Security Between the Lines: The Human Element

Did you upload a photo? Make that post? Check-in? Tag a friend? Hashtag something? Swipe? Connect, friend or follow?

Of course you did. You're here. You're reading this, and some of you might even "like this." It's no secret this sort of data is bought, sold and tracked at any given moment in time. As a former intelligence analyst, these areas were venerable gold mines for sourcing data on people and organisations. However, what many fail to understand is just how accessible this information is to everyone else, and how that information can be used. While those photos, posts and likes may seem like harmless bits of ones and zeros saved for only your inner circles to see, in the wrong hands open-source data can be incredibly destructive to not only yourself, but those you're connected to.

Many carry the attitude of not having anything to hide. Whilst that may be true from a legal perspective, I would argue those people unnecessarily expose themselves and those in their network, to outside threats. Let's dive into how with an experiment I ran with a close friend of mine recently:

My friend (let's call her "Jill") only has an Instagram account. Jill's very careful not to post any personally identifiable information, but she does have a public account (like many others) and doesn't personally know all of her followers. I explained to Jill that I could probably find an exploit in her Instagram she wasn't aware of, and so began the experiment. She met a friend while at a concert in Las Vegas, and they took a photo together she posted on Instagram. Her new friend, (let's call her "Amy") simply commented on the photo, but it was enough to get me started. Her Instagram was also public, and her photos and information of her account led me to her Facebook and other media. Within 15 minutes, I had collected the following on Amy:

• Amy's full name
• Amy's birth date
• Where Amy works
• Where Amy goes to the gym (and how often)
• What movies she's seen (since 2009)
• Her family members, ages, relation.
• What her favorite drink was (and surprisingly what her least favorite drink was too)
• Where she frequents on the weekends
• The kind of music Amy enjoys
• Her relationship history
• Her political affiliations
• What music festivals she's attending over the next four months (and who with.)
• And many more details!

All of this, collected based on Jill's post, and Amy's comment. I knew more about Amy in 15 minutes than Jill knew over the entire weekend they spent together. This information could be used for everything from phishing to terrorism. The sheer amount of data we put out into the world about our personal lives is startling (for more information, read this article from The Guardian: "I asked Tinder for my data. It sent me 800 pages of my deepest, darkest secrets") Individuals aren't the only ones at risk here; organisations are just as susceptible. Whilst most organisations focus their efforts on physical and cyber security, they fail to see the threats from within: the human element. The annual costs of corporate espionage are measured in the billions world-wide across a diverse range of industries. Modern day exploitation requires more complexity and human involvement than simply hacking into a mainframe or breaking into a business. People are often the weakest elements of any organisation, more accessible and just as vulnerable to exploitation as a poor password or a bad lock.

Decoding people, and their network is the first step in mounting a proper defense against corporate espionage. If you or your organisation aren't thinking about this, or would like to know more, it's time to reach out to us at Atarangi Labs

About the Author

Trevor Kincy is a subject matter expert on human security and intelligence, a startup veteran, growth marketer, community-building guru, and more importantly one hell of a pillow fort engineer.

Follow him on Twitter, LinkedIn and Medium!

More from Trevor...

Jurassic Park: A Lesson in Corporate Security
6 Ways Startup Founders Are Going to Crush It In 2018