Ray and Aida are two co-workers who are buddies, but each want to be smarter than the other. However, sometimes their actions really do bring consequences for each other.
After Ray begins his curiosity about Aida’s boyfriend, he got anxious about how to find out about her life more. So, he planned to get into her business by spying on her social media accounts.
So, Ray tries to hack Aida’s photogram account by:
- Being the Middle-Man in the network’s traffic to read Aida’s packets sent over Photogram. Yeah. I know, it’s a shitty thing to do. But sometimes we come across shitty co-workers.
- But luckily, Aida communicated with telegram which encrypts stuff. So, yeah. Sorry Ray.
Then Ray, decides to be extra evil so he wondered around Aida’s desk and since Aida had the tendency to leave her phone on her desk when she’s away, Ray saw the opportunity. So:
- He finds her phone’s password by guessing it to be her dog’s name since she had a picture of the dog all over her desk.
- “This is why you don’t choose your password based on things you care about the most.”
- Her Photogram account was up. So, Ray helped himself with the account. Posted several messages on her behalf. The messages were like below:
Aida (Ray): Hey Jessi, did you see that bitch? She just wanted to make me jealous.
Aida (Ray): She thinks I am still with John. But we broke up since I am in love with the guy at my work.
- Aida went crazy as soon as she found out.
Even though this is partly Aida’s fault by allowing Ray to do his social engineering, Ray is still at fault because he stick his nose into her business. However, Aida notices Ray’s behavior is odd and learns that he has been sniffing around her phone because:
- She notices that her phone’s position was altered on her desk.
- She notices that her Photogram account was opened.
- She sees Ray acting nervously.
So, she did what she had to do: “RETALIATION” she put a needle under Ray’s chair. Oh God that felt good for Aida.
Ray tries to retaliate and hack her account.
- Ray gets really irritated after seeing Aida laughing at him.
- He plans to hack into her account on their organization’s account.
- He tries fragmentation scanning which is breaking up his scan into smaller packets so that the company’s firewalls wouldn’t detect his scanning activity.
She gets smart and secures her connection using Secure Browser & File Manager application from iTunes and did most of her online activity using her phone.
- Aida knew a response is coming. So, she closes her endpoint’s ports and hides her mac address and Ray was unsuccessful. But Ray figured out another way to teach her a lesson.
- Therefore, he planned to send her an email. And unfortunately, Aida had failed to understand that the attack vectors could be coming from other places too and not just internal network.
Ray manages to hack into her account and break HTTPS 443 protocol security but HOW?
This is how:
- Ray sends Aida a phishing email pretending to be a lottery sweepstakes agent.
- She opens the email and there you go. BOOM! She just opened the door for Ray to get into her system.
She scans her computer and….
- She noticed that her system has slowed down quite a bit.
- But she’s too late to perform Malware scan.
- But on the other hand, Ray’s Malware wasn’t going to screw up the organization’s system but just there to steal her info.
So, Aida decides to download the ProtonMail – Encrypted Email from iTunes and keep her conversations secure.
But to really put Ray into his place, she created a virtual machine and creates a honeypot for Ray.
Ray gets trapped and she has him by his balls now. Either he listens as she says or loses his job. She demands him to do her job or else she would tell the HR department about his behavior.
This was an example of what could happen at work but realistically the possibilities of getting hacked at your workplace is tremendous. So, you always want to make sure you protect yourself against internal and external online threats in your organization.
Let me know if this has ever happened to you guys in your workplace. Oh please don’t forget to share how you dealt with the situation.