At Vyn’s #PerspectivesOnline event in July, seven speakers shared stories around the theme “Freedom despite restrictions”. Amit Dubey is a renowned “ethical hacker” who has solved over 300 cases of cyber crime. Here is a recap of his talk from the virtual session on 15th July 2020.
The story I am here to tell you starts in 2011. I got a call from Paris Police, who wanted my help in an investigation relating to a Nokia smartphone. These were the times when high-end smartphones like the Nokia N-series were first coming out – in fact, I had been one of the architects of Nokia N-96.
A lady living in a town near Paris had got an anonymous call. The caller said, “We have kidnapped your daughter. We will kill her in an hour unless you transfer €25,000 into our account”. At first she thought it was a prank, but after being called again and again, and since she didn’t know exactly where her daughter was, she got scared. She started negotiating with the caller: “Listen, I’m not that rich and I don’t have that much money in my account. Please, give me some time”. The caller said, “Don’t tell me how rich you are. Where you are in your bedroom right now, there’s a wall painting which cost you around €5,000. Someone who can have such a costly painting in the bedroom will have some money in the bank, so if you don’t transfer the money right now we will kill your daughter.”
The lady ran from the bedroom to the drawing room and said “No, you’re mistaken, there is no such wall painting.” The caller went on, “Where you are in your drawing room right now, on your right hand side, that vase alone cost you around €2,500. So don’t tell me you’re poor. I know everything about you. Just transfer the money.” The lady was convinced the caller was able to see her live, so she opened her laptop and transferred the money. After an hour and a half, her daughter came home with no idea about the caller, and the mother was confused. What had happened?
She called the police, who inspected the house for hidden surveillance units, but found nothing. The police then asked some of the Nokia architects, including myself, to investigate her phone. There was nothing suspicious there – no spyware, no malware. I almost gave up. At the airport as I was heading home, I saw a kid holding his mobile phone up towards a wall. I asked him what he was doing. It was a game where he would place items into the world in front of him in augmented reality and take pictures of them to earn points.
I called the investigator back, who confirmed my suspicion that this particular game was on the victim’s phone. I cancelled my flight and went back to inspect further. I found 150 images from inside their house, captured through the game while the victim’s son played, and uploaded to a Nokia server. The anonymous caller must have had access to these images to see inside their home.
One big question remained: How was he able to track her exact location
– whether she was in the bedroom or the drawing room? Even today, in 2020, it is almost impossible to trace a person’s profile that way. After a lot of searching, I found a white paper from a professor. There was a mention that you can track someone through Wi-Fi signals. I was shocked. I scanned the images again and found that every image captured through the game was also capturing the Wi-Fi signal label of her house.
So the Wi-Fi hotspot was working as a reference point, and the game was tracking the signal level of each image. While the caller was talking to her, he was also getting real-time Wi-Fi signal labels, and could easily figure out where in the house she could be.
Fast-forward to 2016, the world got a game called Pokemon Go, which is quite a similar game and this became a billion-dollar business in a week. Do we know the risks associated with this game?
If you have 150 applications in your mobile phone, all of them are capturing something about you. Every time you search for something, your search engine captures some data about you. To take an example, you can go to google.com/dashboard to see for yourself the kind of data they have on you.
As an ethical hacker I have solved some 300 cases of cyber crime. I have caught hundreds of criminals and saved many victims. Data is useful, but if hackers get their hands on it they can easily hack you, without any high end tools or technologies.
Let me conclude with this note: I would love to take over the world, but they won’t give me the source code.
I truly believe this world is nothing but a software programme, and we are nothing but software plugins. We are the product of the data that has been fed to us since birth: In which school and college we have studied, our surroundings, our friends. All these data points make up us. If I can change the data, I can change you. That’s why data is so important – because the next world war will be with data. I just wanted to show you a glimpse of that.
We would like to thank Amit, the other speakers, and all participants for bringing together these Perspectives – this time virtually, hopefully next time in person.
At Vyntelligence, we take data security extremely seriously, using state-of-the-art encryption and operational technology to ensure security for all our clients and their ecosystems. To learn more about the Vyn platform, visit vyntelligence.com.
Leave a reply