Gleaning confidential info from some unsuspecting train-riders
Written in a railway station coffee shop somewhere in the UK and transmitted to silicon.com via a commercial wi-fi node within the hour.
A few hours ago I boarded a train at a major UK hub at 16.00 on a working day. The car rapidly filled with people - among them an older man and two young ladies, who were obviously excited and voluble.
As I read my magazine I couldn't help but overhear that they had just been to a lively and controversial meeting. Some people had been rude and objectionable, while others had been constructive and positive.
Just for fun I decided to operate in 'vacuum cleaner mode' and record information as the journey progressed. Soon I had a list of their colleagues' names, departments and organisations.
I was then able to record from their three identical laptops the department, serial, asset, and purchase order numbers - which were displayed on big black-and-white printed labels in the same place on every lid. I was even able to glean the login name and password of the young lady on my right - just by glancing at her screen and watching her keystrokes.
The conversation continued (loudly!) and I continued to record more information. From the young lady to my right, who continued to show me her screen and placed her paperwork between us, I recorded the following details:
- The names and duty codes of all three people
- Their department details and office address
- All three email and snail mail addresses, and phone numbers
- A list of all names and departments represented at the meeting
- The time, place and agenda of the meeting
- Specific briefing/query/detail notes as they were emailed out
- The IT support contact's name, email and phone number
- The name and details of a confidential project which was not meant to be discussed in public
- Ideas and thoughts on a pending follow-up meeting and strategy
By this time my hand was getting tired and my brain was hurting. So I did a visual and electronic scan of their hardware to see what that offered.
They all had identical security dongles and all three were online using 3G...