Murderboard Prequel (EN): Where Crime Fiction, Privacy and IT-Security Come Together

It was a warm summer day when I got a call from an acquaintance who wanted to hire me for data protection coaching with one of his clients. Besides crime writing, I also work in data protection, helping self-employed people and small businesses to set up their websites and also their internal processes in a data protection-compliant way and so on. Perhaps a somewhat strange mixture: crime fiction and data protection. But actually it’s not on a closer look, and which will—hopefully—become apparent in the course of the following four blog posts. My friend’s inquiry was about a suspicion that information was leaking out of the company and being used by the competition.

I prepared quite a long list of questions, which was partly fed by my experience in data protection, but also by seven years of experience as a project manager in web development. I showed the question list to René, who works as a freelance pentester. Maybe some of you know him from the privacy podcast episode on „Pentesting“ or also some of his talks at PrivacyWeek. It took a good half hour, then I got the answer: „Looks complete“. And I thought to myself: crime writer and IT-sec—a perfect mix for such a job! Criminalistic thinking can help to convict criminals. What would I attack if I were targeting a small company or even an individual?

A little later I got another message: “Make a murder board! A classic who – against whom – when – where – why.“

I thought: “I told you so, crime writer and IT-sec.”

And a third message followed: “I have an idea! Let’s write a murder board blog post series together!“

And here we are: where crime fiction, privacy and IT-security come together.

By the way, we are: René “Lynx” Pfeiffer, IT-security expert and organizer of the annual DeepSec conference, which brings together experts in IT-security and offers a select workshop and lecture program. And me, Klaudia “jinxx” (or “jinxxproof”) Zotzmann-Koch, author, podcast host, privacy expert and co-organizer of the annual PrivacyWeek since 2016.

You might wonder why we’re taking forever to write a blog post series. The answer is quite simple: we want to show you that #onlinecrime is much more common, easy and diverse than you might think. Add to that my experience from many workshops in schools, community colleges, self-organized webinars and more, that the questions asked are always the same in all age groups from 12 to 92. Plus the unanimous opinion that „I’m far too uninteresting for them“, with no further definition of who „they“ are. And of course the ubiquitous „I have nothing to hide,“ which reads more like „I don’t want to deal with this topic“ and points to a popularity comparable to counting calories or testicular cancer. Above it all hovers a blind faith in technology; an expectation of salvation that technology can and will solve all our problems if we just let it. Coupled with naïve guilelessness toward companies and institutions, but also toward authorities and the state.

We want to show you what is currently (spring 2021) actually possible and workable, how difficult or easy it is, and what interests are behind it. And we want to prepare some entertaining reading minutes. The topic is serious, but at least it can be told entertainingly.

Links

DeepSec Blog
Easy Ways to Be More Private on the Internet – Klaudia’s book on digital self-defense for beginners
Murderboard-Talk by René and Klaudia at #pw20

The Other Parts of the Series

00 – Prequel
01 – Chapter 01: Traces
02 – Chapter 02: Investigations
03 – Chapter 03: Serial Hackers
04 – Chapter 04: State Hacking