How to master the art of deception like a hacker
How to master the art of deception like a hacker
7:40

How to master the art of deception like a hacker

Privacy
Wow. [LAUGH] Thanks for finding out passwords. Snow. Stephanie, you are a social engineer And your title is Chief People Hacker. Yes. At IBM, that is the coolest job title ever. And for the past three weeks, you have been hacking, attacking, and social engineering My colleague Graham Cates and myself, you found so much information that it generated a 20 page report. That is amazing and horrifying. [LAUGH] But let's start with the basics. Okay. When we say social engineering What do you mean specifically? What does this type of hacking entail? So social engineering is convincing people to perform an action or give out information that's not normally something they would do. So it's really Going out there and seeing what information you can get from them. Specifically we look at phishing. So that's sending out an e-mail with malicious links or attachments. And what a lot of people don't realize is Is if they click on the link or open the attachment, it could give someone access to their information or even their computer. You found out a lot about den Yes. But you found out just a crazy amount about me and my whole family really my wife, my my young daughter when she was born, my address my cell phone number It's kind of a whole different world of information about me and I'm curious what that could give you access to. So, with your cell phone number and seeing different accounts you have, I know that your interested in food and you like to take pictures of food. So as an attacker I could use that information and send you a text message, but it could contain a malicious Clink. Or if I know that you're out of the town and I did see a post where the family was going on vacation,that's something that as an attacker I would know that your house is most likely vacant.>> What's fascinating Stephanie is that your skills are so good That you're in disguise right now. I am yes. [LAUGH] Let's take a look at Stephanie Snow post disguise. Absolutely so I am in disguise now this is not what my hair looks like at all [LAUGH]. So I use this [UNKNOWN] a lot when I go on site cuz I don't want be recognized or am I have to use multiple personalities? If something does work the first time, I have to try something else. And this really helps me [UNKNOWN] pretending to be someone specific, like a flower delivery person I'm gonna change into two uniforms. The wig that I use is just something I would use for an auditor and I'd wear a suit. I actually go online and try to find information and pictures of people in those same job roles to look as much like them as I can. So you've now taking up your disguised you're dressed as yourself presumably. So you didn't actually break into the CBS news headquarters. But you brought along tools that could show us how you would be able to do that if you wanted. Absolutely, so I actually made you a fake card, and can I see that? Yeah. So to show how this would work, this is like a regular RFID system that many buildings have. So you need to barge in to get access to the building. So your card is programmed and it works. What I would then do is take my RFID captioned device. And what this is, is this is a longe-range reader. I hide it in my purse, and nobody knows it's there. So what I do is, I wear my purse around. And I would stand next to an elevator, in line at the coffee shop, and all I would need is 20 inches of distance between my purse and your badge. And I would be able to capture all of the data that is on your badge. So then I would go back to my hotel room And I'll get the data off of this reader. [BLANK_AUDIO] So I have a micro SD card in here that I would then pull out, plug into my computer, and I would use this Proxmark. What this does it will [UNKNOWN] the data that I give it onto a new card. So I'm taking the data that I captured from your card, and I am programming it to this new card. So it will now work just as if it was your card. I didn't do anything wrong, but you were able to get access to the building, using me as a vulnerability. Exactly. And that's just very, very close distance. I don't even have to be at your building. I could be in line for lunch or somewhere just close to employees. All right, Stephanie, a large part of your job requires that you build trust, build a rapport, and you do that often by spoofing a phone number to appear as though it's coming from a trusted source. It could be a friend, it could be a family member, it could be a bank, right? And all of us have seen these spam robo calls on our phone. Sometimes a robo call that get me look as though they're coming from my number or a very similar number. You can even spoof how two different contacts could look like each other. Tell me how this process works, and can you show us?>> Yes, absolutely. So you need a mobile app, and I'm not gonna tell you which one.>> So you are going to make it look as though my phone is being called from Graham's phone.>> Right. All right. [BLANK_AUDIO] I feeling a calling and It says Graham Kates. But it is in fact, you calling you from your mobile phone. Exactly. I think there's something that's really important to point out here, which is that it's not that you designed some sort of program but it's that anyone could get that and do the same thing. Absolutely in it's just It's an app and you can make your phone number appear as anyone. Snow you've demonstrated to us that we're absolutely unsafe everywhere. How do we protect ourselves? That's a great question. So how you can protect yourself online is really stop and think about what you're posting. Do you really need to tell everyone that you're going on vacation? And also check websites to see if your information is leaking anywhere so you can get that removed. Those two things are very important when it comes to social media. As far as your badges, there's no reason you need to take it everywhere with you or leave it in your car. It should be hidden so that someone like me or an attacker can't visually see it to recreate a copy or clone it. Before you came here you told us you had some surprises to show us, some things that you found about us that you didn't necessarily want to put in your report, and we're ready to see them. All right. Graham, this is for you. Dan, for you. Man. The magical mystery envelope. Wow. [LAUGH] Thanks for finding our password [UNKNOWN] This is [LAUGH] Maybe my oldest password, it's what I have being trying to phase out Okay From my various web sites [LAUGH] When I was just like a little kid and I didn't know any better. So unfortunately things like this are in data breaches and if I can get it, so can attackers. [BLANK_AUDIO]

Up Next

Steam Deck 1 Year Review
thumb3

Up Next

Steam Deck 1 Year Review

No Real Buttons on iPhone 15 Pro? This Rumor Has Me Worried
apple-iphone-14-xx-8083-3

No Real Buttons on iPhone 15 Pro? This Rumor Has Me Worried

Baidu Unveils Ernie AI Bot's Multimodal Creation Capabilities
baidu-ai-15-march-2023-10-58-54-pm-00-00-22-26-still001

Baidu Unveils Ernie AI Bot's Multimodal Creation Capabilities

NASA Reveals Artemis 3 Moon Mission Spacesuit
space-suit-image

NASA Reveals Artemis 3 Moon Mission Spacesuit

Watch Google Demo Generative AI Tech for Workspace Apps
google-ai-image-2

Watch Google Demo Generative AI Tech for Workspace Apps

First Look at Amazon's Antenna Designs for Project Kuiper
antenna-cms

First Look at Amazon's Antenna Designs for Project Kuiper

Beyond Yellow iPhone: Apple Rumors Point to New Macs, but When?
yellowiphoneimac

Beyond Yellow iPhone: Apple Rumors Point to New Macs, but When?

Spotify Reveals All-New Redesign
cnet-image

Spotify Reveals All-New Redesign

Why Apple's Newton Flopped (Will History Repeat Itself?)
newtoncnetthumb

Why Apple's Newton Flopped (Will History Repeat Itself?)

Tech Shows

The Apple Core
apple-core-w

The Apple Core

Alphabet City
alphabet-city-w

Alphabet City

CNET Top 5
cnet-top-5-w

CNET Top 5

The Daily Charge
dc-site-1color-logo.png

The Daily Charge

What the Future
what-the-future-w

What the Future

Tech Today
tech-today-w

Tech Today

Latest News All latest news

Solar-Powered Mobile Nanogrids Provide Energy Relief in Disaster Zones
sesame-solar-seq-00-04-41-08-still001

Solar-Powered Mobile Nanogrids Provide Energy Relief in Disaster Zones

Steam Deck 1 Year Review
thumb3

Steam Deck 1 Year Review

Asus ROG Phone 6 Pro: A Gaming Phone With Lots of Style
rog6-070323-port-00-00-16-14-still002.png

Asus ROG Phone 6 Pro: A Gaming Phone With Lots of Style

No Real Buttons on iPhone 15 Pro? This Rumor Has Me Worried
apple-iphone-14-xx-8083-3

No Real Buttons on iPhone 15 Pro? This Rumor Has Me Worried

Everything Announced at Microsoft's AI Future of Work Event
microsoft-ai-event-future-of-work-supercut-1

Everything Announced at Microsoft's AI Future of Work Event

Baidu Unveils Ernie AI Bot's Multimodal Creation Capabilities
baidu-ai-15-march-2023-10-58-54-pm-00-00-22-26-still001

Baidu Unveils Ernie AI Bot's Multimodal Creation Capabilities

Most Popular All most popular

Steam Deck 1 Year Review
thumb3

Steam Deck 1 Year Review

How to Clean Your Keyboard's Sticky Keys
3keyboards

How to Clean Your Keyboard's Sticky Keys

How to Get Started With Bing AI Search and Chat
bing, bing ai, bing chat

How to Get Started With Bing AI Search and Chat

Watch Google Demo Generative AI Tech for Workspace Apps
google-ai-image-2

Watch Google Demo Generative AI Tech for Workspace Apps

Everything Announced at Microsoft's AI Future of Work Event
microsoft-ai-event-future-of-work-supercut-1

Everything Announced at Microsoft's AI Future of Work Event

Best Wi-Fi Routers for 2023: A Buying Guide
thumbfinal

Best Wi-Fi Routers for 2023: A Buying Guide

Latest Products All latest products

Sonos Era 100 and Era 300 Are Here: See the Next Gen of Wireless Streaming Speakers
sonos-00-00-05-22-still001

Sonos Era 100 and Era 300 Are Here: See the Next Gen of Wireless Streaming Speakers

First Look at Rad Power Bikes' New RadRunner 3 Plus
radrunner3-00-00-13-03-still001

First Look at Rad Power Bikes' New RadRunner 3 Plus

OnePlus 11 Review: Powerful but Not Perfect
oneplus-11-review-cnet-lanxon-promo-17

OnePlus 11 Review: Powerful but Not Perfect

Hot Wheels Rift Rally Turns Your Living Room Into a Video Game
hotwheelscms

Hot Wheels Rift Rally Turns Your Living Room Into a Video Game

Samsung's Galaxy S23 Lineup Is Here With Big Camera Upgrades
cnets23

Samsung's Galaxy S23 Lineup Is Here With Big Camera Upgrades

Testing Apple's New M2 MacBook Pro and Mac Mini
macbook-pro-and-mac-mini

Testing Apple's New M2 MacBook Pro and Mac Mini

Latest How To All how to videos

How to Get Started With Bing AI Search and Chat
bing, bing ai, bing chat

How to Get Started With Bing AI Search and Chat

How to Install Ring's New Car Cam
car-cam-2

How to Install Ring's New Car Cam

Connect a Meta Quest 2 VR Headset to a PC
pc-vr-5

Connect a Meta Quest 2 VR Headset to a PC

Cast Your Meta Quest Headset to a TV, Phone or Browser
cast-2

Cast Your Meta Quest Headset to a TV, Phone or Browser

MacOS Ventura Continuity Camera Turns Your iPhone Into a Webcam
1203246975312353-pnmdl8bwygpxcjffhlcf-height640.png

MacOS Ventura Continuity Camera Turns Your iPhone Into a Webcam

How to Clean Your Keyboard's Sticky Keys
3keyboards

How to Clean Your Keyboard's Sticky Keys