A British military sniper turned cybersecurity expert said it was crucial people became their own “digital spy” to fight back against scammers.
Ben Owen said it was important not to be paranoid about digital footprints but you should be aware of what's on the web about you – including social media accounts – because “that's what a hacker would do” and they are good at joining the dots.
At the Gisec Global conference in Dubai on Tuesday, Mr Owen also said it was crucial not to forget that hacking was often a person-to-person practice and people needed to take a “tactical pause” before responding to suspicious messages.
“If you find … a MySpace account that you haven't used for 15 years, get rid of it,” Mr Owen told The National. “Deactivate it because hackers still want to get into that,” he said. “If you need it, lock it down. If you don't need it, get rid of it.”
Mr Owen is known for his role on the UK TV show Hunted, where citizen fugitives trying to evade their investigators and reach a safe extraction point. He served in the military during the 2003 Gulf War, before joining military intelligence
Since then he has become a renowned cybersecurity expert and cofounded The Osint Group, a company that provides training in that sphere.
“The elements of a hack have to have three key ingredients,” Mr Owen said. “Believability, leveraging emotion and the right time.”
Be social media savvy
He pointed to the surge in scammers who check photographs that holiday-makers post to social media who even hashtag the nightclubs. The scammers then try to locate parents back at home to target them, looking for money or something else.
“They send the WhatsApp [message] at 2am. They'll leverage emotion because mum's now scared and it's believable because her daughter is on holiday,” he said, stating about one in 10 will fall for such a ploy.
“And mums almost anticipate when the kid goes on holiday … something is going to happen. So, in the back of their minds, oh God, it's now happened.”
He said there was a lot of jargon surrounding the area but it is ultimately a person hacking a person and can be confronted.
“We don't want to live in fear and be paranoid for the rest of our lives because that's not healthy for anyone,” he said.
“But what we always recommend – just a simple thing – is just taking a tactical pause before you interact with anything digital.”
This could be a voice note from a daughter, an email from your husband who is on a business trip or a direct message from a fellow worker.
“Does this person normally ask it? Is this out of character? If there's a slight doubt in your gut, just validate – ring the person.”
“Don't be inherently paranoid. Take a tactical pause – assess it [and take a] deep breath.”
Mr Owen also outlined the huge digital footprint left by people every day, from using open Wi-Fi to leaving online restaurant reviews.
He explained how hackers can build a huge picture of likely victims within minutes from this data before even trying to scam them through what they perceive to be the line of least resistance.
And he cautioned that people could be leaving themselves exposed by leaving such online reviews.
“You have to be selfish sometimes to enhance your security. Is that going to benefit you? It's not. Therefore, I wouldn't do it.”
Evolving threats
It has been quite a journey for Mr Owen, from assessing threats on the battlefield to the online world. What about large-scale cyber attacks?
Blackouts affected the Iberian Peninsula last week. The cause is still under investigation but Mr Owen, speaking generally, said he expected cyberattacks on power grids and important infrastructure to take place more frequently in the future because of the financial impact on governments.
But a point he returns to repeatedly is that hacking is frequently person-to-person attacks rather than complex scenarios with employees targeted directly, because this is a vulnerable link in the armour.
“Energy companies … have a lot of assistance,” he said. “They can have the best tools and software and firewalls and filters.”
But he said there was a lack of awareness that hackers will try to contact employees to access their personal world, get their passwords and then enter the corporate system.
“That is the route in for hackers and that will continue to be the route. I don't think it's looked at enough.”
He gave the example of a UAE bank with more than 10,000 employees – many with online profiles – that could be targeted.
“You can guarantee 20 per cent of them would be hackable, easily hackable,” he said. “People always forget to talk about the people that work there because it's a grey area, and people don't want to address it. One of the main reasons for that, I think, as a business doesn't want to come across as oppressive.”
But he said it was important that companies made people aware by using personal examples and making it relatable to their families.
Gisec runs until Thursday and artificial intelligence was one of the dominant themes across the floors of the World Trade Centre.
Mr Owen said it was making hacking potentially more accessible in terms of coding. And it could be used to develop photos, aliases and make it easier to mimic someone. But humans still had a crucial role.
“It doesn't matter how good your AI is. You still need a human to scour over that data because one piece of AI software won't fit every single business.”
