The White Hat Hacker
These days, it is hard to pick up a newspaper or go online and not see a story about a recent data breach. No other example highlights the severity of these types of hacks than the Sony breach late last year.
While a lot of information, including creative materials, financials and even full feature-length movies were released – some of the most hurtful pieces of information were the personal emails of Sony executives. This information was truly personal.
You have a right to privacy, but it’s not going to happen in cyberspace. Want total privacy? Stay offline. Of course, that’s not realistic today. So the next recourse, then, is to be careful with your information and that includes everything from downloading free things and clicking “I agree” without reading what you’re approving, to being aware of whom else is viewing your information.
This takes me to the story of a white hat hacker—a good guy—who posed as a part-time or temporary employee for eight businesses in the U.S.. Note that the businesses were aware and approved this study. His experiment was to hack into sensitive data by blatantly snooping around computers and desks; grabbing piles of documents labeled confidential; and taking photos with his smartphone of sensitive information on computer screens.
The results were that “visual hacking” can occur in less than 15 minutes; it usually goes unnoticed; and if an employee does intervene, it’s not before the hacker has already obtained some information. The 3M Visual Hacking Experiment conducted by the Ponemon Institute shed light on the reality of visual hacking:
- Visual hacking is real: In nearly nine out of ten attempts (88 percent), a white hat hacker was able to visually hack sensitive company information, such as employee access and login credentials, that could potentially put a company at risk for a much larger data breach. On average, five pieces of information were visually hacked per trial.
- Devices are vulnerable: The majority (53%) of information was visually hacked directly off of computer screens
- Visual hacking generally goes unnoticed: In 70 percent of incidences, employees did not stop the white hat hacker, even when a phone was being used to take a picture of data displayed on screen.
From login credentials to company directories to confidential financial figures – data that can be visually hacked is vast and what a hacker can do with that information is even more limitless.
One way to prevent people from handing over the proverbial “keys to the kingdom” through an unwanted visual hack is to get equipped with the right tools, including privacy filters. 3M offers its ePrivacy Filter software, which when paired up with the traditional 3M Privacy Filter, allows you to protect your visual privacy from nearly every angle.
Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.