Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » The man behind The Daily Mail attack: only the criminal’s imagination is what’s stopping them from doing anything they want

The man behind The Daily Mail attack: only the criminal’s imagination is what’s stopping them from doing anything they want

by Jurgita Lapienytė
10 September 2020
in Security
0
A silhouette of a man in a black background

The man behind the Daily Mail attack: only the criminal’s imagination is what’s stopping them from doing anything they want

1
SHARES

The Daily Mail journalists, willingly hacked by the CyberNews team, said they were alarmed by the results. The ethical hacker behind this attack explained that only a lack of imagination could stop malicious actors from doing anything they want with the data they can easily harvest.

The CyberNews team conducted an ethical hacking experiment in collaboration with The Daily Mail that involved trying to hack three of their journalists during a six-week period. You can read the full report here.

“We thought accessing this kind of data would be harder as they are publicly exposed people who would be cautious about their details,” the ethical hacker behind the Daily Mail attack said.

The Daily Mail journalists who agreed to be hacked by CyberNews were frightened by the results that, according to those journalists, should be a wake-up call for every reader. You can read their full report here.

So you tried to hack three Daily Mail journalists. What were your expectations – how long did you think it would take, and what data you were looking for? CyberNews asked.

Well, my expectations were to find data from oversharing. 

Initially our goal was to collect the data that had been overshared on social profiles and find patterns from old leaked passwords. 

So you used white hat hacking techniques. How are they different from black hat hacking? And how different could the results have been if you would have used black hat hacking and didn’t have any ethical considerations?

The difference there is that there are communities of criminals that act as one. Together, they offer services and tools to help achieve the same goal – which is profit. 

That’s the main issue with this process, we couldn’t give any information about targets to third parties – for their safety. There are certain services that only do one thing, for example: background checks, sim swapping and so on. So, without access to these things, our options are pretty limited, and we have to do everything alone. 

A scan of The Daily Mail newspaper
The man behind the Daily Mail attack: only the criminal’s imagination is what’s stopping them from doing anything they want

You applied 4 different social engineering techniques. Which one was the most interesting for you? Do you need more than just hacking knowledge for social engineering? Some psychological insights?

Well, I can say that psychological insights definitely help – you can notice how the target is reacting, then act accordingly. 

It is both an interesting and difficult task to call the targets directly because in most cases you only have one chance. Usually, it never goes to plan so you have to be ready to improvise. 

What is special about using social engineering techniques? Did you work at night? 

We tried to call the target in the morning. The reasoning behind this is that the target would be preoccupied and less suspicious about our call. 

What personal data were you able to obtain using the white hat hacking techniques? 

Strictly from oversharing and social media profiles we were able to obtain addresses, dates of birth, phone numbers and even mothers’ maiden names. 

What could a malicious actor do with all this data you managed to obtain? What damage could this do to a person whose data has been obtained? Please be explicit about this.

Well, the thing here is that initially you have to launch a sophisticated, targeted attack against the person knowing this kind of data. Then after that only the criminal’s imagination is what’s stopping them from doing anything they want. 

Even a small amount of oversharing could lead to a huge financial loss. 

You tried to hack three different people. And the results are quite different. Were they easy targets? How might the fact that they knew that something was going on have impacted the result?

We thought accessing this kind of data would be harder as they are publicly exposed people, who would be cautious about their details. Also, we noticed that one of the passwords had been changed quite recently, and the previous password did not work.

This resulted in us not being able to get access to that account. 

It might be easier for people to protect themselves from you because you have ethical considerations. But how can someone protect themselves from those black hat hackers who don’t have any ethical considerations whatsoever?

In this case I have three main tips that could save you from these attacks: the most important is to enable two factor authentication (2FA in short) for all of your accounts! Not just payment, but every single account – especially as every account you have can lead to more information about you online. 

Next, use a reputable password manager, for every one of your passwords.

Another step is to set all your social media profiles as private, and make sure not to overshare information because every single link for a black hat hacker is a good link!

Share1TweetShareShare
Next Post
headset hanging on the microphone

8 best cybersecurity podcasts for 2021

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online
Security

One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online

by CyberNews Team
26 February 2021
4

A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen...

Read more
A blast from the past: the finest retro PCs people use

A blast from the past: the finest retro PCs people use

26 February 2021
How this IMDb flaw gave me credit for working on Chernobyl, GOT, and other gigs

How this IMDb flaw gave me credit for working on Chernobyl, GOT, and other gigs

25 February 2021
Forget Bruce Willis. AI will protect us from killer asteroids instead

Forget Bruce Willis. AI will protect us from killer asteroids instead

24 February 2021
COMb data leak - Mother of all breaches

COMB: largest breach of all time leaked online with 3.2 billion records

12 February 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best web hosting services
  • Tools
    • Password generator
    • Personal data leak checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!