Article April 19, 2019

CFC Summit profile: Meet our happy hacker

Tom Bennett is our resident white hat hacker, using his expert techie skills to find out how the bad guys might go about exploiting computer system vulnerabilities – before they do it themselves.

In You’ve been compromised, his session at our inaugural CFC Summit, he’ll be committing a common cyber attack – business email compromise – against one of our own.

In his previous life, Tom worked in cyber crime special operations with a regional organised crime unit. Today, in his role as Cyber Incident Specialist at CFC, Tom uses digital forensics and intelligence analysis to help CFC’s clients survive a cyber attack. Wanting to find out what makes this crime fighter tick, we sat down with him to learn a little bit more about him and what he’ll be tackling in his session at the CFC Summit.  

Tom Bennett, CFC Summit

Who you are, what do you do and why are you good at it?

My name is Tom and I'm part of CFC's in-house cyber incident response team, helping companies both prevent and respond to cyber incidents. On a typical day, we act as an emergency service for insureds who are dealing with everything from ransomware to fraudulent wire transfers, giving them timely technical support and where necessary, connecting them with one of our local incident response partners. 

I'm passionate about breaking things and when you've done that enough, you get to learn how they work on a fundamental level – and more importantly, how to stop other people doing the same.

What are you speaking about at CFC Summit and why is it important?

I’ll be talking about how to break two-factor authentication using a phishing attack, one of the most common ways hackers compromise corporate email accounts. Summit attendees will be able to watch the attack in real-time.

Two-factor authentication is a security protocol used to verify whether a user is who they say they are – it works by granting access to the user after they successfully present two pieces of evidence – such as a password they’ve set as well as a passcode granted via text message. You’ve probably had to do this when you log in to your Google or Netflix account from a different device, for instance.

The fact that two-factor authentication can now be hacked is a big deal because it undermines a security measure the cyber security community has placed a great deal of faith in.

What's the weirdest thing you've hacked? 

To be honest, it's probably two-factor authentication. I started out thinking it would be impossible, and instead I found a loophole that ended up applying to essentially all modern technology platforms. It's quite worrying and something I think the audience will find really interesting. 

Who are you most looking forward to see speak at the CFC Summit and why?

Hearing from a fighter pilot will be a rare experience, so I'd say Carey Lohrenz – but it's a tough choice!

Beyond work... what's your passion?

Apart from my obvious interest in hacking, coding and technology, I also like aquariums and gardening. Lucky for you, my session at the CFC Summit will cover edgier topics! 

Tom's session is just one of many on a wide variety of topics, so head on over to the CFC Summit website to have a look at the full agenda. What's more, we'll be topping off the Summit with a true CFC party so make sure and save your questions about his fishes' names and suggestions for the best partial-shade perennials so you can ask Tom in person!