Ethical hacker, 86, rises to Santander’s challenge

Elderly hacker with little computing experience was able to hack WiFi and create phishing attack

An 86-year-old ethical hacker managed to create and distribute a fake phishing scam and hack a Wi-Fi hotspot in less than 17 minutes using online guides.

Spanish bank Santander asked Alec Daniels, who took part in a scam awareness programme run by the bank, to try to create a pretend mobile phishing attack and hack a Wi-Fi network as part of a scheme to raise awareness of scams.

Using tools available online and supported by a network security professional, Daniels was able to complete the challenge in 16 minutes 40 seconds, even though he knows little about computers.

Chris Ainsley, head of fraud strategy at Santander UK, said the experiment demonstrates how easy it is for criminals to send phishing emails and hack Wi-Fi hotspots. “We have seen the devastating results that fraud and scams can have on our customers and how much damage can be done if hackers get hold of even a small amount of personal detail,” he said.

“Raising awareness and educating people on how to protect themselves is vital to effectively tackling the criminals who ruin people’s lives.”

Santander’s own research has revealed that 41% of people regularly use Wi-Fi hotspots to carry out financial transactions on their mobile phones, and about 10% said they log into unsecured Wi-Fi networks several times a day.

Ethical hacker Marcus Dempsey said unsecured public Wi-Fi networks can be easy pickings for criminals. “By inputting passwords, bank details and confidential information into online banking or shopping websites over a public Wi-Fi, people could be unknowingly putting their finances and identities into the hands of hackers,” he said.

“Perhaps even easier than hacking Wi-Fi is sending scam correspondence, particularly phishing emails.

“If Alec, with no previous knowledge of how to do this, can write and distribute a convincing phishing email in a matter of minutes, it is worrying to imagine the potential damage that actual scammers could be doing.”

This article originally appeared on Computerweekly.com