{"id":10373,"date":"2015-10-27T10:40:38","date_gmt":"2015-10-27T14:40:38","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=10373"},"modified":"2020-02-26T11:03:42","modified_gmt":"2020-02-26T16:03:42","slug":"mission-hacking-grandma","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/mission-hacking-grandma\/10373\/","title":{"rendered":"Mission: Hacking Grandma. Level: piece of cake"},"content":{"rendered":"<p>Many would think that the root of all the cyber-evil is tech itself, and once you say no to fancy smart devices, all those spooky cyber-threats should go away. If you don\u2019t have a smart fridge, a smart washing machine that connected over Wi-Fi (or wireless switches and controls) then you should also be safe. As it turns out, everyone has something hackable.<\/p>\n<p>Mrs. Patsy Walsh, a good elderly American woman, consented to take part of an experiment and allowed two good-willed hackers \u2014Reed Loden (Director of Security) and Michiel\u00a0Prins (co-founder) of HackerOne \u2014 to hack something of hers. Walsh had noted that, she had nothing to hack whatsoever! The researchers also invited <a href=\"http:\/\/bits.blogs.nytimes.com\/2015\/10\/14\/hackers-prove-they-can-pwn-the-lives-of-those-not-hyperconnected\/?_r=2\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">New York Times reporters<\/a> to chronicle this test.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2015\/10\/06023847\/grandma-hacked-FB1.jpg\"><img decoding=\"async\" class=\"aligncenter wp-image-10375 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2015\/10\/06023847\/grandma-hacked-FB1.jpg\" alt=\"Mission: Hacking Grandma\" width=\"1600\" height=\"1600\"><\/a><\/p>\n<p>Patsy Walsh can be considered what we call an \u2018Advanced Grandma:\u2019 she has six grandchildren, a laptop, a Facebook profile to keep in touch with her friends and family, satellite TV, and a car. As you might notice, contrary to her initial assessment, she has plenty of things to hack!<\/p>\n<p>First, the hackers prepared the foundation. They visited Mrs. Walsh\u2019s Facebook pages and found out that she recently signed a petition on <a href=\"http:\/\/change.org\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">change.org<\/a>. The researchers spent 10 minutes to compile a faux email to Patsy on behalf of change.org asking her to sign another petition about land ownership in Marin County, CA, where she happened to live.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How easy was it for hackers to \u2018pwn\u2019 a grandmother of six? Very. <a href=\"http:\/\/t.co\/gwAp7FUg5v\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/gwAp7FUg5v<\/a> <a href=\"http:\/\/t.co\/LVXzrm65On\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/LVXzrm65On<\/a><\/p>\n<p>\u2014 NYTimes Tech (@nytimestech) <a href=\"https:\/\/twitter.com\/nytimestech\/status\/654778859204677632?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 15, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The \u201cAdvanced Grandma\u201d could not stand pat and, predictably, signed the petition. However, the link in the email she got directed her to a <a href=\"https:\/\/www.kaspersky.com\/blog\/how-to-avoid-phishing\/6145\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">phishing website<\/a> instead of change.org. This is how the hackers managed to obtain Mrs. Walsh\u2019s password which she later acknowledged to be using on different services.<\/p>\n<p>So as it turns out, one fake email was enough to fully compromise Patsy Walsh\u2019s digital life \u2014 imagine what could have happened if it were a real hacker attack and not white hats conducting research. Culprits could have used Patsy\u2019s data for any rogue activities.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">There are 40 tabs open here. My grandma is clearly v tech savvy. <a href=\"http:\/\/t.co\/jlzW8LhMei\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/jlzW8LhMei<\/a><\/p>\n<p>\u2014 ris (@marisanjones98) <a href=\"https:\/\/twitter.com\/marisanjones98\/status\/654469954822098944?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 15, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>After that, the HackerOne team visited Mrs. Walsh\u2019s house. One and a half hours were enough to brute-force a simple digital lock on the garage door. Then they then spent a bit more time to hack into her DirecTV satellite television \u2014 the two hackers could not resist subscribing Mrs. Walsh to a selection of adult channels.<\/p>\n<p>Then the researchers got a hold of her laptop. Walsh had all of her passwords written on a post-it note attached to her home router, so the process of hacking took almost no time. Having infiltrated the laptop, the hackers obtained Mrs. Walsh\u2019s personal information, including her social security number, PayPal password, a frequent flier profile to one of the airlines, and her insurance plan. They even managed to get their hands on her Power of Attorney letter.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Me: ''Today is last date to pay my mobile bill.. Arggh''<br>My 67yr GrandMa: ''Just PayTM it'' <a href=\"https:\/\/twitter.com\/vijayshekhar?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@vijayshekhar<\/a> <a href=\"https:\/\/twitter.com\/Paytm?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@Paytm<\/a> Tech breaks Age-barrier<\/p>\n<p>\u2014 Chaitaanya Pravin (@Hungry_Chai) <a href=\"https:\/\/twitter.com\/Hungry_Chai\/status\/657535195185213441?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 23, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The white hats also found out that they were not the first to ever set foot into Mrs. Walsh\u2019s digital world. Her laptop was infested by a couple dozen of malicious programs, including some that install other malware, track browser history, seed malicious advertising and the likes. A weakly protected laptop belonging to a person with low level of digital literacy is bound to become a desirable target for attackers.<\/p>\n<p>Mrs. Walsh even benefited from this hacking experiment: first, she got a heads-up on the basics of cyber-security, as well as a proof she needed a new garage lock and had to use unique and more sophisticated passwords for numerous web services.<\/p>\n<p>Second, the hackers promised to drop by some time around Thanksgiving and purge Mrs. Walsh\u2019s laptop from all the malware it contained. All in all, this real-life example demonstrates how easy it could be to compromise the entire digital life of a person that is not cyber-savvy, even if this person thinks they have nothing hackable.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Mission: Hacking #Grandma. Level: piece of cake. #tech #hackers #Internet<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fe2Un&amp;text=Mission%3A+Hacking+%23Grandma.+Level%3A+piece+of+cake.+%23tech+%23hackers+%23Internet+\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>Eventually, we are surrounded by a mass of potentially hackable objects. We all use PCs and most of us are very attached to their smartphones. Many also have routers, smart watches, gaming consoles and smart TVs, which are all likely targets for cybercriminals.<\/p>\n<p>Many of these things are perceived as something not prone to being hacked, but, historically, they enjoy a far lower level of protection than PCs \u2014 take that garage lock, for instance. A car with an integrated satnav system which is capable of downloading real-time traffic data? <a href=\"https:\/\/www.kaspersky.com\/blog\/remote-car-hack\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Hackable<\/a>. A car without a satnav system but equipped with a proximity keychain to unlock a door? <a href=\"http:\/\/www.techlicious.com\/blog\/toyota-prius-smart-key-hacking-remote-keyless-entry-thief\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Even more hackable<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/BlackHat?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#BlackHat<\/a> 2015: The full story of how that Jeep was hacked <a href=\"https:\/\/t.co\/y0d6k8UE4n\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/y0d6k8UE4n<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/bhUSA?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#bhUSA<\/a> <a href=\"http:\/\/t.co\/SWulPz4Et7\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/SWulPz4Et7<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/629651596876644352?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 7, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Moreover, in order to be hacked you don\u2019t actually have to possess a digital device. A load of digital data on any person is stored in databases at various government or commercial premises \u2013hospitals, local municipalities, airlines, banks, shops, insurance companies and the likes.<\/p>\n<p>This data is also potentially hackable \u2014 in this case the consequences could be utterly fascinating. For example, recent case proved that in some Western countries a culprit is capable of <a href=\"https:\/\/www.kaspersky.com\/blog\/how-to-kill-all-humans\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">including a person into the \u2018Deceased\u2019 database<\/a> without even hacking anything \u2014 and a victim might have a hard time <a href=\"http:\/\/www.nytimes.com\/2013\/10\/12\/us\/declared-legally-dead-as-he-sat-before-the-judge.html?_r=1\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">proving the opposite<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How to kill a human with a keyboard <a href=\"https:\/\/t.co\/Mg6yBJxHRz\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Mg6yBJxHRz<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/defcon?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#defcon<\/a> <a href=\"http:\/\/t.co\/F3VRae185m\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/F3VRae185m<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/630717675229065216?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 10, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>You cannot be completely safe from all of these threats \u2014 just as you cannot be completely sure that the boat you are sailing won\u2019t drown for some reason. But if you check the weather forecast before going out, master at least basic sailing skills, and wear a safety vest \u2014 the threat would be minimized and you\u2019d have a great time.<\/p>\n<p>The same applied to cyber-security issues. You have to know how your data could be compromised and do your best to avoid it. Use <a href=\"https:\/\/www.kaspersky.com\/advert\/multi-device-security?redef=1&amp;THRU&amp;reseller=gl_KDpost_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___\" target=\"_blank\" rel=\"noopener nofollow\">robust security software<\/a> and, of course, don\u2019t store your password written down on a post-it note and attached to a router.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Do you think that you have nothing to hack whatsoever? Bad news, guys: everyone has something hackable! <\/p>\n","protected":false},"author":675,"featured_media":10376,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[],"class_list":{"0":"post-10373","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/mission-hacking-grandma\/10373\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/mission-hacking-grandma\/6199\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/mission-hacking-grandma\/6396\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/mission-hacking-grandma\/6329\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/mission-hacking-grandma\/7130\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/mission-hacking-grandma\/6816\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/mission-hacking-grandma\/9484\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/mission-hacking-grandma\/5767\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/mission-hacking-grandma\/6326\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/mission-hacking-grandma\/9353\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/mission-hacking-grandma\/9484\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/mission-hacking-grandma\/10373\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/mission-hacking-grandma\/10373\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/iot\/","name":"IoT"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/675"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=10373"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10373\/revisions"}],"predecessor-version":[{"id":33586,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/10373\/revisions\/33586"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/10376"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=10373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=10373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=10373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}