Peter Cochrane's Blog: Security trap shows people are weakest link

Gleaning confidential info from some unsuspecting train-riders

Written in a railway station coffee shop somewhere in the UK and transmitted to via a commercial wi-fi node within the hour.

A few hours ago I boarded a train at a major UK hub at 16.00 on a working day. The car rapidly filled with people - among them an older man and two young ladies, who were obviously excited and voluble.

As I read my magazine I couldn't help but overhear that they had just been to a lively and controversial meeting. Some people had been rude and objectionable, while others had been constructive and positive.

Just for fun I decided to operate in 'vacuum cleaner mode' and record information as the journey progressed. Soon I had a list of their colleagues' names, departments and organisations.

I was then able to record from their three identical laptops the department, serial, asset, and purchase order numbers - which were displayed on big black-and-white printed labels in the same place on every lid. I was even able to glean the login name and password of the young lady on my right - just by glancing at her screen and watching her keystrokes.

The conversation continued (loudly!) and I continued to record more information. From the young lady to my right, who continued to show me her screen and placed her paperwork between us, I recorded the following details:

  • The names and duty codes of all three people
  • Their department details and office address
  • All three email and snail mail addresses, and phone numbers
  • A list of all names and departments represented at the meeting
  • The time, place and agenda of the meeting
  • Specific briefing/query/detail notes as they were emailed out
  • The IT support contact's name, email and phone number
  • The name and details of a confidential project which was not meant to be discussed in public
  • Ideas and thoughts on a pending follow-up meeting and strategy

By this time my hand was getting tired and my brain was hurting. So I did a visual and electronic scan of their hardware to see what that offered.

They all had identical security dongles and all three were online using 3G...

By Peter Cochrane

Peter Cochrane is an engineer, scientist, entrepreneur, futurist and consultant. He is the former CTO and head of research at BT, with a career in telecoms and IT spanning more than 40 years.