Ο Adam Penenberg of PandoDaily decided to find out how easy it would be to hack him and invited professional penetration testers – who usually target banks, hospitals, and corporations – to find out security gaps. It turned out that the hacking, while ultimately successful, was quite difficult. But not impossible
The professionals were from her team SpiderLabs Trustwave and tried to penetrate the Penenberg system. Below, the journalist describes what he has learned:
Do not pick up strange USB drives or connect them to your computer. One of the hackers' friends went for a walk from Penenberg's wife's yoga studio and left a purple USB stick containing a Trojan horse in the hope that he would pick it up and plug it into her computer. The attempt failed, but the hacker's friend came back asking to connect another USB to print a resume. This time the Trojan managed to get into the system. However, Apple Computer was so old that the malware could not run.
Do not name your Wi-Fi in a way that reveals it's yours. If your Wi-Fi name is your home address and apartment number, or your full name, change it immediately. My favorites are “Van monitoringFBI” or “Anything else you want” other than a name that states your information. If you declare them it is like challenging everyone "here I am, hit me." The SpiderLabs team was hanging around Penenberg's apartment building trying to locate his apartment. It didn't catch.
Do not download strange attachments from strangers (or from people you know if their email seems suspicious.) The SpiderLabs Penenberg team hit twice with e-mail that seemed to come from journalism students. The e-mails looked perfectly legitimate and included their resumes as attachments. Penenberg acknowledged the fraud, and did not take it down. But his wife did not understand. It first downloaded the .Jar file and later a .Zip file and so it passed the malware to its computer.
Do not keep tax records, lists of codeaccess file, or other sensitive files that you don't want hackers to get from your computer. These are files that must be kept on a computer with a password that is not connected to the Internet. As soon as the hackers gained access to Pennberg's spouse's computer they were able to get their home router password, bank account passwords and passwords for several of the online services that Penenberg used, including Amazon . In other words, they had a jackpot.
Delete your cookies every time you close your browser, especially if you've asked hackers to breach your system. Penenbergs used two-factor authentication factors για την σύδεση του στην Τράπεζα. Έτσι κάθε φορά που συνδεόταν η τράπεζα ζητούσε επιβεβαίωση ταυτότητας (αν η σύνδεση γινόταν από έναν υπολογιστή που δεν είχε συνδεθεί ποτέ) μέσω ενός κωδικού που αποστέλλονταν στο mobile his phone. The SpiderLabs team was able to bypass the process by stealing the bank's cookies from the hacked computer. When transferred to the attack computer the bank recognized it as a "trusted" computer and did not ask for confirmation over the phone. So the hackers took control of all his assets. "They could, if they wanted to, wipe us out financially."
This is difficult, but…. try not to use a system for your passwords, it's something that makes it easy for someone to find out about everyone else. Penenberg had such a system, and as soon as hackers saw some of his passwords, he was able to guess the codes of Apple, Facebook and Twitter. Hackers locked his iPhone and Apple laptop. The SpiderLabs team also ordered 100 plastic spiders from Amazon and sent them to Penenberg's home.
Y.K. of Forbes "The main lesson from this article seems to be: do not marry or date a journalist. His wife was the biggest victim. I did not know that hackers were targeting my family until they had already succeeded. Promise me you will never do that again, "he told Penenberg when he discovered it.
