The Telegraph – The hidden dangers of using Wi-Fi on holiday, according to a former hacker

09JulJuly 10, 2019 By Jason Hart

We all use public Wi-Fi on our holidays, but is this safe? A former ‘ethical hacker’ explains the dangers of public connections, and the simple measures we can take to protect our online identities abroad.

There’s no escaping it. We’re all vulnerable to theft on our holidays. I was reminded of this on a recent trip to Chile, when a friend I was travelling with had her phone, bank cards and cash pinched from her pocket in Santiago city centre…

“Anyone who connects a device to a Wi-Fi access point without taking necessary safety precautions is inviting hackers on their vacation with them,” he said. “Travellers should realise, especially in foreign countries, that hacks are inevitable. You could be in a hotel resort, down by the pool but the hacker is up in a room on the 12th floor and you wouldn’t know. But there are ways to protect against a ruined vacation.”

Read the full article here.

Information Age – Gemalto CTO: Beating ‘cybercriminals at their own game’

05SepSeptember 6, 2018 By Jason Hart

In today’s business environment, data is king. Protecting this most valuable asset is key to effective security.

Data breaches can ruin careers, and permanently damage the reputation of organisations. Defending against these cyber attacks is a challenge, and a problem that keeps business leaders up at night.

Think like a hacker

Jason Hart – CTO of data protection, Gemalto – believes that in his role, thinking like a hacker has helped him “beat the cybercriminals at their own game”.

“Using business insights and my years of experience as an ethical hacker, I know how cybercriminals think.”

To read the full interview with Jason click here.

Evening Standard – Fifa World Cup 2018 guide for fans: British football fans travelling to the World Cup in Russia warned to keep data safe

12JunJune 13, 2018 By Jason Hart

The government and the Football Supporters Federation issued safety and security advice for England fans heading to Russia to watch the tournament next week.

Jason Hart, a Cyber Security Expert emphasised the importance of Brits protecting their data.

“Fans need to be very careful about what WiFi networks they connect to,” he said.

“Hackers can harvest all sorts of personal data through WiFi networks.”

He explained that if a fan logs into a WiFi that is not trustworthy they could be in danger of providing a hacker with their password and username information for the sites they access when using that WiFi.

He warned fans to avoid logging into their business emails or work portals whilst abroad.

“If a fan uses an untrustworthy WiFi network to access their work platforms that could lead to hackers gaining access to whole companies and then they could cause a lot of damage,” Mr Hart said.

He said those looking to protect their data can take certain measures.

“All the online services have one time passwords. When you log in you can request a one-time password and this will be generated and will not be the same as any others that you use. Make sure that’s enabled,” he said.

The National Cyber Security Centre also advised fans not to use streaming services while travelling and to “turn on the ability to wipe your phone should it become lost. Ideally, back up all your data and photos before you travel.”

To read the full article click here.

Computer Business Review – MyHeritage Hack: “Future Hackers Could Amend Stolen DNA”

06JunJune 7, 2018 By Jason Hart

No DNA data has been lost as a result of a hack at genealogy and DNA testing website MyHeritage that resulted in the leak of 92,283,889 email addresses and hashed user passwords the company has claimed.

“Sensitive data such as family trees and DNA data are stored by MyHeritage on segregated systems, separate from those that store the email addresses, and they include added layers of security. We have no reason to believe those systems have been compromised,” the Israel-based company said.

Gemalto CTO of Data Protection Jason Hart said: “This reinforces again that being breached is not a question of ‘if’ but ‘when’. Perimeter defences are just what they are, first lines of defence. When those fail, the only way data can be protected is to encrypt it. It is especially important that sensitive personal data is always be encrypted. That way, if the data is stolen it is useless to the thieves.”

He added: “MyHeritage noted that it plans to add additional protective measures in the future. While it appears that MyHeritage hashed its passwords, this is a weak form of protection. Given today’s security climate, all online companies should have multi-factor authentication activated by default for all online accounts as well as using encryption and key management to secure sensitive data.”

To read the full article click here.

TechWorld – Anatomy of an ethical hacker: What it takes to operate on the frontlines of cybersecurity

01JanJanuary 3, 2018 By Jason Hart

Former ethical hacker and CTO, Data Protection at Gemalto Jason Hart lets us in on the secrets of ethical hacking.

The perceived vision of a hacker – anti-social and geeky – is becoming increasingly inaccurate. Modern hackers are social, curious, adaptable and motivated – either by inquisitiveness, the desire for financial gain, to influence politics or even to just embarrass their target.

To read the full article click here.

The benefits of ethical hacking for IT security

28JunOctober 25, 2016 By Jason Hart

Hacking is getting easier and cheaper, so every enterprise should do it.

Wait… what? Of course, I’m talking about reaping the benefits of ethical hacking as a way of preparing for an actual cyber attack – the odds of which are increasing as hacking services become simpler to obtain.

Just about anything can be bought in the Internet these days, legal or otherwise. Rocket launchers, hard drugs and indeed hacking services have become as easy to purchase as books and music.

While some such services are available on the regular Web, more serious customers turn to the TOR, The Onion Network. Also known as the Dark Web, TOR enables buyers and sellers to transact with full anonymity using cryptocurrencies such as BitCoin.

Through TOR, hacking services have proliferated in recent years. They’ve been used by individuals with an axe to grind, such as Edwin Vargas, an NYPD detective. Driven by jealousy he paid $4000 dollars for over 40 email passwords, half of which belonged to police officers.

Another reason for growth in these services is that they are simpler to deliver. Technology is more straightforward than it used to be — witness how people can create web sites or drive smart phones, for example. By the same token, the barrier to entry for hackers is lower.

As confirms a report from Rand Corporation, “Greater availability of as-a-service models, point-and-click tools, and easy-to-find online tutorials makes it easier for technical novices to use what these markets have to offer.”

Why Hacking Is Becoming Easier

As a result the threat is growing. But isn’t it always? Am I just going to say “be vigilant” and then we all get on with our lives?

Well, no, because there’s an additional factor which means this proliferation can no longer be ignored. It’s about the nature of the attack surface.

In traditional computing models, we could consider this in three parts: first the physical environment; then the computer hardware; then the software. Policies, procedures and protections would be considered for each.

In the virtual world, the physical and hardware layers have been architected to create a reasonably robust underlying platform. Yes, sure, this still needs protecting but to a large extent it already is — the controls are well known and straightforward to check.

On top of this platform we — the global we, of corporations and providers — have created a massively scalable, massively interconnected but massively complex virtual compute environment.

Here’s the point: even as it gets more complex and harder to protect, it is becoming simpler to hack and exploit. We can’t just stand by and hope it isn’t going to happen, because automation will ensure it will.

Continues the Rand report, “Hyperconnectivity will create more points of presence for attack and exploitation, so that crime will increasingly have a networked or cyber component, creating a wider range of opportunities for black markets.”

But Ethical Hacking is Easy, Too

What to do? There’s only one answer really, and that’s to get there first. Penetration testing (ethical hacking) has been around for years; indeed it used to be my job. And just as computers can be programmed, so can exploits — there are libraries of them freely available.

We should not be daunted by kicking off such activities, of running a program of checks for back doors into our own systems. It’s not that hard to do — that’s the point. If it was, the bad guys would be looking for easier ways to make money. The many benefits ethical hacking offer organizations will certainly outweigh the bit of time and effort required to implement it.

If you don’t want to do it yourself, you can engage an (ethical) service to do it for you. As we already know, there are plenty of them around. You don’t have to check all your IT systems and services, just the ones that give access onto the data you have that is worth protecting.

Which raises a final point: If you don’t already know what data you have that is worth exploiting, for heaven’s sake work it out. Then check whether it is accessible.

There will be a cost, but after all, it will be worth your while paying a relatively small sum up front, rather than shelling out to repair the damage later.