Even the most distrusting skeptics are sometimes at a loss to explain psychic phenomenon. In the video below, produced by the Belgian based organization, Febelfin, we get a glimpse behind the curtain – literally. What’s revealed isn’t that extraordinary at all — and that’s what makes it disturbing.
Febelfin is a Belgian Financial Sector Federation, and if your savvy marketing sense is tingling then you should listen to it; the video is a commercial or, at best, a public service announcement. While it’s quite likely that the random people, the sinister, balaclava-clad hackers and even Zoltar there are all actors; the threat is a real one.
“Your entire life is online. And it might be used against you.”
It’s true, all of the information revealed by the mind reader to the volunteers in this video could certainly reside online and be vulnerable to hackers or even a determined amateur, but could it be stolen in the time it takes to have a conversation? The short answer is probably not.
Let’s take a closer look at some of the information that the psychic senses from the participants: where they attend(ed) school, the subject of a semi-concealed tattoo, the colour and type of vehicle they drive, their best friend’s first name, recent injuries… are you sensing a trend? All of these savoury info-nuggets could be found with ease on Facebook. A sign-up sheet for participants could easily have provided the full name, email address and city of residence before the psychic went to work; some rudimentary, and completely legal, Facebook browsing would do the rest.
As the video progresses, the modern day Nostradamus moves on to more intimate details — and to the volunteer’s unanimous surprise — banking and financial information. This is where the video strays from reality. Is it possible that a hacker, or in this case, a team of evil Belgian hackers-for-hire, could steal bank account numbers, balances, intimate secrets in a matter of minutes? Yes. Could this be done reliably to five non-screened, completely random people with no pretext? No. Then again, I’m assuming these aren’t psychic hackers, because let’s face it, nothing is safe from psychic hackers — but that’s another video.
What if there was a screening process and some pretext? That could change everything. Add a sprinkling of social engineering and this video seems much more feasible. Some simple requests could vastly improve a hacker’s chance of finding and accessing vital data. Tactics such as having a volunteer sign-up sheet, asking for a full name, email and address, asking for identification to verify age, asking where to send a cheque for the volunteer’s compensation or perhaps asking volunteers to place their cellphone in a locker beforehand as it might interfere with the taping or the wireless microphones. While these things may seem normal to someone participating in the taping of a TV promo they would also give the hackers valuable information which they could use to uncover yet more online.
Taking the video at face value, hackers would have to be very talented and extremely lucky to uncover sensitive information in minutes, without so much as a name to start with — but it is possible. Using a clear image of the volunteer’s face, facial recognition software and custom code to automate Facebook’s new Graph Search for instance, or even Google’s Search by Image could reveal the volunteer’s name and whatever information they have publicly available online. If the volunteer’s smartphone has Bluetooth turned on and is not properly secured there’s a possibility that the hackers could use malicious software tools to access data on the phone wirelessly over that Bluetooth connection. These are just a few possible avenues of attack in a situation such as the one presented in the video, but chances are, without even a first name there’s just not enough for a hacker to go on.
So while the scenario in the video is unlikely to happen, the message is still valid: we’ve all got to be careful with our data and be wary of social engineering (criminals attempting to trick you into revealing information in person, over the phone or online). Making sure your passwords are strong and keeping the software on your devices up to date are good ideas as well. Lastly, never trust a psychic with an earpiece.