Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

I challenged hackers to investigate me and what they found out is chilling

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 28 Oct 2013 05:07:44 +0000 (UTC)
http://pandodaily.com/2013/10/26/i-challenged-hackers-to-investigate-me-and-what-they-found-out-is-chilling/

By Adam L. Penenberg
PandoDaily.com
October 26, 2013
It's my first class of the semester at New York University. I'm discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message. To receive the four-digit code I need to unlock it I’ll have to dial a number with a 312 area code. Then my iPhone, set on vibrate and sitting idly on the table, beeps madly. 

I'm being hacked -- and only have myself to blame.
Two months earlier I challenged Nicholas Percoco, senior vice president of SpiderLabs, the advanced research and ethical hacking team at Trustwave, to perform a personal "pen-test," industry-speak for "penetration test." The idea grew out of a cover story I wrote for Forbes some 14 years earlier, when I retained a private detective to investigate me, starting with just my byline. In a week he pulled up an astonishing amount of information, everything from my social security number and mother’s maiden name to long distance phone records, including who I called and for how long, my rent, bank accounts, stock holdings, and utility bills.
The detective, Dan Cohn, owned and operated Docusearch, a website that trafficked in personal information, and at the time, he was charging $35 to dig up someone’s driving record, $45 for his bank account balances, $49 for a social security number, $84 to trace a mobile number, and $209 to compile his stocks, bonds, and securities. The site offered a simple clickable interface and Amazon-like shopping cart. It’s still around today, boasting similar services. "Licensed Investigators for Accurate Results" reads the tag line, calling itself "America's premier provider of on-line investigative solutions."
For Cohn, digging through what I had assumed was personal information, was less challenging than filling in a crossword puzzle. He was able to collect this amalgam of data on me without leaving the air-conditioned cool of his office in Boca Raton, Florida. In addition to maintaining access to myriad databases stuffed with Americans’ personal information, he was a master of "pre-texting." That is, he tricked people into handing over personal information, usually over the telephone. Simple and devilishly effective. When the story hit newsstands with a photo of Cohn on the cover and the eerie caption: "I know what you did last night," it caused quite a stir. It was even read into the Congressional Record during hearings on privacy. 

[...]


--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: