Hacking the Dead

A recent large-scale data breach in South Africa had all the typical traits of a government or credit reporting service compromise. Within the compromised data, however, was an interesting field not commonly seen in other breaches: deceased_status. This raises a morbid question: “Can you hack the dead?” The simple answer is yes. Consider an individual who is recently deceased:

Their bank accounts may still be open
Their email and social media accounts are likely still active
Their cell phones and landlines still work
They may not have a will or clear accounting of their assets

Estates are prime targets for everything from identity theft to asset liquidation, since there is often a gap in monitoring the deceased’s assets. How often does it happen and will this be a new trend? The facts indicate that the deceased are easy targets for cybercriminals. For instance, CNBC reported on tax fraud involving the use of Social Security Numbers for almost 67,000 people who would be at least 113 years old. The State of California also provides tips for protecting the deceased from identity theft. Remember the email scams about the dead Nigerian prince who happened to be your distant relative? In reality, a deceased person’s contact list would be an easy target for phishing attacks targeting beneficiaries, next of kin, and others in vulnerable states. While we now laugh off the Nigerian prince scam, the fact is criminals can now launch convincing, multi-stage attacks at scale. The deceased pose the initial attack vector, with their surviving relatives, friends and colleagues facing subsequent threats. Banks, credit bureaus and government agencies all track whether you are alive or dead – information that can leveraged to jeopardize your identity and assets. You can protect yourself and the people you care about by planning ahead. Here’s some information on estate planning from the American Bar Association to get you started.

Morey J. Haber

Chief Technology Officer, Chief Information Security Officer, BeyondTrust

With more than 20 years of IT industry experience, and author of Privileged Attack Vectors and Asset Attack Vectors, Mr. Haber joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently oversees the vision for BeyondTrust technology encompassing privileged access management, remote access, and vulnerability management solutions, and BeyondTrust’s own internal information security strategies. In 2004, Mr. Haber joined eEye as the Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was a Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. Mr. Haber began his career as a Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

You May Also Be Interested In:

Partner Exclusive: An Important BeyondTrust Product Portfolio Update

LATAM & SPAIN | Soporte Remoto Seguro y Confiable?

What Your IT Service Desk Needs to Focus On in 2020 (and Beyond)

Privileged Access Management Solutions

Products

Resources

How to Secure Privileged Session Access to Cloud-based VMs

On the Blog

News