Wales This Week: Hacked off will transmit at 1930 on Tuesday 7th February on ITV 1 Wales.
The programme tackles the issue of online data security…
Blog by Alun Jones – @alungjones
As a multimedia production team we are pretty much all regularly online or ‘on-grid’ as Davina Payne, the programme’s producer likes to say. We are all on Facebook and Twitter, we communicate largely through email and during the Christmas period we were all guilty of excessive amounts of online shopping, whether in work, on our home computers, or on our smartphones. All in all I’d say that probably makes us pretty typical in Wales, with 39% of the population now regularly accessing the internet via 3G technology. Unfortunately however also just like the rest of the population it means that we are probably not security conscious enough and one in eight of us will become a victim of online fraud this year – a tough stat to read when you work in a team of eight people!
So this programme was personal. Possibly more personal than any other I have worked on so far. The issues we researched here were, and still are, issues which affect every single person who has ever interacted with a website or used a mobile phone so naturally that includes me, the team and anyone who happens to be reading this blog!
So that’s how Catch82 (or Catch as he has become known) was born…
In order to illustrate how easily our digital information can be accessed and how much data our mobile devices hold it was necessary to set up a small experiment. This experiment would involve three pieces of kit, a mobile phone, a laptop, and a sat nav (or a satellite navigation device if you prefer!!) which would be used sporadically over the course of five days by an anonymous user calling himself Catch82.
The point of this was to replicate ‘ordinary’ use so there was no excessive tweeting about the strength and type of tea one happened to be drinking or the design of the mug it happened to occupy, nothing like that, just ordinary everyday use. ‘I’m on my way’ ‘have a good day’ that sort of thing…
…at the end of this five day period these devices would be examined by a team of forensics who would extract as much information they could about the user Catch82; where he had been, what he had been doing, that sort of thing.
After a day or so of analysis the first shock arrived, an eleven page report came back on the sat nav, fifteen pages on the laptop and a massive, and slightly ridiculous one-hundred and fifty one pages on the mobile phone, weighing nearly six times the weight of the phone its self!
From their analysis of the laptop our forensic was able to extract a host of information about Catch. Naturally as this was his own personal laptop there were no user settings to contend with and no passwords needed to open up the device, it was ready and waiting to go. Facebook and Hotmail were permanently logged in for ‘convenience’ which meant that every email and status update was available to view, but more importantly and perhaps more concerning was that all of Catch’s contacts and friends could be accessed.
This was perhaps the most surprising report of all, it was the smallest yes but I had never really given any thought to the importance of the data which is held within these devices.
In one simple sweep of the Sat Nav’s memory our forensic was able to pull out every single address the device had ever visited and view these places upon a map. Naturally one address appeared more often than any other as the majority of journeys both began and ended at this location – fair to assume that this is the home address right?!
…if that’s the case then a few key strokes later and you could be outside that house on Google Earth!
151 pages of data, some of it readable and some of it just seemingly random strings of letters and numbers – code as they like to call it!
Once again the phone wasn’t locked down and both Hotmail and Facebook were open and easily accessible. At one point Catch had entered a free Wi Fi zone and had registered for access; the confirmation email he received which contained his username and password was still stored on the machine. If this wasn’t bad enough though Catch had made the basic error of using the same username and email for multiple accounts so it may be fair to assume these to be his bank account details too – I suppose its worth a go isn’t it?!
Text messages and location data placed Catch at certain locations throughout the weekend. Bluetooth data gave some indication of who he was with!
So if you haven’t already guessed it, I am Catch82, more usually known as Alun, but you can call me Catch, and as much as id like to say that I’m secure online it seems that I’m not!
This is just a taster of the information which you and everyone else will leave behind each time you use your phone, computer and sat nav. Clearly the existence of this information doesn’t mean that it will be mistreated. It is sitting on your phone, its on your laptop, sat nav and ipad and that is a pretty much unavoidable bi product of using them in the first place but while we may not be able to avoid this data being stored, we can certainly do all that we can to ensure that this information remains safe; hidden from prying eyes!
You can follow Wales This Week on Twitter @walesthisweek and ‘like’ their Facebook Page through the following link:
If you are concerned about your online security please take a look at the following tips which have been prepared by the Wales This Week team: