There’s hacking, and then there’s hacking. Egypt’s coast guard discovered this when it stumbled on a fishing boat off the coast of Alexandria. This was no mere commercial boat — apparently, it was equipped with divers who were attempting to slice through an underwater Internet cable below the Mediterranean.
It’s unclear whether this was politically motivated, garden-variety illegal activity or something else. Rgardless, it’s a good reminder for telecoms and tech companies everywhere that security breaches can happen anywhere, at anytime, and in all manner of ways.
Companies like PhishMe, Trustwave Holdings and Digital Defense know that all too well. These ethical hackers are in the business of securing the gaping vulnerability that affects all companies and government branches — human behavior. Clients hire these consultants to test their employees by pranking them with everything from fake phishing attacks to unauthorized physical entries. (This isn’t all that different from home security consultants breaking into a client’s house to demonstrate its weaknesses and access points.)
The set-ups run the gamut: One day, it’s an email with a cute kitty that entices recipients to click links, another day it’s an email seemingly from the CEO, with a strange file attached. But it’s not all digital. The hired attackers may also load up USB drives and “accidentally” leave them in bathrooms, parking lots or other locations nearby. The draw? The thumb drives irresistibly boast the client’s name on them, a competitor’s logo or even stickers that say “confidential.”
And of course, there’s the lowest-tech tactic of all — physical security breaches. Ryan Jones of Trustwave Holdings even has a closet full of costumes that help him con his way into secure locations like data centers, warehouses, executive offices and other spaces. Sometimes a deliveryman or fire marshal get-up is enough to gain access. Other times, he has to pull out the big guns — a pair of crutches. Amazing how many people will unlock doors out of sympathy. Once inside, it’s child’s play for him to bug conference rooms and other areas.
Bold new technological era, meet old-school tactics. The industry may be hyper-focused on black-hat digital hacking and cybersecurity, but there’s little doubt that real-world baits, con games and undersea cable-cutting can still do the job rather effectively.