Advancing Associations

Gord Percy named 49th President of the PGA of Canada

13th May 2022

Golf Genius Software announces new Senior Advisor

29th Apr 2022

“The Experience Was Incredible for the Both of Us” | Gregory Molteni & Carolina Melgrati at ANWA

28th Apr 2022

OPINION: PGA of Slovenia President, Jure Čoh – How Pia Babnik’s Success Could Be a Milestone in Slovenian Golf

28th Apr 2022

Italy’s Saragnese Takes Honours at Inaugural CPG Virtual Series

20th Apr 2022

Golf Pride® Continues to Innovate with New CPX, the Softest Performance Grip Yet

1st Apr 2022

EDUGOLF Partners Focus On Research, Standards and Education at Meeting in Madrid

30th Mar 2022

PING Announces SS22 Men’s Performance Apparel Collection

30th Mar 2022

PING Unveils Most Comprehensive Ever Women’s Range for Spring/Summer 2022

30th Mar 2022

PING introduces Glide 4.0 wedges

16th Mar 2022

Golf Genius Software launches integrated event marketing tool Golf Hub

15th Mar 2022

PING Introduces Tour-Validated PLD Milled Putter Collection

8th Mar 2022

CPG Virtual Series Brings International Indoor Playing Opportunities For PGA Pros

28th Feb 2022

14th ‘Boutique’ BlackSeaRama Pro-Am Set For July

20th Feb 2022

Golf Genius Software Launches Golf Hub

18th Feb 2022

PING Expands Iron Offerings With i525 Players-distance Model

8th Feb 2022

PGA Tour Selects Trackman Tracking and Tracing Solution Beginning in 2022

4th Feb 2022

The PGA of Canada’s Commitment to Safe Sport

7th Jan 2022

2021 President’s Award for Golf Development Recognises EDGA’s Global Impact and Influence

10th Dec 2021

Italians Run Riot to Clinch a Wire-to-Wire Victory in the 2021 International Team Championship

3rd Dec 2021
load more

ESET: On Course for a Good Hacking5 min read


Posted on: 6th Jul 2021

ESET is a CPG Business Partner and member of the Business Club by CPG – Find out more here

Have you ever wondered how a cyberattack takes place? Many people question it, but few think it would actually happen to them. However, the simplest of cyberattacks target the human aspect, which can be easily manipulated with the right knowledge and tools – and the outcome of a successful cyberattack can be catastrophic.

I’ve not played golf in a few years but back in my uni days, I spent a good number of weekends with a tee time booked, hacking up the course with my 7-iron. However, more recently, I have turned to a different kind of hacking which is far more fun and much less ego-bruising for me.

I have 14 years’ experience in the cybercrime and digital forensics unit in my local police force and now work as a Cybersecurity Specialist for internet security firm ESET, where I hunt and analyse potential cyber threats facing businesses. Being able to understand criminal hackers often means becoming one (ethically of course), revealing insights which can help potential victims better protect their security.

I was recently asked to investigate the security of an independent UK golf club and like with any good heist, research is vital. Although I am familiar with the surroundings, lingo and attire of a quality golf club, I needed to learn everything I could about the staff and specific club in question; and this is where Google is your best friend. Armed with my online findings and a couple of quality techniques in my back pocket, I was pretty confident I could have some fun with my target golf establishment.

Firstly, I need to add a little disclaimer. Before I embarked on my escapade, I was granted full access and permission by the owner of the club to go wherever I wanted and to do whatever I desired – within reason, of course!

I decided to pose as an ITV employee, enquiring to do a reconnaissance for a new commercial and requesting to take some photos to report back to my producer. I rang the club up a week in advance and gave them my pre-context story. The business development manager answered and (naturally) loved the idea, inviting me to visit the club the following week.

I arrived at the course one sunny morning and headed straight to their reception shortly after 9am, equipped with my laptop, USB, DSLR camera and a trusty hi vis jacket. Once I had met with the business development manager who I’d previously spoken to, I walked off for an hour with my camera and pretended to take some photos of the course. On return, I showed him the photos and asked if I could use the private WiFi, requesting the password which was happily given to me. I then mentioned that I’d forgotten some paperwork, so I asked him if I could pop my USB in his machine to print off a release form. He obliged and even said, “I probably shouldn’t let someone I don’t know do this.”

It was then that I witnessed the true horror show which I did not ever expect – they were still using Windows XP! Support for this operating system was ceased in 2014 and it is highly dangerous when connected to the internet. To make matters worse, XP was running on the machine in the shop with the point of sale software on! With all the financial and sensitive data being run through this device, it would make for a very dangerous outcome if it were targeted.

Once I had pretended that the document I needed to print was missing from my USB, I sent a fake pre-release form via Google Forms in order to obtain some additional personal information from him, along with one of his passwords. He clicked on this link immediately and filled it out. In fact, he then took a call and left me with full access to two further machines with no one looking.

Of course I didn’t actually exploit the network at this golf club, but the lessons learnt were vital. The simplicity of hacking anywhere is eye-opening impressive and relatively easy: a quality backstory, a touch of charm and a spot of luck will get you into most areas all fit enough to exploit. A high vis jacket just helps to seal the deal.

On report to the golf club’s owner, he was somewhat shocked yet equally unsurprised. He thought it may have been easy and said himself that he never thought anyone would ever hack his business. The truth is, however, every business is a potential target and whilst they remain so easily penetrable, they will remain potential victims.

So here’s how to keep a golf club secure:

  1. Install the latest, most up-to-date operating system on all computers
  2. Implement a guest WiFi and never allow anyone other than staff access to the main WiFi connected to the network
  3. Never assume anyone is who they say they are when they request to use a club computer or desire access into rooms unsupervised
  4. Keep all passwords away from prying eyes and never write them down
  5. Educate your staff on phishing emails and ensure policies are in place should staff need to report something.
  6. Encrypt any sensitive data and never leave computers unlocked
  7. Never click on unsolicited links or attachments
  8. Use a robust antivirus product on all computers

RECEIVE FUTURE CPG NEWS

VISIT ESET

SUBSCRIBE TO CPG UPDATES
Subscribe to receive future announcements, updates and live content from the CPG.
We respect your privacy.