Its not every day you get challenged to hack a business leader. But when Jake Moore, a cyber security specialist at ESET, was invited to a debate with the CEO of a firm in Dorset on internet security, thats exactly what happened.
I bet you cant hack me, the CEO said, laying down the gauntlet ahead of the debate.
Advertisement - Article continues below
Oh, really? Moore thought, raising an eyebrow.
He accepted, but suggested that the best way to get the debate going was to try and hack his business. This would give him three weeks to plan and execute an attack on a man hed specifically told was a target.
For some reason, I got really cocky at this point, Moore says. I said, I bet I could even get your shoe size.
And so began a cautionary tale involving a weak password, a gullible personal assistant and the size of an executives feet.
Moore created a fake LinkedIn profile, using a generated image of an attractive woman, which he suggests is the quickest way to make it look legitimate. The account had about 2,000 followers, mainly men, in about two weeks, which would seem to prove his point.
Next, Moore filled out the profiles employment history, adding lots of fantastic sounding companies and listing ITV as her current employer. He sprinkled in some personal info too, listing Bournemouth University where he actually studied as her alma mater. As he explains later, these bits of information are tailored to the victim.
Advertisement - Article continues below
Now, with the CEO expecting something suspicious to come through any of his inboxes, Moore decided to send a LinkedIn request to his personal assistant instead. It was accepted, straightaway. He followed up with a message: I work for ITV and our production team are planning a programme on how digital marketing companies are coping in the wake of GDPR. We're keen to feature vibrant companies such as yours to jazz up the subject and you guys look ideal. I see you're in Bournemouth too. I studied at Bournemouth University and would love an excuse to visit again
The message, Moore explains, not only has the bait of TV exposure but a personal influence; Hey, were both from Bournemouth. He isnt just making a LinkedIn connection, hes making a friend too. He rounds off the email with a note of urgency: If its something you're interested in, let me know ASAP.
Advertisement - Article continues below
The PA replied quickly, saying the company would love to, believing its an opportunity to raise its profile, while failing to do any background checks other than reading the LinkedIn profile. Moore replied back, asking if he could send through an application form for her boss to fill in. Yes, of course, she said.
So he's there thinking Jake's coming for me, I'm not touching a mouse, Moore says. However, the PA probably storms into his office, you're never gonna guess what: We're going to be on TV!
With Google Forms and some ITV Production Team graphics, Moore created a believable questionnaire. He put all the various details you would expect to see: Name, address, date of birth, and so on, knowing its going to be filled in because the unsuspecting CEO is thinking who cares, Im going to be famous.
So he added more, sexual orientation, disability, ethnic origin and then, shoe size. He tagged it as sponsored by Clarks, making it seem like a product placement spot. He also asked for a password to set up an ITV.com account, with an asterisk compelling the victim to put one in.
The IT Pro Podcast: The secret life of hackers
What its really like to be a professional penetration tester
No joke in about 15 minutes I get a notification that says someone has entered the details, Moore says. I kid you not, his password was Tottenhamhotspurs84. If you were going to start researching someone on the internet where would you start? Probably with someone's Facebook account.
Advertisement - Article continues below
Im not their Facebook friend so I can only see limited things but I found out he was a Tottenham supporter from seeing his profile photos, which are public, and a public post saying happy 30th birthday which told me that he was 30-years old in 2014 so born in 1984.
A few weeks later, Moore was up on stage with the CEO in front of an audience of his employees. As he started explaining the fake LinkedIn account he could see his mark turning red, clearly beginning to piece it together. Moore had the room in stitches as he revealed all the information he was secretly able to extract.
The thing that I still feel slightly bad about was after I released it all and everyone had a good old laugh, the room fell silent and then there was a voice at the back. It was the personal assistant, he says.
I told my mum I was gonna be on TV!
The IT Pro guide to audio collaboration
Make audio a priority for a successful remote working strategy
How malware and bots steal your data
Protect your organisation with a layered defence
Modern networking for the borderless enterprise
5 ways top organisations are optimising networking at the edge
IT managers best practice guide to hybrid cloud
Your blueprint to hybrid cloud success
Read this article:
What are you giving away on social media? | IT PRO - IT PRO
- Network Security: Don't Trust And Verify - IT Jungle - October 23rd, 2020
- Akamai Reveals State of Internet: Threats to Retailers - Solutions Review - October 23rd, 2020
- Verisign Reports Third Quarter 2020 Results | Business | The Daily News - Galveston County Daily News - October 23rd, 2020
- Global Internet Security Software Market Analysis, Drivers, Restraints, Opportunities, Threats, Trends, Applications, And Growth Forecast To (2026). -... - October 23rd, 2020
- Nokia Threat Intelligence Report warns of rising cyberattacks on internet-connected devices - GlobeNewswire - October 23rd, 2020
- Cybersecurity and a potential Biden White House: Past tech priorities resurrected - SC Magazine - October 23rd, 2020
- Virgin Media has an important new feature, but switching it on will cost you - Express - October 23rd, 2020
- WISeKey and OpSec Security Partnership Establishes Trust Between Brands and their Customers through Improved Customer Engagement - GlobeNewswire - October 23rd, 2020
- Internet Of Things Iot Security Market Economic Perspective And Forecast To 2027 - PRnews Leader - October 23rd, 2020
- Why cybercriminals have 'Gone Vishing' during the COVID-19 Pandemic - Bdaily - October 23rd, 2020
- Insights on the Digital Security Control Global Market to 2027 - Strategic Recommendations for New Entrants - GlobeNewswire - October 17th, 2020
- More than 25% of Cypriots concerned about internet security - Cyprus Mail - October 17th, 2020
- 5 things you can do to secure your home office without hiring an expert - We Live Security - October 17th, 2020
- Beyond Speed and Reliability: Security Is a New Differentiator - Security Boulevard - October 17th, 2020
- Nationwide and Generali Global Assistance Partner to Enhance Identity Theft Protection - Insurance News Net - October 17th, 2020
- Global Internet of Things (IoT) Security Product Market 2020 Impact of COVID-19, Future Growth Analysis and Challenges | Cisco Systems, Inc, IBM... - October 17th, 2020
- Is BlackBerry (TSX:BB) Stock a Buy on the Latest News? - The Motley Fool Canada - October 17th, 2020
- Global Internet of Things or IoT Security Market to Reach $22 Billion+ Valuation by 2027, Largely Due to Blockchain Adoption - Crowdfund Insider - October 17th, 2020
- Internet Security Market with COVID-19 Recovery Analysis 2020 | Rapid Adoption of BYOD Policy to Boost Market Growth | Technavio - Business Wire - October 8th, 2020
- Tenable and the CIS Enter Partnership to Bolster Cyber Hygiene - AiThority - October 8th, 2020
- How to Build Smart Banks that Connect Customers with Modern DX - AiThority - October 8th, 2020
- #NCSAM: Is Connected Ever Going to be Protected? - Infosecurity Magazine - October 8th, 2020
- Cyber Security Awareness Month is here! - We Live Security - October 2nd, 2020
- Internet security Market Potential Growth, Size, Share, Demand and Analysis of Key Players Research Forecasts to 2027 - The Daily Chronicle - October 2nd, 2020
- Latest Report on Global Internet of Things (IoT) Security Market Analysis, Growth, Opportunity and Regional Insights 2026 - The Daily Chronicle - October 2nd, 2020
- Remarks by Henrietta Fore, UNICEF Executive Director, at Security Council meeting on universal connectivity & access to digital technology in... - October 2nd, 2020
- Lessons learned from firsthand experience on how to avoid internet fraud and other forms of cyberattacks (opinion) - Inside Higher Ed - October 2nd, 2020
- COVID-19 Update: Global Internet Security Audit Market is Expected to Grow at a Healthy CAGR with Top players: Symantec, Intel Security, IBM, Cisco,... - October 2nd, 2020
- Internet Security Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top Players: HPE,... - September 30th, 2020
- The Top Internet of Things (IoT) Authentication Methods and Options - Security Boulevard - September 30th, 2020
- How Trusted Internet Connections Is Focusing Telework with TIC 3.0 - FedTech Magazine - September 30th, 2020
- Is your business looking for an extra layer of security - here's why a VPN may be the answer - TechRadar - September 30th, 2020
- A business connected to the cloud needs cloud-ready security, connectivity - Techgoondu - September 30th, 2020
- The 6 key races you haven't heard of that may help decide how we secure our elections - POLITICO - September 30th, 2020
- Get In Depth Analysis Of How Covid-19 Is Impacting The Internet Security Software Market - Unica News - September 30th, 2020
- Study finds over 4-in-10 WFH employees in SEA find it hard to switch-off after work - Backend News - September 30th, 2020
- 5 Ways to Secure Your Home Network - The Good Men Project - September 29th, 2020
- How To Make Peace With Your Internet Passwords - Forbes - September 29th, 2020
- Five Types of Cyber Security for Organizational Safety - Analytics Insight - September 29th, 2020
- Internet of Things (IoT) Security Market Competitive Research and Precise Outlook 2020 to 2027 - The Daily Chronicle - September 29th, 2020
- IT Security Spending Market Analysis highlights the Impact of covid-19 (2020-2026) | Check Point Software Technologies, Cisco Systems, EMC, Fortinet,... - September 29th, 2020
- Schrdingers Web offers a sneak peek at the quantum internet - Science News - September 29th, 2020
- Counter-Terrorism: Raiders Of The Lost Cache - Strategy Page - September 29th, 2020
- Trending 2020: Internet of Things (IoT) Security Market Analysis, Size, Trends and Forecast to 2025| Cisco Systems, Intel Corporation, IBM Corporation... - September 29th, 2020
- IoT coffee machine hacked to demand ransom - IT PRO - September 29th, 2020
- Show me who bans TikTok and I'll show you your (future) allies | TheHill - The Hill - September 27th, 2020
- Lokibot keylogger infections are growing across the internet - Komando - September 27th, 2020
- Evasive Malware Threats on the Rise Despite Decline in Overall Attacks - Infosecurity Magazine - September 27th, 2020
- Internet of Things Security Market size, development, key opportunity, application and forecast to 2026 | Check Point Security Software Technologies,... - September 27th, 2020
- Fears mount over Russian and Chinese hackers targeting the 2020 U.S. presidential election - CNBC - September 27th, 2020
- Internet of Things (IoT) Security market to Witness Increase in Revenues by 2016-2028 - Crypto Daily - September 27th, 2020
- How to leave no trace on the internet when using a VPN? - Techiexpert.com - TechiExpert.com - September 27th, 2020
- 2020 Demand In Internet of Things (IoT) Security Market By Key Types, Regions, Countries, Top Companies Competition, Consumers, Import-Export Forecast... - September 27th, 2020
- How the Pandemic Pushed a Generation of Americans to Discover the Perks (and Risks) of Online Banking - NextAdvisor - September 27th, 2020
- IT Security-as-a-Service Market 2020 By Manufacturers, Regions, Type And Application, Forecast To 2025| Blue Coat, Cisco, IBM, Intel Security,... - September 27th, 2020
- APT groups actively target Linux-based workstations and servers - Backend News - September 27th, 2020
- Critical steps for securing cyberspace - Microsoft on the Issues - Microsoft - September 27th, 2020
- Proven ways to stay ahead of configuration drift - ITProPortal - September 27th, 2020
- Global Embedded Security For Internet Of Things Market 2020 Trends Analysis and (COVID-19) Effect Analysis | Key Players Market With COVID-19 Impact... - September 27th, 2020
- Internet of Things (IoT) Security Technology Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19... - September 27th, 2020
- REMOTE WORKING: PROGRESS AND PERILS - Forbes Africa - September 27th, 2020
- Avoid scam 'DMV' websites | Sedona.Biz - The Internet Voice of Sedona and The Verde Valley - Sedona.biz - September 27th, 2020
- Get In Depth Analysis Of How Covid-19 Is Impacting The Internet Security Software Market - The Daily Chronicle - September 12th, 2020
- Better late than never: Zoom boosts security with 2FA - Verdict - September 12th, 2020
- Show and Tell: The Gryphon Tower Mesh Wi-Fi Security Router - Grit Daily - September 12th, 2020
- Internet of Things (IoT) Security Market 2020 Trends, Market Share, Industry Size, Opportunities, Drivers, Outlook, Analysis And Forecast To 2028 -... - September 12th, 2020
- Ensuring cyber awareness in the healthcare sector - Help Net Security - September 12th, 2020
- Internet of Things (IoT) Security Market Size, Regional Outlook, Competitive Strategies and Forecast by 2026 - The Daily Chronicle - September 12th, 2020
- Internet of Things Security Market, Share, Growth, Trends And Forecast To 2027: Dataintelo - Scientect - September 12th, 2020
- Kaspersky: 37% of internet users in SEA think they won't be targeted by cybercriminals - SoyaCincau.com - September 12th, 2020
- TikTok and WeChat may raise security concerns, but Trump's knee-jerk reaction isn't the way to deal with them - NewsChannel 3-12 - KEYT - September 12th, 2020
- Helping companies prioritize their cybersecurity investments - MIT News - September 6th, 2020
- Rapid7 NICER - starting a conversation on internet security | Company Report - FinTech Magazine - The FinTech & InsurTech Platform - September 6th, 2020
- Kansans are getting letters saying they applied for unemployment. The problem? Some never did. - Pittsburg Morning Sun - September 6th, 2020
- Embedded Security For Internet Of Things Market 2025 Opportunities, Applications, Drivers, Limitations, Companies, Countries, & Forecast - Express... - September 6th, 2020
- Why should you use a VPN on your iPhone and Mac? - Cult of Mac - September 6th, 2020
- 'No longer safe in their classroom:' NHCS remote-learning session hacked, sexualized profanity used - Port City Daily - September 6th, 2020
- How Romania is Solving Technology and Poverty Disparities - Borgen Project - September 6th, 2020
- How government is delivering better election security - GCN.com - September 6th, 2020
- Internet of Things (IoT) Security Market Report: Regional Data Analysis By Production, Revenue, Price And Gross Margin - Kewaskum Statesman News... - September 6th, 2020