MANILA, PHILIPPINES — When you do something on the Internet, assume that you’ve already been hacked. So don’t write stupid things or take stupid pictures.
This is the advice of Saket Modi, the cofounder and CEO of IT risk assessment and digital security services provider Lucideus, when he spoke at the recent Forbes Under 30 Summit Asia held in Manila.
At the event, he did a live demonstration of a hack into a smartphone and a laptop — the two gadgets that most people’s personal and professional lives revolve around.
First, he was able to enter his MacBook by bypassing the log-in process, restarting the computer, and resetting the password.
Then he looked for a volunteer who was willing to have his phone hacked and his data shown on the screen to the audience.
A man handed Modi his Android phone, which Modi used for less than 20 seconds. He gave the phone back to the man, and went to a website Lucideus had created, which was flashed on the screen.
The device was already registered there. Modi was able to quickly show the audience – with the man’s permission, of course – the latter’s call logs, text messages, and contacts, to the audience’s shock.
When Modi jokingly asked the man if he could show the latter’s browser history, the audience laughed, and the man declined.
Modi then went on to locate the smartphone’s location, which showed that indeed it was in the vicinity of the Solaire Hotel and Casino, where the event was held.
As the pièce de résistance, Modi clicked a button and the computer began to play an audio file of Modi’s earlier speech. The website had been recording through the man’s phone the entire time.
The audience cheered and applauded.
“He can be in a boardroom. He can be in the bedroom,” Modi said. “This is a potential real threat.”
He could even reset the password to the man’s e-mail account, as it was linked to the phone. And this meant that Modi could also possibly access the man’s Facebook and Instagram accounts, and even his banking details.
“My objective is not to scare you, but to tell you that in the world of connectivity today, there are only two types of people in the planet: one who know that they’ve been hacked, and the other who do not know that they’ve been hacked,” Modi said.
He recalled how last year, Yahoo! had disclosed that one billion accounts had been hacked. When Modi had asked people if they had changed their password yet, most of them thought they were not affected by the hack at all.
But hacking was becoming more and more sophisticated.
According to a report by machine learning company Darktrace, a high-tech fish tank inside a North American casino had been hacked. The fish tank had “advanced sensors that automatically regulate temperature, salinity, and feeding schedules.”
“The data was being transferred to a device in Finland where an attacker had managed to gain control over the tank,” the report stated.
“That is where hacks are today. I’m not even talking about the future,” Modi said.
Hacks were even becoming state-sponsored, with billions of dollars being spent on offensive and defensive security.
“You’re talking about a complete shift from the image of hackers to such professionals deployed by the government,” Modi said.
He continued, “Hackers are getting into computers not to steal your files… but he will use your computer as a botnet. Your computer will be in his command or his control, and he can activate your computer. It’s like a sleeper cell terrorist, that you can be activated any time they can think of, and you can be used to attack something else.”
As for trends in ransomware, Modi said, “The question is no longer about, ‘Pay me ransom, or else I will delete your data.’ I’m sure that’s the conventional understanding of ransomware. It’s going to a point where, ‘If you don’t pay me the ransom, I will not only leak your private pictures, but I will Photoshop your naked pictures and put it inside this group of pictures that you have…”
So how can people protect themselves?
“When you do something on the Internet, when you do something on your laptop, assume that it’s already hacked,” Modi said. “So the moment you do that, you actually start not writing stupid things or taking not so intelligent pictures on your phone, and sending them over Snapchat to somebody.”
“So assume everything’s hackable.”