[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] I challenged hackers to investigate me and what they found out is chilling
From: InfoSec News <alerts () infosecnews ! org>
Date: 2013-10-28 5:07:44
Message-ID: alpine.DEB.2.02.1310280507330.2407 () infosecnews ! org
[Download RAW message or body]
http://pandodaily.com/2013/10/26/i-challenged-hackers-to-investigate-me-and-what-they-found-out-is-chilling/
By Adam L. Penenberg
PandoDaily.com
October 26, 2013
It's my first class of the semester at New York University. I'm discussing
the evils of plagiarism and falsifying sources with 11 graduate journalism
students when, without warning, my computer freezes. I fruitlessly tap on
the keyboard as my laptop takes on a life of its own and reboots. Seconds
later the screen flashes a message. To receive the four-digit code I need
to unlock it I'll have to dial a number with a 312 area code. Then my
iPhone, set on vibrate and sitting idly on the table, beeps madly.
I'm being hacked -- and only have myself to blame.
Two months earlier I challenged Nicholas Percoco, senior vice president of
SpiderLabs, the advanced research and ethical hacking team at Trustwave,
to perform a personal "pen-test," industry-speak for "penetration test."
The idea grew out of a cover story I wrote for Forbes some 14 years
earlier, when I retained a private detective to investigate me, starting
with just my byline. In a week he pulled up an astonishing amount of
information, everything from my social security number and mother's maiden
name to long distance phone records, including who I called and for how
long, my rent, bank accounts, stock holdings, and utility bills.
The detective, Dan Cohn, owned and operated Docusearch, a website that
trafficked in personal information, and at the time, he was charging $35
to dig up someone's driving record, $45 for his bank account balances, $49
for a social security number, $84 to trace a mobile number, and $209 to
compile his stocks, bonds, and securities. The site offered a simple
clickable interface and Amazon-like shopping cart. It's still around
today, boasting similar services. "Licensed Investigators for Accurate
Results" reads the tag line, calling itself "America's premier provider of
on-line investigative solutions."
For Cohn, digging through what I had assumed was personal information, was
less challenging than filling in a crossword puzzle. He was able to
collect this amalgam of data on me without leaving the air-conditioned
cool of his office in Boca Raton, Florida. In addition to maintaining
access to myriad databases stuffed with Americans' personal information,
he was a master of "pre-texting." That is, he tricked people into handing
over personal information, usually over the telephone. Simple and
devilishly effective. When the story hit newsstands with a photo of Cohn
on the cover and the eerie caption: "I know what you did last night," it
caused quite a stir. It was even read into the Congressional Record during
hearings on privacy.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic