The hacker who lives among us
At first glance, the news item and the analysis in this article may seem to have no direct connection with each other. However, they reflect a trend that should be of concern to those working in positions where information security is key: the high likelihood of becoming a victim of hackers and the different ways in which we make it possible for this to happen. Understanding how we make it easier for hackers to infect our computers will make us more cautious about sharing information that could help make us victims of a cyber-attack.
Last week it was revealed that Israeli security services had prevented Israel's defence minister's house cleaner - Benny Gantz - from infecting his computer for hackers linked to Iran. Beyond the questions of how this could have happened - the cleaner was found to have a criminal record for theft and failed a security filter - it is revealing how many details that at first glance seem irrelevant can contribute to making us more susceptible to hacking. To prove his worth as a hacker, the cleaner took photos of Gantz's computer, tablet, safe, shredder, property tax receipts and family photos. These photos were shared via the social network Telegram, most likely providing the hackers with material with which to make another attempt to infect the minister, either via his computer or tablet or by impersonating a member of his family. If any evidence of fraud or delinquency is detected in the property tax receipts, they are likely to be leaked, which could weaken Israel's fragile ruling coalition.
What does this incident have to do with the rest of us humans? Well, we can suffer what Gantz went through if we do not take measures that do not make us a likely target for a cyber-attack. What we share on social media almost certainly facilitates this.
The trend on Instagram of sharing little stories of everything we do - harmless on the surface - is actually a goldmine for cyberespionage. Especially those done in the workplace. Taking a history in your office with your computer on can reveal what type of computer the company uses (Windows, Apple) whether you use Office or other software and in some cases your work or personal email address. All this information makes the user and the company more susceptible to a cyber-attack, as data is provided to personalise it, complicating efforts to stop it and most likely having catastrophic consequences for the company.
Taking a photo of your company card is likely to increase the likelihood of a cyber-attack. All the data on it (name, photo, place of work, type of work and card number) is a goldmine for cyber-attacks, especially if you have an important position within the company or work for the government, both of which are very likely to become the target of a cyber-attack.
Finally, the pandemic and working at home does not mean that we are not immune to a cyber-attack. As the Gantz case demonstrates, exposing work and personal details when we make a video call or take a photo to show off about our workplace at home can facilitate a cyber-attack, especially if we can locate where the photo was taken.
In conclusion, the attempted cyber-attack on the Israeli Defence Minister by his cleaner reveals - apart from a Defence Minister and everyone else - how easily we expose information that could make us a victim of a hacker. Sharing details of where we work, especially our desk and identity card, makes it more likely that the company and the employee will suffer a cyber-attack. Working from home does not make us immune to this threat, especially if we geo-locate where the photo was taken, again making us more susceptible to cyber-attack.
What can be done to counter this? The solution is simple: think before you share something on the networks, especially if it could harm you, directly or indirectly.