A Week in the Life of a Hacker: Day 2

Back to Hints & Tips

A week in the life of a Hacker: Day 2

By Steve Cox, Chief Operating Officer at TSG

My first day as a double agent hacker was about spotting the opportunity when carelessness becomes apparent. A lot of hackers are successful this way. However, some hacks are entirely planned - here's an example:

Day 2 - The Case of Mistaken Identity

I have to admit I stole this idea from James Lyne, Sophos' Chief Technology Strategist. Then again, I'm a hacker this week, so it's my duty to steal things.

At 9am I popped into Starbucks. I pulled out my pre-prepared piece of paper and proceeded to spill coffee all over it.

9:30am - entered the office building next door. Putting on my best Essex charm I exclaimed to the receptionist, "Please, please can you help me? I have an interview in 5 minutes and I've just spilt coffee all over my CV. If I give you this memory stick is there any chance you can print off another copy for me?"

The Essex charm worked a dream - 'Of course, no problem at all'. USB stick went in. Malware everywhere.

Seriously - even I was surprised at how quickly the whole system became infected.

Lessons learnt

I played the charm card, but the receptionist, doing their good deed for the day, still let a completely unknown device access the company's IT system.

To this day they might not have known that they were the person who caused a major breach of the entire network.

A similar scenario happened (on a larger scale) to Santander Bank when a hacker, pretending to be an engineer to fix an apparent problem, was allowed to set up a device within the building. This would have given his co-conspirators access to the bank's entire IT infrastructure from a remote location.

It didn't quite get that far, but you can take a look at the full story here.

If this type of situation were to happen to a Cloud provider, though highly unlikely, hackers would not only gain access to one company's data, but potentially many businesses - and to their hosted applications.

The Cloud is still relatively new to a lot of people, and a lot of mistakes are yet to be made - mainly because we haven't encountered all the scenarios that need covering, or the human errors that may cause them.

However, a fundamental of being a Cloud provider is making sure they have these types of scenarios covered by processes that would prevent them breaching security point number one - allowing an unknown device access. After all, their entire business is based on providing the most secure basis possible.

Day 3 involves me becoming a master of disguise to gain access to a company's entire network using just a wifi key.

Office 365

Office 365

Kick-start your new business with the management, storage and collaboration tools that will help you outshine the competition - even if they're much bigger than you! Making your start-up company a success in 2014.

Learn more
Office 365

Office 365

Kick-start your new business with the management, storage and collaboration tools that will help you outshine the competition - even if they're much bigger than you! Making your start-up company a success in 2014.

Learn more
Recent