The British security professionals at the cyber security event shows how easily anyone’s digital identity can be rolled and even used freely with tools available. The Finnish Prime Minister was selected as the target.
The cyber security event introduced how easily even the private information of Prime Minister Petteri Orpo’s LinkedIn profile was excavated.
Ben Owen and Danni Brooke broke the prime minister Petteri Orpo Somitil to show how easily cyber security risks can be realized even with people at the top of politics.
For a long time, Owen served as a sniper and scout in the British Army before setting up a Cyber threat to the Osint Group. Brooke, on the other hand, is a police officer.
-First we found the Prime Minister’s LinkedIn profile. The safety team has certainly told him that all the information is removed from the link, Owen said, referring to Orpo’s very simplistic social profile.
“However, we had a completely publicly available tool called Rocketreach, and we used it,” he continued.
The Education Organizer Profession says in his announcementthat, for digging, it was only necessary to feed Orpo’s social profile into the tool.
-Now we have the Prime Minister’s phone number and personal Gmail address. Hackers love personal email addresses because they allow people to dig out all kinds of their habits and behavior.
Contact information was not distributed to the public at the event, but were naturally censored.
– I remind you that we haven’t done anything illegal so far. All of this is information available with publicly available tools.
Don’t leave hanging
With the help of the phone number, the duo also managed to find a WhatsApp account, which seemed to be disabled. However, it was online. They also noticed that the Instagram mobile app shows Orpo’s profile email and phone number.
Owen emphasized how important it is to remove the accounts of unused online services completely and not just leave them hanging.
– Hackers are looking for, using a bad language, branches that they get deeper into human life. So all unnecessary branches should be pruned. If the Prime Minister had removed his LinkedIn account, we would have had a little more time.
Enable two -step authentication
Next, the duo started looking for passwords to be connected to the data. They can be found, for example, in member and customer databases that are subject to hackers.
The bulletin states that they have used a “pretty expensive” tool to dig into passwords. However, even inexpensive is available, and at their lowest, they cost a couple of a month according to Owen.
-We covered these passwords here, but to be frankly, if the Prime Minister has no two-step authentication, we can now log in to his LinkedIn account and start pretending to be him. We could post something unfavorable or communicate to different people in his network.
In addition, Owen and Brooke found about 800 fractured E-mail address with passwords on the parliament.fi terminals.
– It took four steps to all, and it took half an hour. Now we could start exploring each of these separately.
Looking at a twilight web trime may be a mistake
According to Owen, almost everyone has collapsed into a clear mockery that can endanger their own digital identity. Owen said he had done so himself.
-Has any of you uploaded a vague video or watched streaming a football match that should not have been watched? They are just the content that comes with the “biscuits” that bring in problems.
The purpose of Owen and Brooke was not to fan their skills, but to show how easy it is to utilize the digital identity for the wrong purposes at the moment.
– Of course we were in contact with the Prime Minister’s headquarters and told about our discoveries. At least no one has been in touch with us, Brooke said.