So MentalTheft seems to be taking over my world and I couldn’t be happier.
We’ve had people contacting us about the sponsorship program and about different events I could go and speak at.
We’ve been as far as Taunton, as close to home as Southampton and spending far too much time in London!
I think the business world is realising that their technology can be the most secure thing in the world but if a scammer steals personal info from a member of staff then their whole system in vulnerable!
I recently helped a company who told me they were more secure than Fort Knox!
They showed me, very proudly, how no one could get into their system.
We walked around their offices while they were explaining that I could never get any information!
So I happily pointed out that they didn’t need me then!
I continued with - but if you’re that secure how about a wager?
The IT director started to look a little nervous... “How about this, if I can get into your network without you giving me any information you have to pay me one fifth of the IT directors pay.”
All of a sudden it got serious.
Things like “we couldn’t agree to that!” Etc etc
All the while still pointing out that I’d never get in.
In the end we agreed on a set fee. For a one-off hit.
If I got access I would get paid a one off consultancy fee and it would include my report on how to fix this type of security issue.
Contracts signed. Agreement made. MD looked happy. IT Director looked nervous.
Finished my tea and then said - “can I use your computer?” MD happily let me do so.
“Please make sure you’re logged out of everything.” I said.
I sat down at his computer and logged into their accounts system. While in front of them I set myself up as a new supplier and made payments of up to £150,000 possible to myself.
I didn’t send a payment. I got up, explained I’ll send the invoice when I get back to the office and left.
MD was gobsmacked. IT Director was scared.
I sent my invoice and in the email I sent my report.
“When a stranger is walking around the office, don’t show them the accounts department. Especially if they have a post it note on their computer with their username and password on it.”
We’re now looking at how to get their staff to be better at security. Oh and I also signed into their security log as Houdini...
Paulie Houdini ;)