book lo­gin. • My TradeMe lo­gin, which sup­plied my bank ac­count num­ber. • My WordPress lo­gin, which is where I hid my cus­tomer data for the ex­per­i­ment. • My Adobe lo­gins. • My phys­i­cal ad­dress, and ad­dress of my two work­places.

Be­lieve it or not, that was only the tip of the ice­berg. All that data was col­lected on the first day. When Ja­son ex­plained that the en­tire hack only took him three days to com­plete I was both hor­ri­fied and im­pressed.

The sheer ease with which he had bro­ken through the first line of de­fence was as­tound­ing, and yes, I am fully aware I ba­si­cally just gave him my pass­word. But I didn’t know how much could be gained just from emails.

Apart from my opened emails, the call from the bank and Voda­fone and the omi­nous Net­flix pan­els, I hadn’t no­ticed any of what he had been tak­ing.

Once Ja­son had ex­plained how easy my emails had made ev­ery­thing, he moved on to get­ting ac­cess through my lap­top.

When you con­nect to the in­ter­net via your home or busi­ness net­work, your com­puter is vir­tu­ally as­signed an IP ad­dress that uniquely iden­ti­fies it to the rest of the in­ter­net. Think of it like a postal ad­dress: ev­ery­thing you send out has a re­turn ad­dress so that the re­cip­i­ent knows ex­actly where to re­ply.

Usu­ally, with find­ing an IP ad­dress, the ra­dius can be rel­a­tively broad, but Ja­son could find where my net­work was con­nected to us­ing an in­ter­net router that pro­vides net­work ad­dress trans­la­tion (NAT) and trace that router to my phys­i­cal ad­dress.

The router it­self took on the as­signed IP ad­dress, then pro­vided in­ter­nal IP ad­dresses to each con­nected com­puter.

Af­ter he had found my de­vice, Ja­son could do what I was most para­noid about: ac­cess my we­b­cam. Which, ac­cord­ing to him is creepy yet in­sanely easy to do.

All it took was soft­ware called Meter­preter in­stalled onto my de­vice. Meter­preter is a ser­vice that gives the hacker com­mand shell ca­pa­bil­ity and com­mu­ni­cates back to the hacker in code so it isn’t recog­nised by any an­tiviruses.

Ja­son ex­plained that he had quite quickly been able to get past the an­tivirus on my com­puter be­cause “we are not a virus; we are a hid­den code”.

How did he man­age to in­stall it onto my de­vice? With a hid­den PDF file that was en­crypted to open on my de­vice, once I opened a blank email that had ap­peared to be sent from my­self.

Af­ter open­ing the email, the code was able to down­load it­self onto my de­vice and be used as a back door con­trol­ling sys­tem.

From there Ja­son ex­plained that you can­not watch some­one through a we­b­cam, but can in­stall a code that makes the cam­era take a snap­shot ev­ery few min­utes or so, depend­ing

Newspapers in English

Newspapers from New Zealand

© PressReader. All rights reserved.