"If even *I* can hack...": the elderly IT novice turned ethical hacker
01 June 2018
Santander’s campaign to raise consumer scamming awareness saw SAS graduate, 86 year old Alec Daniels write and distribute a pretend phishing email, as well as hack into a public Wi-Fi hotspot.
Working with network security expert Marcus Dempsey, Alec used information and guides easily available online and completed both tasks in 16 minutes 40 seconds. These are two of the most common means that fraudsters use to get an individual’s bank account details.
Research by Santander shows that 41 per cent of those surveyed regularly use public Wi-Fi hotspots to access the Internet on their phones and computers to carry out financial transactions, whether it is to check bank balances, make online purchases or manage money transfers. Of those, over 1 in 10 admit to logging on to insecure Wi-Fi networks several times each and every day, increasing their chances of being hacked.
The project follows on from the bank’s Scam Avoidance School (SAS) earlier in the year where around 12,000 people in their over-sixties (including Alec himself) attended free lessons on how to avoid scams.
Alec’s first test: devise and distribute a scam phishing email
Computer novice Alec learned how to write and distribute a mock phishing email in only 13 minutes. He achieved this with minimal input from the expert, instead using instructions freely available via an online search.
The email that Alec wrote claimed to be from the fictitious company MoneySpark, asking recipients for their bank account information and supplying a fraudulent link. Given that phishing emails are so quick and easy to make – again, regardless of technical ability – this certainly helps to account for the 74 per cent who have been targeted this way.
Alec’s second test: hack a public Wi-Fi hotspot
With research from Santander revealing that 36 per cent do not have any concerns about the security of their data when using public Wi-Fi, the bank also wanted to raise awareness of just how effortlessly hackers can compromise these hotspots.
In the controlled experiment, Alec managed to capture and intercept web traffic from a willing participant's laptop while they were connected to an open Wi-Fi network – designed to replicate those found on the high street. Alec, under instruction, set up a rogue access point – frequently used by attackers to activate what is known as a ‘man in the middle’ attack – to begin eavesdropping on traffic. He achieved all of this in in just 3 minutes and 40 seconds.
As Chris Ainsley, head of fraud strategy at Santander UK comments: “Our experiment demonstrates just how easy it is for criminals to send phishing emails and hack Wi-Fi hotspots…
We have seen the devastating results that fraud and scams can have on our customers…
“It’s great to have Alec on board to help out – having talked about scams with thousands of over 60s through our SAS it is good to get him involved to help spread the word.”
Certified ethical hacker Marcus Dempsey adds: “If Alec, with no previous knowledge of how to do this, can write and distribute a convincing phishing email in a matter of minutes, it’s worrying to imagine the potential damage that actual scammers could be doing.”
Contact Details and Archive...