When you realise you're a bit of an expert hacker!

Since joining the rather fabulous #MTeam, I've learnt a lot about InfoSec, cyber security and cyber criminals, working in the cloud, incremental image based backups, continuity planning, disaster recovery strategies, the IOT, and all sorts of other techie stuff.

I've also discovered that I have a hidden talent. I'm really good at Visual Hacking.

In fact, I'm so good I made myself a certificate!

I've used this new found skill and written a blog for Mirus while on a recent train journey. It was on this journey that I discovered my Hacking Super Power! I was stunned by the amount of information I could gather from the other passengers, with absolutely no intent to do so and with no effort at all!

Have commuters become so indoctrinated to being surrounded by other people for their morning and evening journeys, that they are totally oblivious to them and the threat they potentially pose?

If you'd like to know more about some of the mind boggling data and information I was able to breach on those two journeys, read on below....

• Visual hacking: 91% of it is successful.
• It happens in seconds.
• The victim generally doesn't know they've been hacked.

Fancy pants cyber security can’t help you when I'm doing the Shoulder Surfing!

I'm on a train.

It’s not something I do much anymore, and it’s the first train I’ve been on since I started marketing for MSPs (Managed Service Providers).

This train ride is a completely different experience from one I’ve ever had before! I had no idea how much my eyes have been opened since becoming a semi-techi. There's so much to see, so many incredible and scary things you could potentially learn, steal and and capture.

I feel like I have a Superpower and if I was carrying a body cam, wearing video cam contact lenses or had a photographic memory, right now, I could be worth an absolute mint!

From some casual ‘looking around’ in the carriages, I've learnt that the bloke in the red tie has three children, is obviously affluent, lives near Woburn and holidays in America. I know his youngest learnt to swim there on his most recent holiday. Love a Facebook profile!

Through the middle of the seats in front of me I could see that a marketing agency based in Bedford is pitching today for a massive client, they're rather concerned and have been checking out the potential competition for information, and re writing some of the pitch.

I know a commuter in the seat in front of me on the right is on Grinder and another about three rows down on the end seat is on Tinder, and from my cursory observations, I get the impression they’re both pretty active on these platforms.

The lady to my left is off to an interview in London for a small legal firm, and just emailed in sick to her current role, a 'cold' apparently. I know the couple I passed when walking though the carriages, are off on holiday for a couple of weeks and are looking at the best places to eat while they are in the South of France.

I walked past a suited couple working on a HIGHLY CONFIDENTIAL legal document (more about that later), I saw at least four people reading and writing work emails on laptops and I was able to read content from all of them, plus someone was quite unashamedly watching porn.

On the train ride home I had the end seat, and the gentleman on the end seat one in front and next to me, opened his laptop and clearly entered his login credentials for his company email. The guy directly to my right is clearing client issues and calculating charges for additional services for his clients. I can clearly see his excel sheets with actual costs and the commissions to add and optional extra charges and all sorts...

A lady just opened her handbag and I now have her full name and address from an unopened letter.

I gathered a LOT of information during my journeys through the train just by walking to find a seat, much more than I should have been able to gain.

It's the first time I’ve understood what I’ve just done, and it’s the first time, I was consciously aware of the information I could see.

I was hacking, Visually Hacking and I’ve been reading a lot about it recently. I’m writing this blog on my phone while on the same train, don’t worry, I’ve ensured that I’m protecting my phone from prying eyes. I’ve even checked that you can’t see a reflection of my screen in the train window I’m next to!

For those regular train goers, you’re probably used to this blatant barrage of personal and corporate information and think nothing of it, but for me today, knowing what I do about hacking, it’s been a shocker!

I’m sure none of the people on the two trains I’ve been on today;

1. were aware of how much I could see and gain from their activities, or
2. have any idea of just how much information I’ve gleaned from their unprotected activities.

They’d probably be horrified. They’ve all been sat in their little ‘on-the-way-to-work-or-holiday-bubble’ doing their thing, not thinking about visual hacking or data leakage or data theft...

Look around you people!

It’s about time they did know though. I think for some, the companies they work for would be highly interested to know just how much I gathered about that pitch, their client concerns over the recent invoice, the spreadsheet of costs and commissions, or, going back to the visual theft I promised I'd return to, the nature of the criminal offence and the full name and address of the (rather well known) defendant on the legal document I could quite happily read from my seat.

I may just leak that one to the press.... (naaaa).

Visual Hacking. 91% of it is successful!

It’s time to ensure your staff are more vigilant.

I think there’s a whole other blog to be written on verbal conversations people are willing to have on a public train either with each other, or on a phone call - shocking! But today, I’m talking about visual hacking.

There was not a single privacy screen on the whole journey!

Think about your last journey on a train, some of you do it every day, how much information do you gather each journey? Are you a visual hacker? Do you talk about what you’ve seen people doing on the train/plane? Have you used that information in any way at all, or perhaps the better question is COULD you use that information in any way?

Do you feel like a thief or a spy? I know I did. Just call yourself Bond. James/Jane Bond!

The people I saw on my outbound and inbound journeys could've been your staff or your colleagues and they could be putting the security of your business at risk every day. No amount of fancy pants cyber security is going to help you protect your business if one of your directors, signs in to your cloud network, and completes confidential work on his laptop on the train home with no privacy screen and a total disregard for prying eyes.

Judging from my long-time friend Louise's post, it's rife, and it's surely about time to address it.

Digital theft, it’s not just online!

It may be time to undertake an audit of your security? Give us a shout, we can help.