Susan Gardner is a college tutor. She’s bubbly and talkative and one of the ‘go-to’ teachers students confide in. She’s got a photographic memory ... and could wreck your life within 10 minutes of meeting you.
She wouldn’t though. The 30-year-old is an ethical computer hacker. That means she only hacks into machines she’s been given permission to and been paid for.
However, not every hacker is as nice as Susan and there are a growing number who want to steal the data you use on social media sites like Facebook to get access to your e-mails, bank accounts, credit cards and anything else that can net them money using the intricacies of the computer system.
Next time you post something on a social networking site about your child’s birthday or tag yourself somewhere nice, you may want to consider the implications of what you perceive as a pretty harmless act. It could have grave consequences.
Take the scandal about celebrities, including Jennifer Lawrence, whose naked photos were downloaded from the Apple iCloud as a prime example. No one is safe.
“I call it the anti-social network,” said Susan who wants to warn people about the dangers of living their lives online.
“Users of Facebook or any social media platform, can be quite naive in password security, for instance. It’s very easy for a hacker to get into your network and guess passwords.
“On social networks we tell our stories online: where we live, when we go on holiday, our favourite foods, our kids’ names, when we celebrate our birthdays. It’s called social engineering.
“Just look at someone’s social media page. People put so much about themselves online these days that it’s easy to guess. You know that the first thing the average user is going to think about when they create a password is their children’s names or their birthday, the favourite place they’ve visited on holiday, or pets’ names. Social engineering is a very big thing, although it really is just a reconnaissance technique.
“Basically we hackers try to find out as much about a person as we can. It doesn’t have to be a person either, it can be an organisation that is involved. If we’re trying to collect data on anyone we just need to have a little chat with them for 10 minutes or so and we can pick things up quite easily. People think if they know it and it’s personal, nobody else will know it.
“But users publish too much information about themselves. You can easily guess something about anyone. It’s almost like forensic mindreading. You can easily pick up things about a person, such as if they are passionate about certain things. There’s a very good chance their passwords reflect that.
She went on: “If your Facebook password matches your banking password or your Amazon password is linked to your bank account’s, or if you use the same password across the board, it’s not just one part of your system that’s going to get targeted, it’s them all.
“You need to have something totally random for a password to be safe. Some websites try to force people to do this now, insisting on them using special characters. But people tend not to do that.
Susan warned that hackers have techniques they can use to access your information if you are using unsecure wi-fi networks in public places, using special scripts to push their way in.
She added: “If it’s unsecured we don’t need your passwords, we can get in, it’s very vulnerable. They’re trained to look at your keys, to see what you’re typing and keylog it from there, from memory.”
The mother-of-one has worked in the IT industry for the past seven years as a programmer and as an ethical hacker, used by businesses which can also be targets. They have a duty to protect customers’ private details and pay a lot of money to do this – if they don’t they could be sued.
She went to Abertay University in Dundee straight from Grangemouth High School to study computer science – gaining a Bachelor of Science degree in software development, networking and programming. In her fourth year she studied forensic computing, which she now teaches strains of at Forth Valley College’s Falkirk campus along with ethical hacking, a module she introduced to the curriculum.
The UK Government is placing a lot of emphasis on cyber security as there is a skills shortage in the market. A total of 93 per cent of large corporations and 87 per cent of small businesses have reported security breaches.
Susan said: “A report, ‘Cyber Security Skills’, says it is important not to underestimate the scale of the challenge that faces the UK in securing the skills required to meet increasing demand.
“This is why I introduced the course here, I’m passionate about it because it’s a major concern. There is a skills shortage and the work is well paid – it has to be.
“It’s very big money now because all companies have an obligation to keep data secure. But breaches are happening more often. I get an e-mail every day to let me know who is being targeted. There are a lot of jobs and the government says it is going to pump even more in to cut the skills gap.”
According to Susan, Christmas is a dangerous time online as people shop online for presents.
She said: “This time of the year is the most dangerous for for cyber security because so many people will be shopping online. When you get money taken out of your bank account you feel violated, it’s a scary concept.
“It’s basically the same as being burgled. Banks can protect you to a certain point but it’s user errors usually somewhere in there along the line.”
Susan’s top online safety tips:
1. Keep your operating system, security software and web browsers up-to-date. This is the best defence against malware and viruses or any other online threats.
2. Personal information should be kept secure by using strong passwords, unique for every online account. Keep passwords random with no relation to your personal life.
3. Passwords should contain a mixture of upper and lowercase characters with numbers and symbols and should be a considerable length to make them more secure.
4. Be very wary of special offers, giveaways and competitions in e-mails, links, posts or tweets as this is a technique used to entice you to click on them to eventually compromise your system.
5. It’s advisable not to use unsecure wi-fi hotspots.
7. Protect yourself when shopping online by using legitimate websites, and when making any payments online make sure that the browser bar has https://, shttp:// as these are secure, while http:// websites are not.