SP's: Continuing our “steps to effective security” series, we are here with a true story that tells about the basic security precautions we forget to take and risk our digital lives. Read this article and stay informed.
In the previous articles, I described the ways to protect yourself from hackers and how to detect if you’re hacked. Continuing my steps to effective security series, I’m here to tell you a true story.
Very often, people using less technology in their lives, assume that they are not as prone to cyber threats as compared to the people using smart devices at home, storing every gram of their data in the cloud, and managing a circus of social networking accounts. People think that if they’are not active online, there’s no chance of being targeted by a hacker and facing some hacking attack.
To break this notion, recently The New York Times conducted an experiment that involved Mrs. Walsh, a grandmother of six, who volunteered to allow two hackers to try and hack her home. And wait for it- she doesn’t consider herself to be a very digital person. So, she’s kind of invincible, right?
Mrs. Patty Walsh tells that her home isn’t equipped with the so-called army of the modern day “smart-devices.” However, she has a Facebook page, but she doesn’t like posting personal things about herself. She mentions, “I don’t post things about myself and don’t really understand why other people do.”
But, that single Facebook account was enough for the hackers to uncover her entire digital life. Even though it was comparatively locked and here privacy settings were intact, the hackers found her Facebook account days before visiting her house.
The hackers noticed that Mrs. Walsh had liked a page maintained by Change.org and thus they got their first passage into her life. In just 10 minutes, they created a fake email from Change.org and fooled her into signing a fake petition via e-mail.
The link in the e-mail led Mrs. Walsh to a malicious page, where she was asked to enter her mail, address, and password. Well, to save her from some actual harm, the hackers used a service called Phish5 that doesn’t store the passwords and just tests the phishing cons in the wild.
Most of the times we commit the blunder of using te same password again and again at multiple places to avoid confusion. But, this could prove fatal just in case any one of those accounts is compromised. Same was the case with Mrs. Walsh and she later confessed the fact that she was using the same password across all her accounts.
Later, when the hackers visited her home, she greeted them warmly. On a heart-shaped chalkboard, “Welcome Hackers” was written on the front door. Inside the house, Reed Loden, the 27-year-old director of security of HackerOne, a San Francisco security start-up, and Michiel Prins, the 25-year-old co-founder of HackerOne, were welcomed with sandwiches, iced tea and deviled eggs.
Mrs. Walsh was surprised to see that the hackers didn’t fit the images she had in her mind and they even ended their sentences with “thank you, ma’am.” She said, “They’re very polite.”
They had earlier compromised her online life by just a fishing mail attack and now it was the turn of her home. The hackers soon found a way to open her garage door using a brute force attack.
They also found ways to intercept her TV using its I.P. address and were able to control the television remotely. Doing something that Mrs. Walsh didn’t approve, hackers bought a three-hour package of a set of adult cable channels. Mrs. Walsh said, “What’s so wrong about getting into my TV. I can see how that would be a little shocking to guests.”
Now it was the turn of her PC and by compromising her router, hackers were able to control the internet. They also accessed Mrs. Walsh’s and her daughter’s mail accounts as the browser was set to auto-fill the passwords. Hackers used their access to send her daughter a mail: “Reminder: Change my password.”
They also gained access to her PayPal accounts, here Social Security number, her insurance information, here air miles account and they even accessed her power of attorney forms.
After scanning her PC, the hackers found about 20 malicious spyware programs, including a Bitcoin miner. The other programs were DefaultTab, FunWebProducts, SearchProtect, SlimCleaner and Supreme Savings, that being were used to spy on her browsing and serve annoying ads.
Later, the hackers sat down for a debriefing with Mrs. Walsh, where they outlined the critical points and asked her to change all the passwords and use a password manager. She was also advised to use the two-step authentication and told how to beware of the phishing attacks.
She was also advised to switch on the automatic updates on her phone and PC to keep them updated with latest security fixes. Later, she invited both of them to the upcoming Thanksgiving dinner.
Mrs. Walsh committed some mistakes that are very common, but it’s very easy to avoid them. Well, this isn’t a story that seems very strange or surprising. This can happen to everybody, including you