Ο Adam Penenberg of PandoDaily decided to find out how easy it would be for someone to hack him and invited professional penetration testers - who usually target banks, hospitals, and companies - to discover security vulnerabilities. It turned out that the hacking, while ultimately successful, was quite difficult. But not impossible
The professionals were from her team SpiderLabs Trustwave and tried to penetrate the Penenberg system. Below, the journalist describes what he has learned:
Do not pick up strange USB drives or connect them to your computer. One of the hackers' friends strolled by the studio where Penenberg's wife was doing yoga and left a purple USB stick containing a Trojan horse in the hope that she would pick it up and plug it into her computer. The attempt failed, but the hackers friend came back asking to plug in another USB to print a resume. This time the Trojan managed to get into the system. However, the Apple computer was so old that the malicious program he couldn't run.
Do not name your Wi-Fi in a way that reveals it's yours. If your Wi-Fi name is your home address and apartment number, or your first name change it immediately. My favorites are "FBI surveillance van" or "Anything else you want" other than a name stating your details. If you state them, it is as if everyone is provoking "here I am, hit me." The SpiderLabs team was wandering around the Penenberg apartment building trying to locate his apartment. He did not catch.
Do not download strange attachments from strangers (or from people you know if their email seems suspicious.) The SpiderLabs Penenberg team hit twice with e-mail that appeared to be from students journalisms. The e-mails looked perfectly legitimate and included their resumes as attachments. Penenberg recognized the fraud, and did not take it down. But his wife didn't understand. She first downloaded the .Jar file and later a .Zip file and thus transferred the malware to her computer.
Do not keep tax records, passwords, or other sensitive files that you do not want hackers to get from your computer. These are files that must be kept on a password-protected computer that is not connected to the Internet. Once the hackers gained access to Penenberg's wife's computer they were able to get the password for their home router, bank account passwords and passwords for several of the online services used by Penenberg, including Amazon. In other words, they hit the jackpot.
Delete your cookies every time you close your browser, especially if you've asked hackers to breach your system. Penenbergs used two-factor authentication to connect to the Bank. So every time he connected the bank asked for an identity confirmation (if the connection was made from a computer that had never been connected) through a code that was sent to his mobile phone. The SpiderLabs team was able to bypass the process by stealing the bank's cookies from the hacked computer. When they transferred them to the attack computer, the bank recognized him as a "trusted" computer and did not ask for confirmation over the phone. So the hackers took control of all his assets. "They could, if they wanted to destroy us financially."
This is difficult, but... try not to useste a system for your passwords, it's something that makes it easy for someone to figure out everyone else. Penenberg had such a system, and once hackers saw some of his passwords, they were able to guess the passwords of Apple, Facebook, and Twitter. Hackers locked his iPhone and Apple laptop. The SpiderLabs team also ordered 100 plastic spiders from Amazon and shipped them to Penenberg's home.
Y.K. of Forbes "The main lesson from this article seems to be: do not marry or date a journalist. His wife was the biggest victim. I did not know that hackers were targeting my family until they had already succeeded. Promise me you will never do that again, "he told Penenberg when he discovered it.
