People Are The Key to Every Lock

by Christopher Paul on September 17, 2012

I just got around to reading about Cosmo, one of the hackers who took over Mat Honan's Gmail and iOS accounts – wiping his phone, tablet, and computer after doing so. It's a fantastic read. Good reporting and a nice human angle to the hacker – something Mat does consistently.

And that's the secret. When Cosmo calls a company pretending to be an employee, he doesn't wait for them to ask for details. He tells them all the person's data he has up front. If he knows three pieces of a puzzle and just needs the fourth, he gives them those first without waiting to be asked for them. That way he demonstrates a knowledge of the system, disarming the person on the other end of the line and making them less likely to question his authenticity.

In the end, it was a 15 year old social engineer turned hacker who out smarted the smartest and highlighted the web's biggest security flaws: us. Honan's ‘God Who Fell To Earth' highlights how complex security is. One company might guard against this type of an attack but not all of them. It's also a little scary how many attack vectors there are in a person's life. Just about everyone has an email address, cell phone, and a service that, when compromised, unlocks the door to a world of treasure and hurt.

Previous post:

Next post: