Announcement

Collapse
No announcement yet.

$6 million to $20 million Social Engineering / Con

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • $6 million to $20 million Social Engineering / Con

    URL1

    Social Engineering and convincing people to part with money:

    Originally posted by url1
    Man loses $20 million after taking laptop for repair
    Repair shop couple invented elaborate hoax

    By John E Dunn | Techworld
    Published: 13:56 GMT, 09 November 10
    ...
    According to police, the pair were able to convince Davidson that the virus was in fact a symptom of a much larger plot in which he was being menaced by government intelligence agencies, foreign nationals and even priests associated with Catholic organisation, Opus Dei.
    ...
    It is amazing that the alleged criminals perpetuating this for 6 years were able to get away with it for so long. Google trends shows as decline in interest in "social engineering" since 2005, but we've seen more news stories about it like coverage of the Defcon Social Engineering contest, news stories about Nigerian 419 scam, scammers & victims, and the Russian Spy group with the woman and her associates that used social engineering.

    A presentation at this last Defcon 15 on "No Tech Hacking" (Johnny Long) provides commentary about not using the latest greatest techniques or skills to technology to break access restrictions. (Jump to 6 minutes 0 seconds to about 8 minutes 50 seconds in and story about Vince.)

    The summary of that story is low tech attacks can work against complicated security systems or "Don't makes things more difficult (than they need to be.) Reduced even further, "keep it simple stupid," and then refined, "when attacking any system, use what is effective first; don't waste time trying to make a latest, greatest technological gizmo or toy unless that the the best choice." It is like another application of The Art of War, in choosing the path that will result in victory, where victory is defined as completing the objective with the least wasted time, fewest lost resources including men, and by gaining the most in resources from the enemy.

    Considering both of these ideas together, will we see an increase in frequency of "social engineering" being used and discussed in news stories as companies improve their physical security, and use OS with improved security that require more skills or more complicated code/tools to exploit them? Will social engineering becomes the "easier" or "shorter path" and be used more often as a result? Also, will attacking the meat-space with social engineering become easier, as people with minimum-wage (or slightly above minimum wage jobs) are put in charge of being gate-keepers to the resources that are desired by attackers? What implications does this have with access-control to medical bio-hazards and guarding medical waste, or restricting access to nuclear research and radioactive materials?

  • #2
    Re: $6 million to $20 million Social Enginnerring / Con

    From reading the article, it sounds like the people actually preyed upon some preconceived fears their victim had. They probably read through his files and found some information that they could use to scare him.

    Of course, this doesn't really discount the fact the guy had to be stupid/paranoid to even believe them in the first place. But there had to have been some research done on their part to rope him in.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

    Comment


    • #3
      Re: $6 million to $20 million Social Enginnerring / Con

      Originally posted by streaker69 View Post
      From reading the article, it sounds like the people actually preyed upon some preconceived fears their victim had. They probably read through his files and found some information that they could use to scare him.

      Of course, this doesn't really discount the fact the guy had to be stupid/paranoid to even believe them in the first place. But there had to have been some research done on their part to rope him in.
      I'm actually having trouble wrapping my mind around this. People with money usually have financial managers, or at least BANKERS, for heaven's sake, that pay attention to what's going on with someone's finances. *I* have those people, and I am small potatoes. I hope that the perpetrators get to visit a nice local prison for a very long time, but I don't know that I feel sorry for the victim.

      Stupidity is its own reward.

      Yes, I probably need more coffee, but I believe I stand by my assessment.

      Comment

      Working...
      X