Positive Security News - Edition 5 *bonus
This week we will take a slightly different approach to positive cyber security news. For several months now, I’ve been looking for an opportunity to discuss a cyber security story which happened here in Barcelona some months ago.
Put your feet in the shoes of a typical small business owner in a huge city. A business owner who heavily relies on social media and in particular, Instagram to make things happen. In the world we live in, social media can be the focal point of a business. It's how we identify and engage with clients, how we advertise and sell products or services. With no physical presence, a small business without social media is like a corner-shop without the store’s window and door.
Consider then, that this small business relied on food deliveries during the pandemic as their income source. The Instagram page encouraged followers to click on a link to the website and order yummy and healthy lunches. One normal sunny morning, this business owner woke from a siesta to see their business Instagram account hacked. They could no longer log into the business Instagram account. Just like that, the business has lost it’s door and window for new clients.
The details are unknown, but it seems likely their Instagram account suffered a brute force/credential stuffing attack whereby hackers find email addresses and password combinations from previous data breaches and attempt to login to different websites, such as Instagram. The hackers then either sell that access onto other criminals, or try to leverage it themselves by demanding ransoms.
Well, this business owner was rather innovative, let's say. Instead of giving up the account or paying the ransom, they engaged a friend to help out. This friend was rather privileged when it comes to social skills, and, rather than blasting the hacker for their unethical career or negotiating the ransom payment, started a simple conversation.
The simple conversation turned into the basis of a friendship. Not only did the hacker return the business’ Instagram account without request, but they even invited this friend to hit them up if they ever visit Iraq, with the friend offering the same hospitality in Barcelona.
Clearly this is not only a positive story. There are countless examples of similar cyber crime events constantly occurring to businesses worldwide. The beauty of the story lives within the human side of cyber crime and the raw human beings themselves. By only trying to communicate with these ‘hackers’, perhaps misguided and without equally fruitful opportunities as cyber crime, one can build a relationship to resolve problems and give social interaction that one perhaps craves and doesn’t get elsewhere.
There is an abundance of cyber security advice online. There is even an abundance of advice on responding to ransom or extortion attempts. I bet £1 there isn’t a single piece of advice which recommends building a positive human relationship with the hacker.
More positivity next time!