Author Kevin Roose recently dared two hackers to see how much they could mess up his life.
So I decided to stage an experiment that, in hindsight, sounds like a terrible idea: I invited two of the world’s most elite hackers (neither of whom I’d ever met) to spend two weeks hacking me as deeply and thoroughly as they could, using all of the tools at their disposal. My only conditions were that the hackers had to promise not to steal money or any other assets from me, reveal any of my private information, or do any harm to me, my data, or anyone else. And then, at the end of the hack, I wanted them to tell me what they found, delete any copies they’d made, and help me fix any security flaws or vulnerabilities I had.
What happened?
“It’s ridiculous,” [hacker] Dan said. “I have control of your digital life in its entirety. I have all your credentials. I have all your access to all your financial information, all your work information, all your personal information. I can pay people with your bank account or your Amex account.”
For all intents and purposes, he said, “I am you.”
If he had been a malicious attacker, Dan said, he could have done unspeakable damage: draining my bank account, ruining my credit score, deleting years’ worth of photos, videos, and important data from my hard drive, using secrets from my email inbox and my work Slack to ruin my reputation. Anything, really.
“I could have left you homeless and penniless,” he said.
You can read all the really scary details (and watch a scary video) here. The takeaway is that you can not completely protect yourself, but you can take some helpful steps (like using multifactor authentication), setting up stronger security with service providers such as cell phone companies and banks, and changing your passwords frequently.