The column also claims that true hackers only focus on hacking computers. Well, there is the Defcon Capture the Flag contest, which focuses on social engineering -- which is not hacking per that definition. Also having presented on social engineering and other non-technical hacks at Black Hat on multiple occasions, non-technical attacks are of interest to the “real live hackers.”
The article gets dangerous by trivializing the importance of screen protectors to prevent “visual hacking”, while promoting shoulder surfing as a tool of teamwork and collaboration.
I prefer the use of shoulder surfing over visual hacking, however it is a highly critical issue for security practitioners. First, lets examine the straightforward claim of teamwork and collaboration. The column assumes that everyone inside a company is entitled to see all information inside a company. Anyone who has been in a modern office environment knows that there is little privacy. While some people might have data that is OK for the entire organization to know, there are visitors that can go through the facility. There are many areas where information should be restricted, such as accounting, human resources, engineering, legal, sales, customer data, vendor data, and any area where there is intellectual property of any note. There are also many areas where information is legally restricted from distribution. I really wonder what environment wants free collaboration.
Then I am bewildered by the comment about the odds that, “the dude next to us gives a rat’s behind about what is on our screen.” This is just gross ignorance. It is a major awareness and security concern for people traveling with sensitive information, and in some cases organizations are legally required to protect the information.
Let’s be clear about the comments being made; the article contends that being concerned about shoulder surfing is ridiculous and is easy to take care of by shouting, “teacher, he’s copying me!” (that is written in the column.) There is of course the ignorance of not realizing that someone may not know when someone is actually looking over their shoulder.
Shoulder surfing is a serious issue, and has legal implications as well. Despite the column appearing in CIO magazine, where the “I” stands for “Information” and not computers, it fails to understand that companies have to protect information in all of its forms, and not just the underlying technology of computers. A “hacker” doesn’t care if they get the information by compromising computer technology, stealing a laptop from a car, or looking over someone’s computer on an airplane. More important, there are more than just “real live hackers” in Las Vegas, but criminals, competitors, malicious insiders, and even the “creepers” that he refers to as well.
Sign up for CIO Asia eNewsletters.