Almost everyone you know is blissfully unaware of the digital footprints we all leave, and how that information can be used against us. The problem is that you understand, and if you spent much time thinking about it you’d probably lose your mind. So as a coping mechanism you choose not to think of how you could be attacked or how your finances could be wrecked, if targeted by the wrong person.
Just in case you didn’t have enough to worry about today, you can check out this great first-person account of a personal pen test on Pando Daily. A NYU professor challenged the folks at Spider Labs to take a week and find out what they could about him.
It wasn’t pretty. But then again, you knew that’s how the story would end.
What I learned is that virtually all of us are vulnerable to electronic eavesdropping and are easy hack targets. Most of us have adopted the credo “security by obscurity,” but all it takes is a person or persons with enough patience and know-how to pierce anyone’s privacy – and, if they choose, to wreak havoc on your finances and destroy your reputation.
The story details the team’s attempts to gain presence on his network and then devices. They finally went through the path of least resistance: his wife. The tactics weren’t overly sophisticated. But once armed with some basic information it was game over. The pen testers gained access to his bank accounts, brokerage information, phone records, and the like.
What do we accomplish by reminding ourselves of the risks of today’s online life? Nothing. You know the risks. You take the risks. The benefits outweigh the risks. And now I’ll crawl back into my fog to become once again blissfully unaware.
Reader interactions
2 Replies to “Don’t Mess with Pen Test(ers)”
It annoys me whenever I see article like this…“Don’t Mess With…Whoever” as if you’re giving them the limelight that they’re so powerful to cause trouble to anyone. But the truth is…most of them will only attack “the people who are not involve” to get access to their target.
Classic attitude of keyboard warrior. If they are indeed good, why not deal face to face with their target. Let’s meet somewhere online. I put something online – then hack it – deal with someone with skill not someone who only knows how to use Facebook.
Not to brag anything, but the last time I met a Pen Tester – I asked him to break-in to my server and website.
But he said that the best that he can do is to perform a DDoS which is obviously not a hacking.
This “Don’t Mess” thingy is so childish and show off attitude in my opinion.
Use your skills responsibly and deal with someone your own size and stop involving random people.
As you say, we try not to focus on or fixate on the potential risks. There are however ways to mitigate or reduce the risk.
Foremost for me is to consider any and all electronic transactions to be accessible and therefore never put anything I want to keep private out of electronic records. Just like how in the past you wouldn’t speak of things you wanted to keep private today you don’t post it (Facebook is training people to do all the wrong things).
And when you consider that medical offices, tax agencies, government agencies, companies all either experience breaches or just plain send *your* informaiton to the wrong people… let alone work at getting your informaiton. Or how snail mail post can end up in the wrong mailbox…
One may as well stay home due to a fear of being hit by a car while walking the dog.
tl;dr – if you want to keep something private… keep it to yourself.