Reading this - http://www.techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/, reminded me of Kevin Mitnick and Social Engineering.

I watched the movie Takedown(2000), based on the book written by Tsutomu_Shimomura on how Kevin Mitnick was caught. That's all irrelevant. What's more important is - 'How vulnerable people are?". All your passwords float around waiting for someone to read the pattern.



Each and everything is a pattern, it eventually boils down to how one interprets them.

For example : (something similar to what I had done ;) )


There's always the meta-data of every person that always creates the passwords -

  • birth-date, month and year
  • birthplace
  • college
  • AIEEE/state entrance rank
  • father/mother/sister/brother's name or name typed in reverse
  • pet's name
  • mobile no/house no
This is not an exhaustive list, everyone again has a finite list from where the meta-data for passwords comes from.

There are some people who are so madly in love with each other and so committed that they exchange their 'meta-data' of passwords, and sometimes the passwords itself. ;)

Some phases in college life are so burdensome that a lady decides to put down all her passwords for online applications in file and in a folder will all her data on the universities. Then she shares the folder with her friends so that they too can benefit from her research on universities, rankings etc.

Most of us in our campus hostels had a network scanner which listed out all the shared folders from where we got our weekly share of new movies, songs, videos etc... Bored souls like me used to go through every folder shared on every computer and occasionally look for information that might lead to passwords ;)

And, I come across this particular file. This file filled the blanks with the patterns I had to use with all the meta-data I knew of her. She was clever enough not to use the same passwords for her mail accounts. But again, they are all of the same pattern.

Q. Why did I have data on her?
A. For the obvious reasons :P

The first account - GMail came apart and the mails, chats, conversations, photos, videos, attachments and the most embarrassing things - everything flowed out . Bless the Google team, they just aggregated all your life into a single place.

And there were the clues errr.. the exact pathways to rest of the accounts, including that of her intimate friends, grades, college mail etc...
You can amazed how much a web search history of a person can reveal about the personality and life.

[ I was so into revenge and grins all over my face. It was a gold mine,a diamond jackpot. I didn't think about the feelings, embarrassment, sentiments etc... my bad!]

The timing to login into the accounts had to coincide with her absence and automatic sign-in of GTalk had to be taken care at every login, and the mailbox state had to be restored back, as it was when it was I logged in. I maintained of log, what I had read and what I have to read.

Slowly, my conscience took over and I had to break the break-in news to her. And then followed the threats to eliminate me from the face from earth and blah n blah n blah...

The whole thing of being ethical or unethical takes a backseat when your judgement is impaired by heavy dark clouds of emotion, past and revenge. To me it was a achievement, something that opened doors to a dark room with secrets.

The 'forgot password' functionality for most of the sites is not foolproof. Access to a vulnerable site leads the hacker to rest of your accounts.





Google has created an awesome framework to store your life.
If I could do it, what Google can do with all the data by itself ?
Are you willing to entrust your life's parallel backup with a company/institution solely because you trust their privacy policies and disclaimers.


PS: And if you are thinking about the complex 12-30 digit or more digits randomly generated passwords, but that's like 1 in a 1000 people who have an online presence. Rest of the 999 people are still vulnerable. Oh! yeah if you are important enough, there are people with supercomputers who can break into your account.

0 Comments:

Post a Comment