My task was to Google another player by name, find out some information on them, and give them what I found in class. I handed them a paper with some social media info, work experience, political views, languages spoken, and a few pictures of them.
I got their full name by looking at an email sent by another professor that had the whole class' BHCC emails/student names. This is why professors should always BCC everyone on emails! I then proceeded to Google their name and clicking on social media links with their name on it. 4/5 times it was the right person when I clicked on a link (probably due to their location and the location of my IP).
Real life attackers can use the techniques I use to accomplish my task in a real-life situation very much the same way I did: by searching and clicking away. With the information gathered, they can try and pose as the person they are gathering information on for other tasks, such as phishing/catphishing.
An ethical issue raised by my task would be if it's right to pretend to be someone you are not. In the real world, this can be done morally right if there is an ongoing penetration test on an organization and the testers are pretending to be someone they aren't in order to test the employees of the company. And, of course, it is just morally wrong to pretend to be someone else, especially when the person has bad intentions.
No comments:
Post a Comment