This blog has moved! This post and other mistakes are now at https://mango.pdf.zone

Hello and welcome to a blog post. I am writing it and you are reading it. It’s amazing what we can do with computers these days.

Several months ago

I’m at a ramen place with my friend Diana. Diana isn’t her real name, but we’re going to pretend it is because that’s what all the cool journalists do and I wanna fit in too so don’t ruin this for me okay.

I ask her if it would be okay for me to try and hack all her stuff. She’s instantly visibly excited. I explain how this could result in me seeing everything she’s ever put on a computer ever. She tells me she thinks this is going to be “so good”. We lay down some rules:

• I’ll start some time in the next 12 months
• No deleting anything she has
• No disrupting her daily life
• Stop asking if she’s sure it’s okay

Bonus rule from me: Do this entire thing in stealth mode. Don’t ever let Diana know that I’ve started until it’s too late.

I mean, obviously it worked since you and I are having this nice little textual discourse right now. Take my hand metaphorically, and I’ll guide you through what I tried, my many flubs¹, and how to protect yourself from what I did².

And uh also at the end Mario’s green friend is there.

Part 1: Research

“”“Open Source Intelligence Gathering”“”“” AKA googling furiously and pretending you went to uni for this

Alright uh I’m pretty sure the first thing you do when you’re hacking someone is find all their personal information. I’m talking about her email, phone number, address, star sign, whether she uses Android or Windows Phone, her birthday, and so on.

Jeez we’re gonna need to know her email address aren’t we?

People put lots of their information on LinkedIn (an information landscape that connects your inbox to people you met once in a bar and will forever file under “misc”) because it tells them to.

The first thing I see on Diana’s LinkedIn³ is her email address. I hastily put on my black hoodie and get my arms a bit stuck in the sleeves. Hacker voice I’m _in_⁴. Immediately I sigh and put my hands on my temples like a stressed-out banker. It’s a @hotmail.com address, which surprises me since, well, who’s using Hotmail in the year of our lord 2017? I mean geez if you used hotmail you’d miss out on gmail’s excellent security features heyoooo

 [x] email address
 [ ] the respect of my peers

Does she use this email for Twitter?

Yep.

How about her phone number?

I type a bunch of extremely clumsy things into Google. I’m talkin’ “dianalastname@hotmail.com phone”. A matrix of what looks like zeroes and ones but is actually Google search results flies down my screen at about the speed a normal person would scroll at.

There’s a sign-up page for a club she started at her university. The page says “Contact Diana Lastname at dianalastname@hotmail.com or [her phone number]”. pew pew got ‘em.

[x] email
[x] phone number
[ ] the respect of my peers

Storing the goods

I paste all these things into a Google Doc - an advanced NSA hacking tool leaked in the recent Shadow Brokers incident.

While googling securely, I find an old blog of hers from 2009. It has a search box. I immediately slam “pet”, “cat” and, “dog” in that search box like it’s 2009. The name of someone’s pet is often somehow involved in their security, either as their password or as a “Security”“” question or something. I find the name of her dog from 2009 and vigorously paste it into my Google Doc.

Lees verder