The Upside of Accidentally Hiring a Hacker


She was discovered at an international meeting where all of our offices from around the world came to the Palo Alto headquarters of our company. We were there to be trained in the new marketing campaign on competitiveness and branding. She had traveled in from Germany the previous day, and didn't say much.

We all had our laptops open as the new website was to be a big part of the new brand identity and each country had to maintain their own piece of localization. She typed constantly. It wasn't odd because many others typed notes of the presentation, but because she typed with alacrity while being completely focused on something on her screen. But, she was paying attention to the presentation.

At some point, the VP of global marketing who was leading this training said that this change would be a complete surprise on the industry landscape and our main competitor, which was also an international powerhouse headquartered in Silicon Valley, would be caught unaware. That's when she raised her hand and without being called on, stated that the competitor already knew, “They knew at least four months ago.”

“How do you know this?” the VP asked.

“They have a similar domain name in their local nameserver that was sneakily registered under a different handle almost exactly 4 months ago.”

The VP looked stunned.

We then broke for coffee and I was near her when the VP came over to her. The conversation went something like this:

“Did you hack them?”

“No. The information is publicly displayed. It's called Open Source Intelligence Gathering. You just need to know how to look.”

“Was there anything else?”

“Yes, they are also re-launching their website with similar features to ours.”


“It's not public yet.”

“If it's not public....”

“They use a web cache through their ISP so I basically asked that to send me what it had from that domain and it did.”

“Can I see it?”

She took him back to her laptop and showed him.

“Is there more?” he asked.

“That's all the pages I could get of their new website. But I can tell you from the time zone they are developing it in the United Kingdom and it was last updated this morning.”

“We had no idea. Can you tell how close they are to going live with this?”

“That's the thing. I looked up the name they used to register the domains and it's a new company they founded about 6 months ago just to do this all right under your nose. The address is right next door to their HQ. On Google maps you can see it's almost right on top of them.”

The VP sat down as she typed quickly into a black screen.

“Here I searched for the IP range and e-mail address owned by the new company,” she said. “I came across some mailing list postings.”

“For what?”

“Some developer stuff but when I looked at the headers, I saw they're using a number scheme for their internal computers. That gets attached to the mails they send to show where it came from. This one says msworkstation09 and the other two end in 74 and 257. So we know they could have at least 257 workstations to give you some idea of the size of this effort.”

“And it was right under our nose.”

“They've been on you almost since day one.”

“So we have a leak,” the VP stated.

“Maybe not. I just looked and you are making the same dumb mistakes. They can see what you're doing the same as I can see them. So they've probably just been watching you.”

“So we're on display? Can we fix that?”

“Kind of. Since some of this info needs to be public you can't really protect it. But you can hide it a lot better so it's harder for them to pick up on.”

He stepped back and looked at her curiously. “So how did you end up in marketing anyway?”

“I needed a job.”

Later that evening, over dinner, she explained it to a few of us in more detail. She needed a job quickly to pay bills after getting down-sized at her last company. So she hacked her way into the job with social engineering. She explained that she researched various department managers from those which were hiring and looked them up.

She looked up their likes and dislikes. She looked up their friends and family. Then she crafted a resume that made her most like them and hitting most of the keywords associated with the position. She was clear that she didn't lie about any of the education, work experience, or skills she put in there.

She sent out ten resumes like that directly to each manager's work e-mail address and gotten interviews. Within a week she had a callback from all ten and selected the one with the highest salary.

But that wasn't marketing. There was a bug in the system. Maybe it was because the HR system couldn't handle so many hires of the same person. Maybe some secretary got confused.

So because of a computer error she ended up in Marketing. She went on to lead a competitive intelligence unit for the German marketing department and after about a year, there was one at the Palo Alto office too. It turned out to be the luckiest accident that company could have made.

This is a true story which is why the names have been omitted. So it should make you wonder if your organization is secure against competitive intelligence or open source intelligence techniques. Do it with the OSSTMM. It's the Open Source Security Testing Methodology Manual and it is the most thorough security and privacy checklist in existence. Check for privacy and competitive leaks for Web, Wireless, Networks, People, Buildings, Documents, Gadgets and Phones.

About the Author:

Pete Herzog

Pete Herzog is the co-founder of ISECOM, and as Managing Director is directly involved in all ISECOM projects. In 2000, Pete created the OSSTMM for security testing and analysis. He is still the lead developer of the OSSTMM but has also leads the organization into new research challenges like Smarter Safer Better, the Bad People Project, and the Home Security Methodology. Pete's strong interest in the properties of trust and how it affects us and our lives has led to trust metrics and has brought ISECOM more deeply into Human Security. In addition to managing ISECOM, Pete taught the Masters for Security at La Salle University in Barcelona which accredits the OPST and OPSA training courses and Business Information Security in the MBA program from ESADE which is the foundation of the OPSA. In addition to security, Pete is an avid Maker, Hacker, and reader.

If you want to savvy up your team on these techniques, head over to the free and open source project, Hacker Highschool for self-study guides on hacking. The project is free for high schools but if you like the lessons, get a license to get employees leveled up on their cyber know-how.

Norse Twitter
Norse LinkedIn
Norse Facebook
Norse YouTube Channel
Norse Blog
Norse Google+