Sign up FAST! Login

I challenged hackers to investigate me and what they found out is chilling

personal data theft

It’s my first class of the semester at New York University. I’m discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message. To receive the four-digit code I need to unlock it I’ll have to dial a number with a 312 area code. Then my iPhone, set on vibrate and sitting idly on the table, beeps madly.

I’m being hacked — and only have myself to blame.

Two months earlier I challenged Nicholas Percoco, senior vice president of SpiderLabs, the advanced research and ethical hacking team at Trustwave, to perform a personal “pen-test,” industry-speak for “penetration test.” The idea grew out of a cover story I wrote for Forbes some 14 years earlier, when I retained a private detective to investigate me, starting with just my byline. In a week he pulled up an astonishing amount of information, everything from my social security number and mother’s maiden name to long distance phone records, including who I called and for how long, my rent, bank accounts, stock holdings, and utility bills.

This really is worth reading more:

After Nick Percoco and I hammered out the broad outlines of our project – his team would not break any laws, and they would leave my kids out of this ­–­ I signed a waiver (courtesy of Trustwave’s lawyers) that barred me from suing the company if my information ended up in the wrong hands. Percoco kept the timetable vague and frankly, after a month dragged into two, I almost forgot about it. But his team, comprised of security analyst Garret Picchioni, digital forensics specialist Josh Grunzweig, and hacker Matthew Jakubowski (Jaku), were anything but idle.

Percoco told me they began the project by pulling up everything they could about me on the Web, sifting through my website and various writings, looking for anything that could point to potential vulnerabilities. They gleaned some interesting nuggets, including the type of computer I use (I’ve written that I’m an Apple aficionado), my home and work addresses (easily found through public records searches), and the location of the Pilates studio my wife, Charlotte, owns and operates. This helped them formulate a plan of attack.

This really is worth reading more:


Stashed in: Hackers!, security, National Security, Privacy, Hackers!

To save this post, select a stash from drop-down menu or type in a new one:

Geez. There's no respite from the potential to be hacked.

there really isn't... only the most highly skilled can resist it :-\

Your best defense is to be uninteresting ;)

I had always thought the same about identity theft. If you drop your credit score to 0, it's worth nothing to an identity thief. However, the fact that it gets dropped to 0 and you can still be alive may provide an indication as to how worthless that credit score is. After all it is an invention of the companies that control your data. The strangest thing though is Credit Protection. Basically identity theft is where a criminal successfully misrepresents you and the Experian, Equifax, TransUnion will verify your creditworthiness to a lender. There is a flaw in their system. To plug this flaw, they sell you an 'identity protection service' for $20 per month, that informs you when someone breaks through their security system. Cool business model if you can build one - those guys did at our expense.

You May Also Like: