'[ISN] I challenged hackers to investigate me and what they found out is chilling'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] I challenged hackers to investigate me and what they found out is chilling
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2013-10-28 5:07:44
Message-ID: alpine.DEB.2.02.1310280507330.2407 () infosecnews ! org
[Download RAW message or body]

http://pandodaily.com/2013/10/26/i-challenged-hackers-to-investigate-me-and-what-they-found-out-is-chilling/


By Adam L. Penenberg
PandoDaily.com
October 26, 2013

It's my first class of the semester at New York University. I'm discussing 
the evils of plagiarism and falsifying sources with 11 graduate journalism 
students when, without warning, my computer freezes. I fruitlessly tap on 
the keyboard as my laptop takes on a life of its own and reboots. Seconds 
later the screen flashes a message. To receive the four-digit code I need 
to unlock it I'll have to dial a number with a 312 area code. Then my 
iPhone, set on vibrate and sitting idly on the table, beeps madly.

I'm being hacked -- and only have myself to blame.

Two months earlier I challenged Nicholas Percoco, senior vice president of 
SpiderLabs, the advanced research and ethical hacking team at Trustwave, 
to perform a personal "pen-test," industry-speak for "penetration test." 
The idea grew out of a cover story I wrote for Forbes some 14 years 
earlier, when I retained a private detective to investigate me, starting 
with just my byline. In a week he pulled up an astonishing amount of 
information, everything from my social security number and mother's maiden 
name to long distance phone records, including who I called and for how 
long, my rent, bank accounts, stock holdings, and utility bills.

The detective, Dan Cohn, owned and operated Docusearch, a website that 
trafficked in personal information, and at the time, he was charging $35 
to dig up someone's driving record, $45 for his bank account balances, $49 
for a social security number, $84 to trace a mobile number, and $209 to 
compile his stocks, bonds, and securities. The site offered a simple 
clickable interface and Amazon-like shopping cart. It's still around 
today, boasting similar services. "Licensed Investigators for Accurate 
Results" reads the tag line, calling itself "America's premier provider of 
on-line investigative solutions."

For Cohn, digging through what I had assumed was personal information, was 
less challenging than filling in a crossword puzzle. He was able to 
collect this amalgam of data on me without leaving the air-conditioned 
cool of his office in Boca Raton, Florida. In addition to maintaining 
access to myriad databases stuffed with Americans' personal information, 
he was a master of "pre-texting." That is, he tricked people into handing 
over personal information, usually over the telephone. Simple and 
devilishly effective. When the story hit newsstands with a photo of Cohn 
on the cover and the eerie caption: "I know what you did last night," it 
caused quite a stir. It was even read into the Congressional Record during 
hearings on privacy.

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic