Skip to main content

The Great Politician Hack

https://business.f-secure.com/the-great-politician-hack/

An on-going investigation into the perils of public Wi-Fi worked with three British politicians to show how insecure public Wi-Fi access points can expose people and businesses to online threats. Businesses need to take note of how these politicians risked their privacy and confidential data so they could use public Wi-Fi hotspots, and ask themselves how many of their employees do the same.
The experiment saw all three politicians leak confidential data while using public Wi-Fi – data that can be used to hack things like email, social media, and even bank accounts. It was conducted on behalf of F-Secure by the Cyber Security Research Institute and Mandalorian – an ethical hacking firm based in the UK.
The politicians, deliberately selected from the most powerful chambers in UK politics, were Rt. Hon. David Davis MP, Mary Honeyball MEP, and Lord Strasburger. The exercise was carried out with the permission of the politicians who, despite holding important positions within the different parliaments, admitted that they had received no formal training or information about the relative ease with which computers can be breached while using public Wi-Fi – a service they all admitted to using regularly.
The techniques used in the experiment were all relatively simple and inexpensive, but all can be effective tools to use against businesses that fail to prepare their employees for the security risks of working on the go. You can read the full report here, but here’s a few key takeaways that IT administrators should keep in mind regarding the security practices being used by their businesses.
#1: Employees Rely on Public Wi-Fi for Work
Honeyball, who sits on the committee responsible for the EU’s We Love Wi-Fi campaign, said she was “surprised and shocked” when Mandalorian’s Steve Lord revealed that her Facebook account had been compromised. It was particularly disconcerting given her dependency on using public Wi-Fi.
“I’ve used Wi-Fi all over Europe, so this is very worrying indeed. I need to use it in my work because I travel around a lot. I find it very worrying indeed. I don’t know how I could do my job properly without access to public Wi-Fi.”
Many modern businesses have tools and resources that allow employees to work effectively while out of the office. It’s great for people to be able to send emails or login to company networks while sitting in cafes or hotels, but this benefit shouldn’t expose companies to potential data breaches. Businesses need to appreciate the potential security implications of fostering a mobile workforce that’s dependent on public Wi-Fi access.
#2: Employees May Not Understand Online Threats
Honeyball used an iPad during the experiment that was given to her a few days before by the EU’s technology officers. While the officers had informed her about the importance of using secure passwords, they did not go beyond that or tell her about other potential security issues.
Approximately half of the businesses surveyed in a recent study from PricewaterhouseCoopers did not offer employees any kind of cybersecurity awareness training – making employee training the least common safeguard used by businesses. This figure seems to echo Honeyball’s concern that she was uninformed about the security implications of her work habits.
Intuitively speaking, it seems illogical to assume that non-IT personnel are well informed about the security risks they may be taking as part of their everyday work routines. And as the experiment demonstrated, one such security risk would be relying on public Wi-Fi.
#3: Employees Aren’t Necessarily Proactive about Security
F-Secure’s own research suggests that many people don’t use the security tools available to them. In a survey conducted in the US, only 23% of respondents said they have used a VPN to connect to the Internet. According to F-Secure Security Advisor Sean Sullivan, VPNs are an easy way for people to secure their data when using public Wi-Fi networks, making their relatively low use an indication that people aren’t necessarily proactive about securing their data.
Lord Strasburger, who had a VoIP call monitored and recorded during the experiment, felt that people’s lack of awareness needs to be addressed to prevent confidential data from being leaked.
“I think it proves that people, when they are using technology, need to know a lot more about it, because in the end they have to look after themselves, because it really is down to you, or me, no-one else is going to do it.”
Many people are either uninformed about their IT security, or lack the technical background to really understand the online risks they take on a daily basis. So companies need to be proactive and help them manage these risks to keep the company safe. An effective mobile fleet management solution can help companies secure fleets of company or employee owned mobile devices, and thwart many of the techniques used to hack the politicians during the experiment.
Businesses that want to empower their workforce to embrace mobility should keep the experiences of these politicians in mind, and consider the fact that their employees are faced with similar security risks every single day.

Comments

Popular posts from this blog

The Difference Between LEGO MINDSTORMS EV3 Home Edition (#31313) and LEGO MINDSTORMS Education EV3 (#45544)

http://robotsquare.com/2013/11/25/difference-between-ev3-home-edition-and-education-ev3/ This article covers the difference between the LEGO MINDSTORMS EV3 Home Edition and LEGO MINDSTORMS Education EV3 products. Other articles in the ‘difference between’ series: * The difference and compatibility between EV3 and NXT ( link ) * The difference between NXT Home Edition and NXT Education products ( link ) One robotics platform, two targets The LEGO MINDSTORMS EV3 robotics platform has been developed for two different target audiences. We have home users (children and hobbyists) and educational users (students and teachers). LEGO has designed a base set for each group, as well as several add on sets. There isn’t a clear line between home users and educational users, though. It’s fine to use the Education set at home, and it’s fine to use the Home Edition set at school. This article aims to clarify the differences between the two product lines so you can decide which

Let’s ban PowerPoint in lectures – it makes students more stupid and professors more boring

https://theconversation.com/lets-ban-powerpoint-in-lectures-it-makes-students-more-stupid-and-professors-more-boring-36183 Reading bullet points off a screen doesn't teach anyone anything. Author Bent Meier Sørensen Professor in Philosophy and Business at Copenhagen Business School Disclosure Statement Bent Meier Sørensen does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations. The Conversation is funded by CSIRO, Melbourne, Monash, RMIT, UTS, UWA, ACU, ANU, ASB, Baker IDI, Canberra, CDU, Curtin, Deakin, ECU, Flinders, Griffith, the Harry Perkins Institute, JCU, La Trobe, Massey, Murdoch, Newcastle, UQ, QUT, SAHMRI, Swinburne, Sydney, UNDA, UNE, UniSA, UNSW, USC, USQ, UTAS, UWS, VU and Wollongong.

Building a portable GSM BTS using the Nuand bladeRF, Raspberry Pi and YateBTS (The Definitive and Step by Step Guide)

https://blog.strcpy.info/2016/04/21/building-a-portable-gsm-bts-using-bladerf-raspberry-and-yatebts-the-definitive-guide/ Building a portable GSM BTS using the Nuand bladeRF, Raspberry Pi and YateBTS (The Definitive and Step by Step Guide) I was always amazed when I read articles published by some hackers related to GSM technology. H owever , playing with GSM technologies was not cheap until the arrival of Software Defined Radios (SDRs), besides not being something easy to be implemented. A fter reading various articles related to GSM BTS, I noticed that there were a lot of inconsistent and or incomplete information related to the topic. From this, I decided to write this article, detailing and describing step by step the building process of a portable and operational GSM BTS. Before starting with the “hands on”, I would like to thank all the pioneering Hackers and Researchers who started the studies related to previously closed GSM technology. In particul