The 3 minute Tesla car stealing video is fun, and keep reading the next paragraph about your organization’s security too.First the theft. Wired magazine published an article you can find by searching the title: Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob. Then, you can watch a security cam video of two men stealing a Model S in real life on YouTube. The thieves had to use Google to find out how to unplug the car. To see the short video, search: Tesla Model S Being Stolen Antony Kennedy or click here.
Now, what affects you directly whether you own a Tesla or not. Many IT Professionals, consultants, and outsourced IT firms access your network remotely using tools designed to help them help your users solve technical issues. Example programs include GoToMyPC, TeamViewer, LogMeIn, VNC, and Splashtop. Some outsourced companies use a product called Agent Tesla to support their customers. If you visit the website agent tesla dot com, you will see that the product has additional features including stealing keystrokes, breaking passwords, and spreading itself like a virus through a network. It appears that some bad actors have been using this tool to infect computers at companies without the company’s permission. And the tech support representatives at Agent Tesla were more than willing to assist the bad actors.
A key takeaway is that user-friendly tools can permit non-technical people to hack your network without needing any technical know-how.
What if a disgruntled or unscrupulous worker in your company installs GoToMyPC, LogMeIn, or similar easy-to-use software on computers in your private offices? They could overhear private conversations without anyone knowing. One of our clients experienced millions of dollars of embezzlement because a trusted worker used one of those programs on the computer that was in the conference room. The embezzler was not technically savvy at all, and he heard enough confidential information to embezzle millions and wreak all kinds of havoc. He did not need to use the additional user-friendly features that Agent Tesla provides including password cracking and automatic infection of other computers, but he could have.
Visit with your IT professionals. What are you, as an organization, doing to protect yourself from someone intentionally utilizing a readily available program, such as Agent Tesla, to infect your network, spy on your workers, steal information, and break your passwords?
The CEO, Owner, President, and other chief executives suffer the most when an attack devastates an organization. Most of them wish they’d have taken more of an active role in security. Learn from their mistakes, before it is too late.