If you dare a hacker to break into your accounts, chances are pretty high that you won't like the results.
Fusion's Kevin Roose dared two hacking experts to spend a couple weeks trying to gain access to his life — as long as they agreed not to steal money or reveal his secrets publicly. The hackers used a combination of social engineering (using lies and smooth talk to gain key information) and malicious software to get deep inside Roose's life, and it was shockingly easy.
"If he had been a malicious attacker, Dan said, he could have done unspeakable damage: draining my bank account, ruining my credit score, deleting years’ worth of photos, videos, and important data from my hard drive, using secrets from my email inbox and my work Slack to ruin my reputation," Roose wrote in an article about the experience at Fusion. "Anything, really."
Fusion put up a video of the ordeal on YouTube, which showed how the hackers pulled it off.
After compiling a 13-page dossier on Roose based on social media accounts and publicly-available data found online, the hackers social engineered their way into his accounts. While demonstrating this type of attack on video, a hacker named Jessica Clark poses as Roose's wife in a call to his phone company — as a YouTube video of a baby crying plays in the background — and is able to get full control over his account.
"All it took was a crying baby and a phone call," Roose says.
It's one aspect of hacking that often gets overlooked, but is hard to defend against. A person could have super-strong passwords on their accounts, but a good social engineer can find a weak link in customer service, as the video shows.
Besides social engineering tactics, hacker Dan Tentler tries the more traditional route of "spear-phishing" Roose, sending him an official-looking email designed to get him to click on a malicious link inside. About 91% of targeted cyber attacks begin this way, and Roose, like many others, falls for it — then installing a security certificate that gives the hacker total control over his computer.
From there, Tentler is able to grab all his passwords — including the one for his password management app — and gains access to his webcam to snap photos of him every two minutes, take a look inside his bank account, and literally keep tabs on his place through his Dropcam security camera.
Watch the report below:
