Hello and welcome back to the cyber course on how to do a live identity hack. This is episode foresee The Hack UK edition.
This particular section has been designed to focus on how to use the profile information for English audiences. You can skip the section if it is not relevant to your audience.
So now that we've got to the volunteers name, address and date of birth, how can a hacker pieces information together to do identity theft? Well, it's literally child's play.
I'll go through some examples of how this has been done in the past.
You can see here the familiar apple idee log in page and people uses to manage not only their Apple account but also to be able to reset that password.
And a few years ago, Jennifer Lawrence and a whole heap of other female celebrities had their apple accounts hacked into by a criminal. What they did was they logged into
the person's apple account by you being able to utilize the email address, which is
very easy to get these days and then doing a password reset. When you do a password reset on most websites, it will ask you to go down one of two parts. The first option is to send a recent link to your email address.
Now, if you don't have access to that person's email account, you can't use this option.
The second option is to use the online password reset function by answering some basic questions that, in theory, only you would know that. What are these questions with a standard questions that websites use as well as banks?
What's your mother's maiden name? Where were you born? What's your date of birth?
What's your address?
Information that theoretically own you should know and should not be available in the public.
Unfortunately, a lot of paperwork on security through obscurity,
they think on the basis of our this will never happen to May. I'm in nobody or I'm not important enough.
This is far from the case.
A hacker will choose anybody that is easy to do. Identity theft on. Once a Hagar has this information, it's very easy for them to break into websites that you may have access to. Now this can be a shopping website. It can be an iTunes Web site.
It can be pretty much any website that you used to log in, and
if they know how to reset the password, they can do it very quickly and very, very easily. Now don't get me wrong. Organizations are beefing up their security protocols, for example, with Facebook and Apple. You now have the option to implement to factor authentication.
So when you go to reset a password, it will send through a text message to your mobile. Fine.
And you have to import that information before you can reset the password. Now this will be the mobile phone that you have used to register onto the website. Two Factor. Authentication is great, but again it can be used against you.
There are Web sites out there, like P I, P l and even Facebook, where you can type in a person's phone number and I'll bring up their details. So again, you need to be really, really careful about what information you provide to any organization.
Now. When the hacker was profiling these high value celebrities,
they were able to steal intimate photographs and post them online. Fortunately, this person was a court and was sentenced to prison. He had compromised over 200 different Apple iCloud accounts One of the things that you need to be aware of
is that your data is always there
again. If I have access to your iTunes account
or your Samsung account, I can download a simple app I can restore until blank device every single app that was on that phone.
So here we've got your messages. Third party apps like WhatsApp chats, Skype and kick photographs, bookmarks, memos, etcetera. If we go into it, we can also see all of their contacts
as well as the chat history.
I don't need access to the person's device to gain access to it.
As you can see here, I'm recovering from an iCloud back up. What are the different types of information? Well, it includes things like message and call locks, contact information. Third party, instant messaging app slight. Whats app. We chat fiber kick, etcetera,
all of your photos and videos that you've uploaded to yours, my cloud environment
as well as memos, calendar reminders and your safari history. It's quite scary what information you can download from hacking somebody's account. Next up, we'll make Mat Honan now. Matt is a buzzfeed journalist and this is his story here.
Matt has a fantastic Twitter handle.
It's at M 80 and a hacker wanted to steal mats. Twitter handle. So what he did was he broke in and did a password reset. He then went in and contacted Apple Support by the website
and did a remote wipe off his iPad, his iPhone and his Mac book, et cetera.
Very quickly, very easily. Overnight, the hacker was able to destroy and delete two years with a digital life that Matt had created on these devices. It was almost impossible for him to get that information back. So that shows you what some hackers condo's
let's go through and see what we can do to do identity theft.