Industrial espionage, social engineering and no-tech hacking are all very real, and there are simple precautions that you can take to protect yourself, which this article will discuss. Whether you are a high-profile businessman or a housewife (or househusband), keeping the information you want to remain private private should be important to you.
This is a broad term, but it usually entails using acquired information to manipulate people in order to gain access to something that would otherwise be inaccessible to you. Let me call in one of my most favorite movie characters of all time, Regina George. Believe it or not, she is a perfect example of an efficient social hacker!
- Regina: Wedell on South Boulevard.
- Gretchen: Caller ID!?
- Regina: Not when you connect from information... Hello, may I speak with Taylor Wedell?
- Taylor Wedell's Mom: She's not home right now, may I ask who's calling?
- Regina: Oh, this is Susan from Planned Parenthood, we have her test results. If you could have her call me as soon as she can? It's urgent, thank you! [Mom faints] She's not going out with anyone tonight! [All giggle]
Regina's social engineering is fun to watch (and we could all learn a thing or two from her), but let's now look at some common techniques used by typical social hackers to gain sensitive information about you or your company. This article will focus more on the no-tech, physical approach. To protect yourself online check out Null Byte's Anti-Doxing article.
One mistake people make is being too casual when using their computer in public places. Someone could easily come and stand behind you, nonchalantly texting on their phone, pretending to wait for someone. However, in reality they could be watching what you are doing on the computer, taking pictures with their phone.
I am astonished at how many times people have asked me to watch their computer so they could go to the bathroom or something? I do not even know these people! I was just studying for a test on the couch. Also, when I am in lectures, everyone has their laptop open and they are doing all sorts of stuff. I could easily target someone and simply sit behind them and watch without anyone ever getting suspicious.
If a malicious social hacker comes by, they could glean an email addresses that you trust and pose as them, or if they deem your laptop valuable, they might attempt to steal your computer. It is amazing what someone can do with a little seemingly innocuous information.
You could always use a Snuggie to prevent anyone from seeing what you are doing on your computer...
But I think the following steps are a bit more practical.
- Never leave your computer unattended. Also, don't trust the stranger next to you to be responsible! I mean, someone could come up and grab the computer and if another person questions you, then you simply say you are their friend and they asked you to come get it for them. Most likely, no one would be the wiser.
- Avoid using your computer in public places. This is where you are most vulnerable. If it is absolutely necessary, then try and get a seat that doesn't allow someone to look over your shoulder.
- Purchase a privacy filter, which essentially makes it so that you can only see the screen from one angle. This is great, but the fact that you have a privacy filter might tip someone off that you are protecting private information, a sort of catch-22.
- Be wary of everyone around you. As with most predators, they look for the easiest target with the biggest gain. Follow the preceding steps (and this one) and you should be relatively safe. Using caution and common sense are excellent weapons against attacks. Always assume everyone is a malicious social hacker and a crazy driver, as I always say.
You might also be surprised what people throw away in the garbage. You can learn a ton about someone by looking at what they throw away and what sites the visit on the Internet. We are often under the illusion that our privacy is somehow magically protected simply because no one is standing right behind us. This is not the case. We leave digital and physical footprints everywhere, so you need to tread lightly and/or cover your tracks.
* If you didn't already know, it is not illegal to look through someone's garbage, as held up by the Supreme Court decision, California vs. Greenwood. Anyone can come and snoop through your garbage and there is nothing, legally, that you can do!
It may seem self evident, but it is extremely important that everyone has a personal shredder. They are not that expensive and they greatly hinder the efforts of attackers. Now that we've got that out of the way... the next most important question is what do I and don't I need to shred?
My philosophy—when in doubt, shred it. I pretty much either shred my mail or put it in a special place. Basically, anything that has your full name or signature and other identifying features, such as IDs, PINs, SSNs, etc. should be shredded. For a more comprehensive list, click here.
There are really many vectors of attack besides just these two, since we live in the information age. Any time you put information in the open you should think: What information am I potentially giving out? Who could access it? How well do I trust them? Why should I trust them?