TAMPA, FL -- Dustin Holifer, pro wrestler turned pro hacker, showed us how he can take down Channel 10.
It begins with finding email addresses.
“Right now, it's just searching against search engines and other online sources to find anything associated with wtsp.com,” he said.
Using an application called the Harvester, it didn't take long for several to pop up.
Reporter: And now you can send us a mass email?
“Yeah, and in a minute when it's done, I'll be able to tell you how many potential emails are in this list.”
With that information, hackers find a crafty way to phish you in – hook, line and sinker.
They create a personalized e-mail, send it to your company and need just one person to fall for the bait.
That’s something business owner Ray Sikorski can tell you himself.
“By Day 4, I wasn't sleeping anymore,” he said.
Based in Tampa, Sikorski built Verified Label, Print and Promotions from the ground up.
His company is 22-years-old and in just two weeks, it was almost all gone - after one employee clicked on a bad e-mail attachment that seemed believable.
“It worked overnight and we came in and had half our computers were locked and they all had a screen that said you have been encrypted, contact us for instructions on payment of ransom and it gave us an email address email@example.com”
He didn't pay the ransom, but the virus was so severe it cost him $40,000 to repair the system.
“You need to sit down and you need to take a look at what're doing and what's the next level you could be doing because it's not a matter of if, it's when,” Sikorski said.
Now, back to the professional hackers. Based in USF’s Research Park, they’re doing what’s called penetration testing.
“When we get hired by a company to break in to their system and show them all of their security flaws and show them how to fix them,” said Jeremy Rasmussen.
Rasmussen is the cyber director for cybersecurity company Abacode.
Abacode hacks other companies before the bad guys do and helps them avoid what Sikorski went through.
“A lot times there will be some flag for us to capture, the CEOs salary or something like that.”
Rasmussen showed how quickly he can find a password through easily accessible hacking websites.
Computers store passwords in the form of hash marks (basically a longer password full of different characters).
Once hackers find hashmarks, they use pass cracking websites to find what they are.
“I've got upper and lower case characters; I've got an exclamation point. I've got all the complexity factors that most companies would require. Let's see if this guy can find it. This guy found it.”
Found the password in just seconds.
So, how do hackers figure out who to attack? They like big targets.
If they can crack into big companies like Target and LinkedIn, just imagine what they can do to you. Think of all the places where we leave a digital footprint, you might use a credit or debit card at grocery stores, restaurants, hotels, even doctor's office - where they have your social security number, address and health records.
Once Abacode hacks a company, they hand over a test report.
“Anything that's critical should be repaired right away,” said Cassandra Stavros with Abacode.
Too often hackers give us a dose of reality from the virtual world.