Security Between the Lines

Security Between the Lines

Did you upload a photo? Make that post? Check-in? Tag a friend? Hashtag something? Swipe? Connect, friend or follow?

Of course you did. You're here. You're reading this, and some of you might even "like this." It's no secret this sort of data is bought, sold and tracked at any given moment in time. As a former intelligence analyst, these areas were venerable gold mines for sourcing data on people and organisations. However, what many fail to understand is just how accessible this information is to everyone else, and how that information can be used. While those photos, posts and likes may seem like harmless bits of ones and zeros saved for only your inner circles to see, in the wrong hands open-source data can be incredibly destructive to not only yourself, but those you're connected to.

Many carry the attitude of not having anything to hide. Whilst that may be true from a legal perspective, I would argue those people unnecessarily expose themselves and those in their network, to outside threats. Let's dive into how with an experiment I ran with a close friend of mine recently:

My friend (let's call her "Jill") only has an Instagram account. Jill's very careful not to post any personally identifiable information, but she does have a public account (like many others) and doesn't personally know all of her followers. I explained to Jill that I could probably find an exploit in her Instagram she wasn't aware of, and so began the experiment. She met a friend while at a concert in Las Vegas, and they took a photo together she posted on Instagram. Her new friend, (let's call her "Amy") simply commented on the photo, but it was enough to get me started. Her Instagram was also public, and her photos and information of her account led me to her Facebook and other media. Within 15 minutes, I had collected the following on Amy:

  • Amy's full name
  • Amy's birth date
  • Where Amy works
  • Where Amy goes to the gym (and how often)
  • What movies she's seen (since 2009)
  • Her family members, ages, relation.
  • What her favourite drink was (and surprisingly what her least favourite drink was too)
  • Where she frequents on the weekends
  • The kind of music Amy enjoys
  • Her relationship history
  • Her political affiliations
  • What music festivals she's attending over the next four months (and who with.)
  • And many more details!

All of this, collected based on Jill's post, and Amy's comment. I knew more about Amy in 15 minutes than Jill knew over the entire weekend they spent together. This information could be used for everything from phishing to terrorism. The sheer amount of data we put out into the world about our personal lives is startling (for more information, read this article from The Guardian: "I asked Tinder for my data. It sent me 800 pages of my deepest, darkest secrets") Individuals aren't the only ones at risk here; organisations are just as susceptible. Whilst most organisations focus their efforts on physical and cyber security, they fail to see the threats from within: the human element. The annual costs of corporate espionage are measured in the billions world-wide across a diverse range of industries. Modern day exploitation requires more complexity and human involvement than simply hacking into a mainframe or breaking into a business. People are often the weakest elements of any organisation, more accessible and just as vulnerable to exploitation as a poor password or a bad lock.

Decoding people, and their network is the first step in mounting a proper defence against corporate espionage. If you or your organisation aren't thinking about this, or would like to know more, it's time to reach out: www.atarangilabs.com

RYAN MACFARLANE

IT Specialist & NASM Elite Trainer CPT | Nutrition Coach | Here's 2GoodHealthInc???♂??????

7 年

Was reading this earlier tonight about Playboy. Playboys address was so widely known it started this and it had to have been revolutionary! But likely overlooked.. "His famous rabbit-head logo with cocked ear and tuxedo bow tie was developed by Paul in time for Playboy’s second issue. Initially intended as an endpoint for articles, it soon became their corporate logo. Just five years later it had become so widely recognised that a New York reader was able successfully to send Playboy a letter with a hand-drawn rabbit head as the only address." In the 50s that had to have gone over real well! USPS was loving it! Hah, cheers man

回复
RYAN MACFARLANE

IT Specialist & NASM Elite Trainer CPT | Nutrition Coach | Here's 2GoodHealthInc???♂??????

7 年

Your very own privacy.. This is one thing so many people really take for granted! There's just tons of raw personal DATA ON EVERYONE AND EVERYTHING. Personal account leaks from Yahoo, T-Mobile, Wells Fargo, Equifax etc. Personal privacy loss from a private or professional stand point, company accounts emails, Skypes, etc theyre all so easily accessible.. For starters: FB, Twitter, Instagram, Skype, all the Dating Tinder sites out there, and even Linkedin 100s of millions of people go way over board with eveything theyre publicly sharing. (Sad people just dont pick up the phone, and group text like they used to). We're on the path to human chipping new borns, and having Internet policed, Iternet Task Forces, "nsa and minority report combining forces, so real deal 10 year old kids cant google porn anymore" wait is that already happening, hah!. Just made that up. Damn whatever happened to Playboy, poor Hugh Hefner had to go and pass away at a 100 years and who's really going to take over the business of Playboy Art, entertainment and real topics with humor class and sex . (For all men 18- 80!) Idk brother personal privacy is on the fritz and you're going to have to pay for it

回复

要查看或添加评论,请登录

社区洞察

其他会员也浏览了