We’re getting in the Halloween spirit (with a cybersecurity spin of course)! We started wondering about the mysterious (or not-so-mysterious) world of hacking. We wondered just how frightfully easy it might be to gather intel from social platforms with minimal prerequisite knowledge.
To that end, we did a little experiment in an attempt to understand the hacking process. We asked ourselves…
- What details can hackers find about us online?
- Are there enough details out there for a hacker to really manipulate us?
Are we “sharing too much” as a population committed to living our lives on social media?
To answer these questions and learn if we’re just asking to be tricked or if what hackers can find out about us is really their treat to exploit…[insert gloomy music here], we simulated an online “intel gathering” exercise.
Read the scarily simple steps we took to find personal details of someone online.
- Identify a known person you want to learn more about
- Go to the ol’ Google to dig up articles and social profiles about that person
- Easily obtain properties like their full name, interests, employer, etc.
- Search their social accounts in greater depth to find:
- Their interests and passions
- Their work history
- Education level
- Previous co-workers and friends
- Geographic residence
- Links to their Instagram profile (for visual data)
- Pet’s name
- Marital status
- Search through their friend list on Facebook, connections on LinkedIn, or followers on Twitter to isolate any missing social profiles or details on the person
- Find their hometown, family members, and political/religious views
So gosh. This turned out to be a frighteningly straightforward path to take to find intel on someone….even if some of their social accounts are private! And, you might be shocked to know that it took us less than an hour to discover enough information about a random person.
So what might a hacker do with the intel like what we just dug up? They use the information to manipulate us and make us vulnerable to an attack.
- A hacker might craft a Twitter message asking about this person’s pet or commenting on the weather in her place of residence to start a conversation.
- A hacker might name drop her former co-worker as a “friend” of ours and thereby “established a connection.”
- A hacker might have contacted the persons parents or a friend claiming we were associated with individual’s previous employer to get his/her phone number to call them.
- The TRICKS are endless!
And it can happen fairly quickly. Are you surprised?
There’s good news here though. While we did learn from this exercise that what we each choose to share online is, indeed, asking to be tricked by hacker, the fact is WE have some control of what information is “out there”. Hackers LOVE any data they can use about our interests and personal information to gain access to something they want (e.g. bank accounts, social security numbers, credit cards, etc.); but we can limit our personal information and lock down our profiles to minimize how much intel is out there to start with.