Advancing Associations

GolfSixes League Debuts in China Alongside the Hainan Open

18th Oct 2024

Golf Genius Release Major Upgrade to its Tournament Management Product With Event Dashboard+ Feature

10th Oct 2024

Golf Genius Launches Off-Course Technology for Indoor and Entertainment Golf

4th Sep 2024

Olympic Officiating – Inside the Ropes with Christiane Stenger

13th Aug 2024

Rai Claims Maiden PGA Tour Victory With Trusted MacWet Gloves

13th Aug 2024

PING advances Prodi G Junior Clubs; Introduces Junior Custom-Fitting App

16th Jul 2024

Glenmuir Unveils SS2025 Collection: A Tribute to Heritage and Innovation

16th Jul 2024

How to Successfully Implement Technology Within a Golf Operation

2nd Jul 2024

CPG Team Take On 100 Hole Challenge for the Ryder Cup Trust

17th Jun 2024

DP World Tour, The R&A and PGA Tour Launch Global Amateur Pathway

4th Jun 2024

Successful GolfSixes League Grows Globally

4th Jun 2024

Kipp Popert & Daphne van Houten Take G4D Open Honours

18th May 2024

5 Pre-Season Steps for Your Golf Shop With Golf Genius

30th Apr 2024

Golfbidder Pro Expansion – B2B Pricing Tool Now Available to All of Europe

25th Apr 2024

PING Putter Line Expands With Six New Premium Models

23rd Apr 2024

Abu Dhabi GolfSixes League Grand Final Won by Abu Dhabi City Golf Club Juniors

22nd Apr 2024

PING Announced as Supporting Partner of PGA Women’s Championship of Canada

5th Apr 2024

Dr Mark Bull 3D Biomechanics Seminar – 06-07 MAY, Austria

1st Apr 2024

Andreas Kali’s Whole Istic Golf Coaching Seminar – 15-16 April, Austria

1st Apr 2024

PGA Tour Players Overwhelmingly Select Bushnell as Top Choice Among Laser Rangefinders

30th Mar 2024
load more

ESET: On Course for a Good Hacking5 min read


Posted on: 6th Jul 2021

ESET is a CPG Business Partner and member of the Business Club by CPG – Find out more here

Have you ever wondered how a cyberattack takes place? Many people question it, but few think it would actually happen to them. However, the simplest of cyberattacks target the human aspect, which can be easily manipulated with the right knowledge and tools – and the outcome of a successful cyberattack can be catastrophic.

I’ve not played golf in a few years but back in my uni days, I spent a good number of weekends with a tee time booked, hacking up the course with my 7-iron. However, more recently, I have turned to a different kind of hacking which is far more fun and much less ego-bruising for me.

I have 14 years’ experience in the cybercrime and digital forensics unit in my local police force and now work as a Cybersecurity Specialist for internet security firm ESET, where I hunt and analyse potential cyber threats facing businesses. Being able to understand criminal hackers often means becoming one (ethically of course), revealing insights which can help potential victims better protect their security.

I was recently asked to investigate the security of an independent UK golf club and like with any good heist, research is vital. Although I am familiar with the surroundings, lingo and attire of a quality golf club, I needed to learn everything I could about the staff and specific club in question; and this is where Google is your best friend. Armed with my online findings and a couple of quality techniques in my back pocket, I was pretty confident I could have some fun with my target golf establishment.

Firstly, I need to add a little disclaimer. Before I embarked on my escapade, I was granted full access and permission by the owner of the club to go wherever I wanted and to do whatever I desired – within reason, of course!

I decided to pose as an ITV employee, enquiring to do a reconnaissance for a new commercial and requesting to take some photos to report back to my producer. I rang the club up a week in advance and gave them my pre-context story. The business development manager answered and (naturally) loved the idea, inviting me to visit the club the following week.

I arrived at the course one sunny morning and headed straight to their reception shortly after 9am, equipped with my laptop, USB, DSLR camera and a trusty hi vis jacket. Once I had met with the business development manager who I’d previously spoken to, I walked off for an hour with my camera and pretended to take some photos of the course. On return, I showed him the photos and asked if I could use the private WiFi, requesting the password which was happily given to me. I then mentioned that I’d forgotten some paperwork, so I asked him if I could pop my USB in his machine to print off a release form. He obliged and even said, “I probably shouldn’t let someone I don’t know do this.”

It was then that I witnessed the true horror show which I did not ever expect – they were still using Windows XP! Support for this operating system was ceased in 2014 and it is highly dangerous when connected to the internet. To make matters worse, XP was running on the machine in the shop with the point of sale software on! With all the financial and sensitive data being run through this device, it would make for a very dangerous outcome if it were targeted.

Once I had pretended that the document I needed to print was missing from my USB, I sent a fake pre-release form via Google Forms in order to obtain some additional personal information from him, along with one of his passwords. He clicked on this link immediately and filled it out. In fact, he then took a call and left me with full access to two further machines with no one looking.

Of course I didn’t actually exploit the network at this golf club, but the lessons learnt were vital. The simplicity of hacking anywhere is eye-opening impressive and relatively easy: a quality backstory, a touch of charm and a spot of luck will get you into most areas all fit enough to exploit. A high vis jacket just helps to seal the deal.

On report to the golf club’s owner, he was somewhat shocked yet equally unsurprised. He thought it may have been easy and said himself that he never thought anyone would ever hack his business. The truth is, however, every business is a potential target and whilst they remain so easily penetrable, they will remain potential victims.

So here’s how to keep a golf club secure:

  1. Install the latest, most up-to-date operating system on all computers
  2. Implement a guest WiFi and never allow anyone other than staff access to the main WiFi connected to the network
  3. Never assume anyone is who they say they are when they request to use a club computer or desire access into rooms unsupervised
  4. Keep all passwords away from prying eyes and never write them down
  5. Educate your staff on phishing emails and ensure policies are in place should staff need to report something.
  6. Encrypt any sensitive data and never leave computers unlocked
  7. Never click on unsolicited links or attachments
  8. Use a robust antivirus product on all computers

RECEIVE FUTURE CPG NEWS

VISIT ESET