WHAT’S WRONG WITH THAT LIGHT BULB?

1

Hi all and a happy new year.

I spent most of my Christmas holidays playing two new games, namely Watch Dogs: Legion and Cyberpunk 2077. They both seem to have a distinctive theme.

While Cyberpunk 2077 is set in the future it does have similar hacking mechanics as does Watch Dogs: Legion (which in turn is set at “five minutes from now”). Both of the games rely heavily on using hacked security cameras to scope out whatever is going on in a classified building and the best results come from stealthily stealing data.

It’s all good fun and a bit fantastical, right? The smart phones we have clearly do not work like magic wands and we can’t hack inside every government facility.

However, as the year changed we saw the invasion of the Capitol and pretty much after that I saw this tweet:

“My heart goes out to the unsung IT heroes at the Capitol tonight. My guess is they’ve never had to run asset inventory IR before – a daunting, stressful task in a tabletop exercise – and they’re running one (prob w/o a playbook) following a full on assault of the Capitol.”

– @mzbat

Riiiiight. All of a sudden they had a messy situation inside so anyone who had even an inkling of stealth could have marched to one of the unlocked computers and stick in a thumb drive that could send a worm into the system. Or switch one of the light bulbs into a hacked one. Or anything.

We do live in a Black Mirror society nowadays. The amount of things that have to be assumed compromised is simply staggering. It’s implausible that we can hack huge drones with our smartphones and just ride them to steal data from the network from afar. It is a fact that if someone can get a physical access to a computer they can get in. Let’s not forget how Edward Snowden managed to smuggle data out.

Years back I heard a story about the legendary hacker Kevin Mitnick. I’m not sure if it is true but let’s entertain the thought anyway.

Mitnick had boasted to a bank that he would infiltrate their systems at a certain time on a certain day. The IT security in the bank locked out any external use during that time and thought they had beaten Mitnick. At the specific time Mitnick called them and told them he was in their system.

But what did he actually do?

He appeared in overalls carrying a ladder into the reception area of the bank and told that he was alerted to fix the light bulb in a manager’s room. He was let in there and having physical access to the manager’s desktop computer he got in easily.

So the lesson to be learned here is that while there might be funny masks and loud noises that draw our attention there might be something inconspicuous happening in the background.

And as tech people this is a risk we must always be aware of.

Have a safe year, everyone.

Tuomas Peurakoski

About

Tuomas Peurakoski is Managing Consultant who has been working for Sogeti since 2013. His main interests are human psychology interacting with technological advancements and trying to figure out why he sees the world like he does. He has worked in many different fields in technology doing consulting, automation and QA. He is also the Finnish representative of Sogeti’s Global Automation Network and leads the Automation and DevOps in Sogeti Finland.

More on Tuomas Peurakoski.

Related Posts

Your email address will not be published. Required fields are marked *