Should you give Kevin Mitnick your name?
If you’ve ever received an email from a friend, in which she asks you to wire money to her in the Philippines because her luggage and wallet have been stolen (and yet you know she’s safe and sound down the street), you’ve known someone whose email account has been compromised. Have you ever seen fraudulent activity on your credit card? Have you ever filed a tax return only to be told a tax return for that social security number has already been filed?
Chances are, you’ve encountered at least one of these situations. It’s easy to fall victim to phishing or have credit cards compromised. But how easy is it for the hacker to do his deed? Quite easy, actually.
Kevin Mitnick’s Public Hack
At a BBVA luncheon two weeks ago, Stanton, V-Rooms’ CEO, volunteered for a live demonstration with Kevin Mitnick, the world’s most renowned hacker. Kevin asked Stanton to join him onstage and, after a quick introduction, searched for Stanton’s first and last name in an online database, which charged just a dollar per search. There were a few results.
So Kevin verified Stanton’s middle initial and hit search again. Bingo! On the projection screens visible to an audience of about 200, Stanton saw his recent home addresses among other personally identifiable information (PII). Using this information, Kevin easily found Stanton’s driver’s license number in another database. Within minutes and for just a few dollars, Kevin had enough information to open credit cards in Stanton’s name, change information on existing accounts, or worse.
So Now What?
Rather than clap for the feat accomplished so quickly and deftly, the audience stared wide-eyed at Kevin, Stanton, and the projection screens, as if struck paralyzed and dumb. The fear in the room was palpable.
The fact is, no one is impervious and no entity is impregnable to those wanting access. However, the more difficult it is to gain entry, the more likely the intruder will give up and seek an easier target. So why not raise the barrier to entry?
Don’t Be Easy
Every small security measure you take fortifies your defenses. As Kevin Mitnick chronicles throughout his book, Ghost in the Wires (2011), physical means are often used to access digital and cyber information. He regularly dumpster dove for sensitive information that had been tossed out instead of disposed of properly. Quick takeaway: shred your documents. In his former life, Kevin also illegally accessed others’ email accounts for login credentials and passwords. Another quick takeaway: store sensitive information in a secure place like a virtual data room.
For more information on secure places to store and share information, see www.v-rooms.com.