Time
1 hour 31 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
hello and welcome back to the cyber course on how to do a live identity hack. This is the American version where I'll be showing you how to do a hack on a person's identity, utilizing just their person's name, address and date of birth.
00:16
This section is designed specifically for American audiences, So if you are in Australia or in the UK, you can skip this section if it's not relevant to you.
00:27
So now that we've got to the volunteers name, address and date of birth, how can a hacker pieces information together to do identity theft?
00:36
Well, it's literally child's play.
00:39
I'll go through some examples of how this has been done in the past.
00:44
You can see here the familiar apple idee log in page and people uses to manage not only their Apple account but also to be able to reset that password.
00:56
And a few years ago, Jennifer Lawrence and a whole heap of other female celebrities had their apple accounts hacked into by a criminal.
01:06
What they did was they logged into the person's apple account
01:11
by being able to utilize the email address, which is
01:15
very easy to get these days and then doing a password reset. When you do a password reset on most websites, it will ask you to go down one of two parts. The first option is to send a recent link to your email address.
01:32
Now, if you don't have access to that person's email account,
01:36
you can't use this option.
01:38
The second option is to use the online password reset function by answering some basic questions that, in theory, only you would know about. What are these questions with a standard questions that websites use as well as banks?
01:55
What's your mother's maiden name? Where were you born? Um, what's the date of birth? What's your address?
02:01
Information that theoretically own you should know and should not be available in the public.
02:07
Unfortunately, a lot of people work on security through obscurity.
02:12
They think on the basis of our this will never happen to May I mean nobody.
02:16
Oh, I'm not important enough.
02:20
This is far from the case.
02:23
A hacker will choose anybody that is easy to do. Identity theft on.
02:30
Once a Hagar has this information, it's very easy for them to break into websites that you may have access to. Now this can be a shopping website. It can be an iTunes Web sites.
02:43
It can be pretty much any website that you used to log in. And
02:49
if they know how to reset the password, they can do it very quickly and very, very easily. Now don't get me wrong. Organizations are beefing up their security protocols. For example, with Facebook and Apple, you now have the option to implement two factor authentication.
03:06
So when you go to reset a password, it will send through a text message to your mobile. Fine.
03:13
And you have to import that information before you can reset the password. Now this will be the mobile phone that you have used to register onto the website. Two Factor. Authentication is great, but again it can be used against you.
03:29
There are Web sites out there, like P I, P l, and even Facebook, where you can type in a person's phone number and I'll bring up their details. So again, you need to be really, really careful about what information you provide to any organization.
03:46
Now. When the hacker was profiling these high value celebrities,
03:51
they were able to steal intimate photographs and publish them online. Fortunately, this person was a court and was sentenced to prison. He had compromised over 200 different Apple iCloud accounts. One of the things that you need to be aware of
04:09
is that your data is always there
04:12
again. If I have access to your iTunes account
04:16
or your Samsung account, I can download a simple app I can restore until blank device every single app that was on that phone.
04:28
So here we've got your messages. Third party apps like WhatsApp chats, Skype and kick photographs, bookmarks, memos, etcetera.
04:40
If we go into it, we can also see all of their contacts
04:45
as well as their chat history.
04:48
I don't need access to the person's device to gain access to it.
04:53
As you can see here, I'm recovering from an iCloud back up. What are the different types of information? Well, it includes things like message and call locks, contact information. Third party, instant messaging app slight. Whats app. We chat fiber kick, et cetera,
05:10
all of your photos and videos that you've uploaded to yours, my cloud environment
05:16
as well as memos, calendar reminders and your safari history. It's quite scary what information you can download from hacking somebody's account. Next up, we'll make Mat Honan Now. Matt is a buzzfeed journalist and this is his story here.
05:34
Matt has a fantastic Twitter handle.
05:38
It's at M 80 and a hacker wanted to steal mats. Twitter handle.
05:45
So what he did was he broke in and did a password reset. He then went in and contacted Apple Support by the website
05:55
and did a remote wipe off his iPad, his iPhone and his Mac book, et cetera,
06:02
Very quickly, very easily. Overnight, the hacker was able to destroy and delete two years with a digital life that Matt had created on these devices. It was almost impossible for him to get that information back. So that shows you what some hackers condo's
06:19
let's go through and see what we can do to do identity theft.

Up Next

How to Do a Live Identity Hack

This course has been specifically designed to successfully deliver a live identity hack presentation to an Australian, American or British audience.

Instructed By

Instructor Profile Image
Tom Mason
Senior Partner Development Manager at AWS
Instructor