Court­ney Dev­ereux finds out how easy it is to in­fil­trate some­one's on­line world

Idealog - - CONTENT -

‘If you’re read­ing this it’s too late,’ read my Net­flix ac­count pan­els.

Had this hap­pened to any­one else, I can imag­ine it would in­voke a fair amount of panic. But for­tu­nately I knew what was hap­pen­ing. I had been hacked.

But this hack wasn’t ran­dom. I had brought it on my­self by em­ploy­ing a hacker named ‘c0m­pl3x’ (his real name is Ja­son), who is part of a small base­ment­d­welling ‘hacker as­so­ci­a­tion’ called the ‘Hacky Sacks’. And yes, they are aware they sound like a boy-band.

The Hacky Sacks are a non-profit group that ap­proaches busi­nesses to show how easy it is to break through their sys­tems. They then use that in­for­ma­tion to let the busi­nesses know where their weak points are and how they can plug the holes. If a busi­ness re­fuses to hire the team, they will do it re­gard­less.

Known as “white hat hack­ers”, these in­di­vid­u­als are clever but per­haps not com­pletely morally sound. A David M. Hafele study ti­tled, Three Dif­fer­ent Shades of Eth­i­cal Hack­ing: Black, White, and Gray from 2004 de­fined the dif­fer­ent ap­proaches and said the mar­riage of the term eth­i­cal with hack­ing is some­thing of an oxy­moron, anal­o­gous to call­ing some­one an “hon­est crim­i­nal”. So I wanted to see how far this ‘hon­est crim­i­nal’ – or, as they are some­times known, ‘pen­e­tra­tion spe­cial­ists’ – could get into my on­line life.

[ i ] A pan­icked call from my mother re­minded me that I com­pletely for­got to tell her

about this en­tire thing … [+] She was unim­pressed with the ex­per­i­ment.

The Ex­per­i­ment

There is no in­di­vid­ual, group or or­gan­i­sa­tion that is im­mune from pos­si­ble at­tacks, and each may of­fer some­thing of in­trin­sic value to a de­ter­mined hacker. But in­di­vid­u­als can some­times be the eas­i­est tar­get be­cause they have lit­tle to no se­cu­rity, and are eas­ily tricked or black­mailed.

There has been a lot of cy­ber crime in the news re­cently, from in­ter­na­tional ran­somware Wan­nacry threat­en­ing to steal busi­ness data in New Zealand by fo­cus­ing on a vul­ner­a­bil­ity in old Win­dows soft­ware, to Trump’s team ac­cus­ing Obama of spy­ing on him with a mi­crowave, to Ro­ma­nian cy­ber crim­i­nals hack­ing into con­nected toys and leak­ing mil­lions of voice record­ings of chil­dren and adults.

My hack wasn’t of this scale, nor would it do any per­ma­nent dam­age to my­self, out­side par­ties or those in­cluded in the ex­per­i­ment (that is, if c0m­pl3x kept his side of the bar­gain). And the ad­van­tage I had over a nor­mal hack was I knew it was hap­pen­ing. The con­tract stated that no pri­vate in­for­ma­tion was to be shared, all per­sonal in­for­ma­tion was to be re­turned, and the hacker had ex­actly one cal­en­dar week to get as much in­for­ma­tion as pos­si­ble.

Be­fore the hack be­gan, I had 12 hours to set up as many de­fences as I could. I set up Nor­ton An­tivirus on my Mac to pro­tect my­self against any mal­ware, or ‘ma­li­cious soft­ware’ that could gain ac­cess to my com­puter with­out my knowl­edge.

I changed all my pass­words, up­dated my lap­top and made my se­cu­rity ques­tions dif­fi­cult and cre­ative.

I was ad­vised against us­ing open WiFi, as it makes it too easy for hack­ers to steal your con­nec­tion and down­load il­le­gal files, and un­linked my ac­counts from one another.

At first, this all seemed te­dious. How could one per­son break through all the de­fences and cau­tion­ary mea­sures I had taken?

Newspapers in English

Newspapers from New Zealand

© PressReader. All rights reserved.