Announcement

Collapse
No announcement yet.

social engineering of museum security in Canada

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    social engineering of museum security in Canada

    Fake phone call fooled UBC security in museum heist, police sources say
    An experienced jewelry thief may have hoodwinked the University of British Columbia's campus security by telling them to ignore security alarms on the night of last month's multi-million dollar heist at the Museum of Anthropology, CBC News has learned. ...

    Four hours before the break-in on May 23, two or three key surveillance cameras at the Museum of Anthropology mysteriously went off-line. Around the same time, a caller claiming to be from the alarm company phoned campus security, telling them there was a problem with the system and to ignore any alarms that might go off. Campus security fell for the ruse and ignored an automated computer alert sent to them, police sources told CBC News.
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor
    Tags: None
  • #2
    Re: social engineering of museum security in Canada

    Originally posted by Deviant Ollam View Post
    Fake phone call fooled UBC security in museum heist, police sources say
    For cripe sakes, that's the opening act in "Sneakers".
    Thorn
    "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

    Comment

    • #3
      Re: social engineering of museum security in Canada

      I'm not surprised to be honest. People are dumb when it comes to someone else's security. The guards probably aren't paid enough to be really suspicious of such things. They were probably thankful they were false alarms since they interrupted their poker game or something.
      Never drink anything larger than your head!





      Comment

      • #4
        Re: social engineering of museum security in Canada

        I was talking with someone this past week about a social engineering they did as part of a penetration test.

        They mined the Internet for employees with email addresses from the target company.
        They sent an obvious phishing email to those employee's
        They called those employee's on the phone telling them that they were from the company's IT Security group and asking if they had received a specific email, which obviously they did.
        They then told those employee's that the email had planted malware on their computers and that that they would be sending them a second email with a link where they had to go in order to disinfect their computer.
        They sent an email them these employee's, using a forged header, with a link to an IP Address that these employee's were to click on.
        When these employee's went to the link they were asked for user ID's, passwords, etc.

        They did not collect any information from the user's only the number of users that visited the site.
        DaKahuna
        ___________________
        Will Hack for Bandwidth

        Comment

        • #5
          Re: social engineering of museum security in Canada

          Originally posted by DaKahuna View Post
          I was talking with someone this past week about a social engineering they did as part of a penetration test.

          They mined the Internet for employees with email addresses from the target company.
          They sent an obvious phishing email to those employee's
          They called those employee's on the phone telling them that they were from the company's IT Security group and asking if they had received a specific email, which obviously they did.
          They then told those employee's that the email had planted malware on their computers and that that they would be sending them a second email with a link where they had to go in order to disinfect their computer.
          They sent an email them these employee's, using a forged header, with a link to an IP Address that these employee's were to click on.
          When these employee's went to the link they were asked for user ID's, passwords, etc.

          They did not collect any information from the user's only the number of users that visited the site.


          *wipes a tear, sniffles*
          That's beautiful.



          And regarding the OP-- yeah, I think I saw that in Sneakers too come to think of it. ;)
          " 'Yields falsehood when preceded by its quotation' yields falsehood when preceded by its quotation."
          - Willard Orman Van Quine

          Comment

          Previous template Next
          Working...
          X