قالب وردپرس درنا توس
Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ We asked a hacker to try to steal CNN's technical reporter data. Here's what happened

We asked a hacker to try to steal CNN's technical reporter data. Here's what happened



I'm the guy who posts photos on Instagram (filtered, of course) of my vacation. I'm also the type of person who tweets about buying too expensive furniture because I came across an elegant online ad about how it would change my life.

The thing is, I thought my social media posts just conveyed my desperate need for attention and likes. However, it turns out that they are also a gold mine for hackers.

Using two of my publications – Instagram accommodation on a hotel on the West Coast of the United States and a Twitter tweet – a hacker quickly managed to get my home address and mobile phone number.

How? Both the hotel and the furniture company passed my personal details to the hacker by phone.

Getting into our social media and email accounts online can be a challenge. We often ask for a password, a second code that is sent textually to our phone, or sometimes we answer personal questions of concern such as the name of our first girlfriend (which was definitely not imaginary at all, thank you very much).
  Exclusive: FBI launches Facebook ads targeting Russians in Washington
But there are still major and important vulnerabilities lurking in our daily lives . Data breaches and hacks get our attention, but a hacker with a good phone personality and a few basic tools can lure customer support agents from large corporations to deliver staggering amounts of private information and more.

I left one of them my hackers have been doing this recently. And here I am to tell you that it is disturbingly easy for them – even to someone like me who covers technology. This is a lesson for all of us: Be careful to think about what you share on social media and how this information can be used against you, and next time, contact your airline, hotel or bank and let them access your account, think about the questions they ask you. If they only ask for your birthday and email address to confirm that you are who you say you are, ask if they can add extra security to your account – maybe they could put a note in your account to require a special password or sends you a verification code. Unfortunately, many companies do not have this option, but it's worth asking.

Here's what happened to me: In Las Vegas this August at DEF CON, one of the largest hacking conferences in the world I met Rachel Tobacco.
Tobac is a celebrity among the DEF CON group. For three years in a row, she was among the winners of a competition where hackers attacked a live company in front of hundreds of Vegas audiences – making the hack entirely by phone.
  Rachel Tobacco is a white hat hacker specializing in social engineering

Tobacco and The competition calls for large corporations that often claim to work in the company's IT department. Tobacco is not a coder but has been improvising since he was 10 years old. By tapping into these skills – and using some other form of fraud, as an application that can change her voice to make her sound like a man – she convinces the person on the other end of the line to pass on personal information.

This type of hacking is called social engineering.

But Tobak is one of the good hackers – the kind commonly known as the "white hat". (The bad ones are called "black hats".)

She works with companies to perform so-called penetration tests to find them and show them where and how they can be vulnerable to social engineering hacking.

I asked Tobak to hack me.

Without my password and without hacking into my email account, she managed to get my home address, my phone number and steal my hard earned hotel points. In perhaps the most violent act of all, she even managed to change my seat in my five-hour flight outside Vegas, moving me from a spacious exit passage to a middle seat behind the toilets.

  How the government uses Siri and Alexa to stop the spread of census misinformation

[19659009] She did all this by using some information she found about me online, such as which airlines I fly to and what hotels I stay with – because I scream for them.

Then, using this information, she called some of my favorite companies, using software to make it look like she was calling from my phone and changing her voice so she could sound like a man if necessary . It sounds complicated, but it's disturbingly easy to do.

In order to obtain my home address, she called a furniture company that I had tweeted about. Tobak claims that he is my wife and that he wants to check that the company has my correct home address before placing another order. She deliberately gave the wrong address and the person on the other side of the line corrects it with my full home address.

It's simple.

She was also quite able to convince a hotel I had checked into on Instagram to provide my phone number.

Tobacco is not trying to disrupt these companies: she wants them to start using the type of phone authentication processes they use online. She says some of the biggest airlines and hotel chains leave a massive vulnerability open – and fail their customers – without doing so.

Instead of presenting a customer service representative who wants my date of birth to confirm my identity (information that Tobak or another hacker may easily have), Tobak offers companies to send a phone number code or the email address they have on file for that customer and have them read the code over the phone.

However, this is easier said than done. Often airlines receive calls from customers who are in an emergency when traveling. Asking someone to take a few extra seconds to pull out an email with a code in it may discourage customers from flying with the airline in the future.

This is the highest consumer protection dilemma – we all want to be sure, but we also want everything to be easy.

Toback hopes that she can begin to convince corporations and consumers that she is making things a little harder, well worth it.

In the meantime, I stopped touching everything I buy. I do check into the hotels though. You have to take these likes.


Source link