Could your computer be hacked?
Yes!
In this week’s podcast, I interview Rob Moore for our popular How to Keep Your Money series Episode 59. Everyone, both personally and professionally, can be a victim of cyberattacks, and Rob is the specialist. He is a highly regarded consultant and investigator in the dark world of cybersecurity, and aids in the asset recovery of its victims.
Rob started his career as a Communications Specialist in the British Army which he says provided him with a ‘unique blend of discipline, strategic thinking, and unparalleled expertise in navigating complex and high-stakes environments’.
This is a hot topic. We have all been shocked by the cyber hack and data theft which closed the Marks & Spencer ‘Click and Collect’ services for several weeks. M&S has forecast that the hacking of its systems would cost it about £300 million in lost operating profit in its 2025/26 financial year, although it hoped to halve that impact through insurance and cost controls.
But before we fall into the trap of thinking that the criminals are only going for the big boys, let’s not forget the successful hacking by’John Doe’ (not his real name), a whistleblower who hacked information from law firm Mossack Fonseca in Panama and then sold it to the press. The leaked data included 11.5 million documents published starting April 2, 2016.
The papers detail financial and attorney-client information for more than 214,488 offshore entities. While offshore business entities are legal, many of the shell companies they created were used for illegal purposes, including fraud, tax evasion and evading international sanctions. This illegal activity known as the Panama Papers led to the closure of Mossack Fonseca.
The hacking of Mossack Fonseca can be contrasted to the hacking believed to be by the same criminal (still anonymous) of law firm Appleby and corporate services providers Estera and Asiaciti Trust. They contain the names of 120,000 people and companies. Among those mentioned were Queen Elizabeth II.
The documents were leaked to the press in October 2017 and became known as the Paradis Papers.
Unlike the Panama hack, Appleby was able to defend itself, saying that there was ‘no evidence of wrongdoing’ and that is was a law firm which ‘advises clients on legitimate and lawful ways to conduct their business. It went on to say that it was not the subject of a ‘leak’ but of a ‘serious criminal act’, an ‘illegal computer hack’.
In today’s world, the criminal hackers may not sell the data to journalists, but are more likely to ask for a ransom, known as ‘Ransomware’. This is where Rob comes in.
But rather than repeat what Rob says in his podcast, let’s have a look at some of the research done on obedience, which we need to be aware of, so we can be on our guard whether at home or in the office.
In the early 1960s, Stanley Milgram wanted to understand how ordinary people could be led to commit atrocities, particularly in the context of Nazi Germany. His experiment investigated the extent to which people would obey the demands of people in authority even to the point of causing others serious harm.
Participants believed that they were randomly assigned to one of two groups, experimenter and experimentee, but in fact, the experimentees were actors. They were told that the research was into learning. The experimenter was told to administer to the experimentee an electric shock if they got an answer to a question wrong. They were clearly told they could stop at any time if they felt uncomfortable.
After each wrong answer, the experimenter was told to increase the voltage up to a maximum of ten times into what was clearly marked as a danger zone. The experimenter was being guided by a researcher in a white laboratory coat, and the experiment was conducted within the laboratory of a prestigious university. As the voltage increased into the danger zone, the experimenter heard the experimentee (an actor) scream in pain and on some occasions even stop answering questions as if unconscious.
Notwithstanding the anguish of the experimentee, the researcher calmly said, ‘In the interests of the experiment, we wish you to proceed’.
The results of Milgram’s experiment were astonishing: about 65% of participants administered the highest voltage of electricity, despite being traumatised when doing so.
This experiment shows how ordinary people can behave against their ‘better judgment’ to harm others, or even themselves, when told to do so by people perceived to be in authority.
Criminals are aware of the power of authority and will try to deceive you of their authority into giving funds or disclosing details such as passwords, which they would otherwise not do.
This experiment serves as a reminder for all of us to verify the identity of individuals or companies requesting money or sensitive information, especially when you suspect they may not be who they appear to be. Criminals are skilled conmen.
The story of Jordan Belfort, an American former stockbroker, financial criminal and businessman, comes to mind. His story is told in the excellent film The Wolf of Wall Street, starring Leonardo DiCaprio.
Jordan started as a successful door-to-door salesman of beef and fish. The business eventually failed, but a family friend helped him find a job as a stockbroker at L.F. Rothschild. He was laid off after the firm experienced difficulties related to the Black Monday stock market crash.
Belfort founded Stratton Oakmont, which marketed penny stocks and defrauded investors with ‘pump and dump stock sales’. He said he got greedy.
Belfort was jailed for 22 months, but later became known for his motivational speeches on how to sell. Criminals, whether out to defraud you personally or professionally, are successful because they are excellent salesmen and hide their greed behind a wall of authority and deceit.
Rob told me that often the criminals will research an organisation for months and once inside look for the weak link, maybe someone browsing dating websites or looking for ways to make money. They will then pose as an interesting dating opportunity, or if looking to make money will be eager to introduce the hapless professional to an ‘uncle’ who has a great business in cryptocurrency. In exchange for information, the introduction is made, and the fraud of the individual starts as the organisation for which they work is mined for data.
Most brilliant salesmen never look as if they are selling; they listen to what you have to say, looking for a weakness which they can exploit to their advantage. The only difference between a criminal and a genuine purveyor of services or products is that the criminal often does not know when to stop exploiting their victim or victims and is often not the person they say they are.