Cyber is on the tip of everyone’s tongue, from the news to the local shopkeeper. Everyone has heard of it, and many hold strong opinions on technology, security, and hacking.
The dangers of working in technology or security have been well documented. Most of us have probably been roped into being the family IT help desk, or been asked by someone at a party to validate whether or not they have been hacked.
They say that a little knowledge is a dangerous thing, and when coupled with soundbites from a sensationalist media, it can become more dangerous than Walter White knocking at your door. I personally have lost track of the number of times people have asked if I can show them the dark web or hack into an ex’s social media account.
Hacking friends and influencing people
Once, I was hanging out with a few of my colleagues in a hotel that, in a corner, had a third party ATM. The kind that independent venues place on their premises, and isn’t run by a particular bank.
I asked if they wanted to see something “cool”. They nodded and came over as I beckoned them towards the ATM. I pressed a few buttons, entered a password, and viola, I was in the service menu. (a trick shown to me by Dan Tentler). It was met by sounds of approval and bro-hugs.
However, the approval from my now new best friends was just the beginning. The following night there was a social event. I was at the buffet looking at the food, working out the delicate balance between what looked nice, and what I could fit on my plate without it all falling down; when I heard my name being called.
A couple of my colleagues from the night before were calling me over to join a larger group of friends. One of them was in the middle of telling a story that seemed to have the group engaged. He pointed at me whilst saying, “you gotta be careful on this one. He’s dangerous – just last night I saw him hack into an ATM in the hotel.”
Before I could point out that I’d merely entered the settings panel, another colleague jumped in, “Yeah man, I was like woah, is he gonna rob the bank? I started to step back thinking that the ATM was gonna start spitting out fifty dollar bills. I was ready for it I tell you.”
The conversation was buzzing as others started sharing their stories of perceived hacking, and it dawned on me that people like to part of something cool. They like to be able to tell a good story. Of course, no-one would ever believe that I could actually hack an ATM, but it’s a nice conversation lubricant that can help one make friends, become popular, and meet the love of your life.
What’s your favourite IT Security Party Trick?
Any sufficiently advanced technology is indistinguishable from magic.” – Arthur C Clarke
I was curious as to what the favourite IT Security party trick was for other professionals, so I turned to twitter, which never fails to disappoint.
Lewis liked the old trick of pretending to hack via inspect element.
@J4vv4D pretending to friends I know how to hack by doing inspect element and changing password field type to "text" and revealing their pw— Lewis Morgan (@LewisMorgan_) January 9, 2017
Or one could point websites to local html files.
@J4vv4D Swapping out or adding host file information to point agency websites to local html files: "Look, I defaced the CIA website!" :p— K (@icommitfelonies) January 10, 2017
Lock-picking also listed as a popular technique.
@J4vv4D picking locks— Kat Sweet (@TheSweetKat) January 9, 2017
@J4vv4D one time at the hackerspace I didn't have picks on me, so I showed a member how to make them out of old windshield wiper blades— Kat Sweet (@TheSweetKat) January 9, 2017
@J4vv4D Lockpicking. I didn't use it to entertain though, I used it because some jerk locked us out of a house on a deck w/ a 20ft drop.— Adrian Sanabria (@sawaba) January 9, 2017
Quentyn likes to scare people.
@J4vv4D show someone location stores data in their iphone... especially if they work for someone sensitive— Quentyn Taylor (@quentynblog) January 9, 2017
Robert liked to read RFID data from credit cards.
@J4vv4D It used to be reading RFID data from credit cards.— Robert Olson (@NerdProf) January 9, 2017
Whereas Domingo like to setup a ‘free WiFi’. It reminded me of what my grandad always says, in that there’s no such thing as free WiFi. By WiFi he meant a meal, but I’m sure the analogy still holds.
@J4vv4D set up a "free wifi" at the event ;)— Domingo Guerra (@sundaywar) January 9, 2017
Branden likes to remind people that if he has physical access to your device, it’s not your device anymore.
@J4vv4D none of my friends are IT ppl so... If router is accessible, push reset button and look up default pwd, then log in.— Branden Miller (@f0zziehakz) January 9, 2017
Neha likes to dazzle people with her l33t skills by using hackertyper.com.
I assume Erich used to be the ‘wallet inspector’ at school.
@J4vv4D I disappear wallets. It's amazing how easy it is if you just say, "let me see your wallet and I'll show you a trick", then leave.— madsqu1rrel (@ErichKron) January 9, 2017
Apparently weird stories work for Edward.
@J4vv4D I usually share some hilarious tale.. like quoting some presenter when they said "the hackers were programming in Cpound"— £ulzky Charm$ (@EdwardPrevost) January 9, 2017
Robin needs to really get to some different parties…
@J4vv4D I sit them down and explain PCI to them. Goes down great at parties you should try it some time— Robin (@digininja) January 9, 2017
@J4vv4D I whip out my Rubber Ducky and say "watch how fast I can type Shakespeare"— Robin (@digininja) January 9, 2017
JC knows how to leave a good impression!
@J4vv4D spoof the cell of their spouse, really provocative, it gets the people going— JC (@JC_SoCal) January 10, 2017
No Stuart, this is precisely the thing that sets a bad example! It’s why my family and friends ask me to fix stuff for them!
@J4vv4D fix their devices for them ...— SPCoulson (@SPCoulson) January 10, 2017
Unsurprisingly, Bob pulls the old FBI surveillance van out of the driveway
@J4vv4D I have them scan for Bluetooth devices and then enjoy their shock when they see "FBI Surveillance Van" in the list (My device name.)— Bob Covello (@BobCovello) January 10, 2017
Whereas Jerry likes to spoof SSID’s.
@J4vv4D SSID spoofing (especially targeted). Amazes people all the time.— Jerry Gamblin (@JGamblin) January 10, 2017
Not sure if this is a trick or a trap!
I think the winner was Wesley with this gem. I don’t know whether I’d definitely want him at my party or definitely NOT at my party though.
I pick a lock, take out an Eastern European country's power grid, OSINT someone's ex, tell stories, and then set a wifi pineapple on fire. https://t.co/JojfOCKrMV— Wesley McGrew (@McGrewSecurity) January 10, 2017
Do you use any of these party tricks? Or do you have any of your own that amazes and dazzles those around you? Let us know!