Social Engineering

If you have something interesting to say as a writer and it's readable, or just have an opinion on a good book you read...why not put it here so we can enjoy it with you...
Post Reply
User avatar
1st Century Addict
Posts: 119
Joined: Sun Feb 04, 2007 7:06 pm
Location: Tunisia

Post: # 58275Post Crow
Mon Feb 12, 2007 3:45 pm

Still on the subject..


"The company that doesn't make an effort to protect its sensitive information is just plain negligent." A lot of people would agree with that statement. And the world would be a better place if life were so obvious and so simple. The truth is that even those companies that do make an effort to protect confidential information may be at serious risk. Here's a story that illustrates once again how companies fool themselves every day into thinking their security practices, designed by experienced, competent, professionals, cannot be circumvented.

Steve Cramer's Story

It wasn't a big lawn, not one of those expensively seeded spreads. It
garnered no envy. And it certainly wasn't big enough to give him an
excuse for buying a sit-down mower, which was fine because he wouldn't
have used one anyway. Steve enjoyed cutting the grass with a handmower
because it took longer, and the chore provided a convenient excuse
to focus on his own thoughts instead of listening to Anna telling him
stories about the people at the bank where she worked or explaining
errands for him to do. He hated those honey-do lists that had become an
integral part of his weekends. It flashed though his mind that 12-year-old
Pete was damn smart to join the swimming team. Now he'd have to be at
practice or a meet every Saturday so he wouldn't get stuck with Saturday
Some people might think Steve's job designing new devices for
GeminiMed Medical Products was boring; Steve knew he was saving
lives. Steve thought of himself as being in a creative line of work. Artist,
music composer, engineer - in Steve's view they all faced the same kind
of challenge he did: They created something that no one had ever done
before. And his latest, an intriguingly clever new type of heart stent,
would be his proudest achievement yet.
It was almost 11:30 on this particular Saturday, and Steve was annoyed
because he had almost finished cutting the grass and hadn't made any real
progress in figuring out how to reduce the power requirement on the heart
stent, the last remaining hurdle. A perfect problem to mull over while
mowing, but no solution had come.
Anna appeared at the door, her hair covered in the red paisley cowboy
scarf she always wore when dusting. "Phone call," she shouted to him.
"Somebody from work."
"Who?" Steve shouted back.
"Ralph something. I think."
Ralph? Steve couldn't remember anybody at GeminiMed named Ralph
who might be calling on a weekend. But Anna probably had the name
"Steve, this is Ramon Perez in Tech Support." Ramon - how in the world
did Anna get from a Hispanic name to Ralph, Steve wondered.
"This is just a courtesy call,, Ramon was saying. "Three of the servers
are down, we think maybe a worm, and we have to wipe the drives and
restore from backup. We should be able to have your files up and running
by Wednesday or Thursday. If we're lucky."
"Absolutely unacceptable," Steve said firmly, trying not to let his
frustration take over. How could these people be so stupid? Did they
really think he could manage without access to his files all weekend and
most of next week? "No way. I'm going to sit down at my home terminal
in just about two hours and I will need access to my files. Am I making
this clear?"
"Yeah, well, everybody I've called so far wants to be at the top of the list.
I gave up my weekend to come in and work on this and it's no fun having
everybody I talk to get pissed at me."
"I'm on a tight deadline, the company is counting on this; I've got to get
work done this afternoon. What part of this do you not understand?"
"I've still got a lot of people to call before I can even get started," Ramon
laid. "How about we say you'll have your files by Tuesday?"
"Not Tuesday, not Monday, today. NOW!" Steve said, wondering who he
was going to call if he couldn't get his point through this guy's thick skull.
"Okay, okay," Ramon said, and Steve could hear him breathe a sigh of
annoyance. "Let me see what I can do to get you going. You use the
RM22 server, right?"
"RM22 and the GM16. Both."
"Right. Okay, I can cut some corners, save some time--I'll need your
username and password."
Uh oh, Steve thought. What's going on here? Why would he need my pass
word? Why would IT, of all people, ask for it?
"What did you say your last name was? And who's your supervisor?"
"Ramon Perez. Look, I tell you what, when you were hired, there was a
form you had to fill out to get your user account, and you had to put
down a password. I could look that up and show you we've got it on file
here. Okay?"
Steve mulled that over for a few moments, then agreed. He hung on
with growing impatience while Ramon went to retrieve documents from
a file cabinet. Finally back on the phone, Steve could hear him shuffling
through a stack of papers.
"Ah, here it is," Ramon said at last. "You put down the password
Janice, Steve thought. It was his mother's name, and he had indeed
sometimes used it as a password. He might very well have put that down
for his password when filling out his new-hire papers.
"Yes, that's right," he acknowledged.
"Okay, we're wasting time here. You know I'm for real, you want me to
use the shortcut and get your files back in a hurry, you re gonna have to
help me out here."
"My ID is s, d, underscore, cramer--c-r-a-m-e-r. The password is 'pelican
1 .'"
"I'll get right on it," Ramon said, sounding helpful at last. "Give me a
couple of hours."
Steve finished the lawn, had lunch, and by the time he got to his
computer found that his files had indeed been restored. He was pleased
with himself for handling that uncooperative IT guy so forcefully, and
hoped Anna had heard how assertive he was. Would be good to give the
guy or
his boss an attaboy, but he knew it was one of those things he'd never get
around to doing.

Taken from the eBook : "The art of deception" by Kevin Mitnick.

This shows how easy you get sensitive informations by sounding serious.

If you guys are planning on doing Social Engineering BE VERY CAREFUL of REVERSE Social Engineering :

Definition : R.S.E. :
A social engineering attack in which the attacker sets up a situation where he victim encounters a problem and contacts the attacker for help. Another form of reverse social engineering turns the tables on the attacker. The target recognizes the attack, and uses psychological principles of influence to draw out as much information as possible from he attacker so that the business can safeguard targeted assets.


Post: # 59347Post |The|Specialist
Fri Feb 16, 2007 5:57 pm

I give it two thumbs down plus a limp weiner while im at it.

User avatar
Posts: 2227
Joined: Thu Jan 04, 2007 9:59 pm
Location: Camp Lejeune, NC

Post: # 59358Post jaymill230
Fri Feb 16, 2007 8:12 pm

wow, owned by spec :)

User avatar
1st Century Addict
Posts: 119
Joined: Sun Feb 04, 2007 7:06 pm
Location: Tunisia

Post: # 83439Post Crow
Sun Jul 29, 2007 6:15 pm


User avatar
Taz's very own Fireman [RIP]
Posts: 2378
Joined: Fri Jun 16, 2006 3:48 pm
Are you a Spammer: No
Location: N. Augusta, SC

Post: # 83444Post Vorlin
Sun Jul 29, 2007 9:44 pm

Goes to show matter who asks, never give any information. Nobody in IT would need it anyways if they have root/administrator access. Being a unix administrator myself, having access to shadow passwords and such with root, sudo, and others, it's easy to do anything with anyones files/etc. Another lesson is to never use a password that you use for critical things like bank accounts, online stuff, etc.
In the world of protection, one thing is for sure: security = 1 / convenience.

Post Reply