If you’ve ever been tempted to ask hackers to do their worst to you, you probably shouldn’t. Kevin Roose of Fusion recently made the trip to Las Vegas to ask hackers at DefCon to show off all the ways they could hack into his digital life and ruin everything for him. What he discovered left him pretty horrified.
First, he went to the team at Social-Engineer.org and asked them to use their talents to hack into his cellphone account without using a single line of code. One member of the team called up his mobile carrier while spoofing his own cellphone number and claimed to be Roose’s wife. For good measure, she played the sounds of a screaming baby on her computer in the background to give the illusion that she’s a stressed housewife who is desperately trying to access her husband’s mobile account while juggling a million different things.
This made the customer service representative on the other end of the line more empathetic to her and they quickly gave her the email address used by Roose on his account. She also got them to add another person to Roose’s account and even got them to reset the account’s password.
Again, this hack required no code and simply required believable voice acting.
Things got even worse for Roose when he asked hacker Dan Tentler to work his magic. Tentler started off by finding Roose’s SquareSpace blog and then sent him a “security alert” phishing email that told him to boost his SquareSpace security by going to a website and adding a certificate installer.
After Roose did this, it was all over. This gave Tentler access to his computer and he started using the computer’s webcam to snap pictures of Roose once every two minutes over the span of a couple of days. He also stole his 1Password key chain, which gave him access to every single financial account that Roose had opened online.
“I could have made you homeless and penniless,” Tentler tells Roose at one point.
Check out the full video of Roose getting hacked by the best minds at DefCon below.