Hacks are increasing but the hackers are not necessarily getting more sophisticated. What do Twitter, Twilio, and Uber all have in common? They were all hacked by, in part, a conversation. In all three cases, the hack was helped along by social engineering. Someone contacted an employee of the company and tricked them into giving up the keys to the company. It doesn’t matter how fancy your 2FA system is if an employee is just gonna give up their SMS codes to some rando on the phone.
But worry not. There are ways to protect yourself and your company against such attacks. With me today to work through it all is Rachel Tobac. Tobac is a hacker and the CEO of SocialProof Security, a company that aims to get your organization politely paranoid.
She also, coincidentally, just published a really amazing video that dramatizes a lot about what we’re going to talk about today. You can find it on Twitter @racheltobac.
Stories discussed in this episode:
The Uber Hack Shows Push Notification 2FA Has a Downside: It’s Too Annoying
How a Third-Party SMS Service Was Used to Take Over Signal Accounts
Hackers Convinced Twitter Employee to Help Them Hijack Accounts
We’re recording CYBER live on Twitch. Watch live during the week. Follow us there to get alerts when we go live. We take questions from the audience and yours might just end up on the show.
Subscribe to CYBER on Apple Podcasts or wherever you listen to your podcasts.
Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.
Hosted on Acast. See acast.com/privacy for more information.