Hackers video and curious what Agilebits thinks?

Options
justme12
justme12
Community Member
in Mac

Find this video somewhat interesting - I don't know what platform the hackee was using, Mac or Windows, and the hacker doesn't explain how after getting the 1PW Keychain - is it 1PW or Mac Keychain not clarified but the 1Password title is used how he got passwords so…

Just curious of how bogus this video is or does it have merit?

https://youtu.be/bjYhmX_OUQQ?t=5m25s

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Vee_AG
    Vee_AG
    1Password Alumni
    edited February 2016
    Options

    Hi @justme12,

    Great question! We have gotten a few questions about this report, as you might imagine, so I'm a bit familiar with the situation at this point. There's nothing bogus about it; the hacking is real.

    First, I'll direct you to the full text of Kevin Roose's story, which details the situation in much more detail than the video. The answers to your questions are there.

    In the section "Part 2: The Shell," you see that Dan Tentler sent Kevin a phishing email (purporting to be Squarespace), and Kevin himself downloaded a malicious program onto his own computer (it's a Mac), which gave Dan remote access to the computer. At this point, the device is compromised. He then installed a keystroke logger to capture Kevin's Master Password. He was also getting screenshots from Kevin's Mac at 2 minute intervals, so he could match the keystrokes to the screenshots.

    Part 3 of the report discusses how the likelihood of an average person being the target of such aggressive hacking is very low. Remember, Kevin Roose specifically asked these skilled hackers to hack him.

    I'd say that a main takeaway from this report is: be careful what you install on your computer, because once the device is compromised, all bets are off.

    Our Chief Defender Against the Dark Arts, Jeffrey Goldberg, wrote a blog post on this subject a couple years ago that is still relevant here. I'd encourage you to give it a read:

    Watch what you type: 1Password’s defenses against keystroke loggers

    I hope this answers your questions, but do let us know if you have any other questions about this!

This discussion has been closed.