Network Security

This woman who delivered flowers to your office was a hacker. Did you let her in?

Share

SC Media Podcast

https://soundcloud.com/user-13761928/stephanie-carruthers
Stephanie Carruthers, aka Snow, chief people hacker, IBM

She may have cheerfully strolled into your company’s reception area holding a gift basket and a USB drive with a special message from the sender. Or she may have sent you an email claiming she’s a college student interested in an internship program. Did you plug in that USB drive? Did you open her attached résumé?

If so, you’ve just been “snowed” by master-of-disguise Stephanie Carruthers, chief people hacker with the IBM X-Force Red offensive security services team. But don’t panic – she’s one of the good guys, and she’s here to help your company and employees learn from their security mistakes.

Carruthers, aka “Snow,” uses her keen social engineering skills and a background in special-effects make-up (she said she once even gave herself a fake pregnancy belly) to convincingly adopt fake personas, both physical and virtual ones. She may show up to your place of business posing as an auditor, for example, intimidating employees into giving up company information to a stranger.

Carruthers in one of her disguises.

Carruthers also searches social media postings for pictures that might reveal sensitive company information in the background or show an employee with a badge or nametag that she can duplicate. And she uses her recon work to craft targeted and authentic-looking phishing emails to test the security-savviness of their recipients.

Back in 2014, Carruthers earned the coveted Black Badge award at DEF CON’s Social Engineering Capture the Flag Contest. Now, in this podcast, Carruthers shares with SC Media some of her tricks of the trade, as well as what phishing techniques tend to trick the most people, and the common mistakes employees often make at conferences and other public events that open themselves up to future attacks.

This woman who delivered flowers to your office was a hacker. Did you let her in?

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.