Unless you know how they do it, you will not know when it is being done. For this reason, Jonar Nader presents lectures that teach people about the 101 ways that thieves go about stealing your data from your computer and your office. How safe is voice mail? Is a shredded document safe?
Below is a transcript of the audio file.
Host: Even though you can have a password and such, it doesn’t necessarily mean you are going to be terrifically safe when it comes to people getting into your records and data and stuff, does it?
Jonar Nader: Yes, security is concerned in both computers and the way we live. There is absolutely nothing that can be gotten at and absolutely nothing that is sacred, and we will run through a few things toady that will give you and example.
Host: Well, why?
Jonar Nader: Why is nothing sacred?
Host: Well, why is the password a joke.
Jonar Nader: Well, a password is like a key, but a key in its own right is of no use to a house if you care to break in through the window, or if you care to copy the key or borrow it or whatever. Passwords are necessary but people seem to feel that “oh well, I have a password and everything is fine.” Companies are loosing millions of dollars all the time and privacy of individuals is being invaded all the time without them even knowing about it. But you don’t even need a password, take for example the postman delivering your Telecom bill, automatically we know who you have been calling, your mobile telephone bill lists every number, so you know what you are doing and for how long. These days at the office, all the phone numbers are listed and they can tell who you call etc, but there are ways around it you see. So today in our discussion we will talk about ways around it, not so they can become data thieves, but so they understand how things work. Now, if we take the password problem, most passwords are so simple, that it is usually someone’s name, cat, dog or whatever, so we have to try to tell people to never use names and numbers only, and beware of trap games. Now a trap game is when someone gives you a software product and says “hey, how would you like to play golf?” and they give you the golf game, and that game actually captures every single key stroke that you have keyed in all week and it will fall over and you say to them “my golf game doesn’t work anymore” and they say “oh let me come and fix it” so they come and fix it and while they are fixing it they are actually extracting all the key strokes, and amongst those key strokes there will be all the errors including all the passwords you have keyed in that week, so that is one way of doing it. I will just give you so examples to start with.
Host: That’s quite depressing to begin with.
Jonar Nader: Well it is.
Host: So you’re saying when it comes to a password, make it three words, a letter and a number or something like that, but something that has nothing to do with a name or something that obvious?
Jonar Nader: Well names are notoriously easy to pick up, for example, an average dictionary on disk has about 60 000 words in it, and if your password is summer or dog or cat or even anything longer, the computer can scan through that in a matter of hours and crack the password. Now all the MIS managers, the computer people out there listening to this are thinking “oh yeah, but it is not that easy” but I will only equally say “but it is you can crack anything.” Now for a simple password that has two digits you have 1300 combinations, but you can crack that in four hours in worst case, and a four digit password has 1 700 000 characters and you can crack that in about six months if you apply the normal manual labour to it, but if you apply a very fast computer to it then it can be done in a matter of seconds. Now people say “Yes, but what if it has 10 digits and it has 3700 000 000 000 000 combinations?” well equally take a look at lotto, the chances of winning lotto are so remote, but yet people still win them everyday. So imagine if say the Russians wanted to crack the Pentagon code, all they would have to do is run lotto on it and somebody is actually likely to crack a code that can launch a nuclear missile. Because in Australia and the US and France people win lotto all the time, I mean look at the remoteness of that. So we are talking about probabilities and possibilities and all of that. And there is also a thing called MIMO (mathematics in mathematics out), any program that uses mathematics to encrypt itself can use mathematics to reverse encrypt itself or de-encrypt itself. So a few things for people to watch out are don’t leave your PC switched on over the weekend if you have a modem because people can track you, a lot of companies don’t realise that weekend access is one of their worst times, and what people tend to do is either steal data or use their telephone network. So often, if you know the right numbers you can tell to your whole family overseas, courtesy of somebody else’s phone bill. And a lot of people have been caught on that. But that is how Steven Jobs, who started Apple, became a little bit well known in the early days, many years ago, because he was selling ‘The Black Box’ and the black box was something you could connect to a computer and connect to the ABC switchboard and dial home, and they used to have party lines all over the place.