Jamie Woodruff will hack your company. As an ‘ethical hacker’, trained in finding security weaknesses, Woodruff will be employed by companies to offer them insight into how strong their security is in – sometimes by dressing up as a pizza boy.
Woodruff works in ‘social engineering’, the art of manipulation for information. “People are much more susceptible through social engineering to attacks than in person.” Speaking to the audience at WIRED Security, he explained his processes for accessing our data, in whatever way needed, to outline weak links in company security.
Woodruff explained various methods and anecdotes where he had carried out a penetration test. In one instance, he watched the inner workings of a company to observe how to enter the building, and consequently their servers. “I sat on these guys for six months and noticed a trend.” Observing that every Friday a pizza delivery person would be let through security, he did what any resourceful hacker did: he got a job at the pizza shop. Once employed, he left early with the pizza, made it to the company, and accessed the building undetected. “I walked straight past security and I could find the server room.”
Once inside, he accessed the server room by using UV spray to see which buttons had been pressed and easily accessed the most important part of the data source. “They had as stupid chip and pin thing – from like the 1980s.”
The ethics of Woodruff’s procedure sometimes fall in a grey area. Although he was employed to do a penetration check “by any means possible,” in this case, the head of security at the company got fired. “It made me think about the ethics of that. How do you define what’s ethical?”
He also explained the different attack vectors; different ways a company can be accessed. Some of those mentioned were diversion theft (stealing data from a device while the person is distracted), phishing (fake links in emails), bating (dropping USB pens with a labels such as ‘Spring Break’ to entice people to plug them into their device), and QR code generators, which are particularly successful at conferences. “Conferences are a prime target,” he said.
Having helped Kim Kardashian with her cybersecurity by pointing out the weaknesses in her WordPress plugins, he’s still working on helping rather than harming those with security issues.
Is he upset he won’t be thanked by the Kardashians? “I don’t like Kanye anyway.”
Woodruff entered the public eye when he successfully hacked Facebook as part of a student competition at Bangor University where he was studying computer information systems and is the technical director, Metrix Cloud Ltd.
staff with a one-stop shop for all things cyber security. It is built on 70:20:10 learning model. It captures 3 types of learning experiential, social and formal. Activities will support skills development, provide opportunities to share/learn with others and enable ongoing knowledge acquisition.
* The Black report – Decoding the Minds of Hackers
Certified Penetration Testing Engineer at Metrix Cloud LTD
Ethical hacking | Cyber security | Social engineering | Hacking | Vulnerabilities