No announcement yet.

AT&T Security Hotline 1-800-822-9009

  • Filter
  • Time
  • Show
Clear All
new posts

  • AT&T Security Hotline 1-800-822-9009

    Browsing through slashdot, and came across this....

    ************************************************** **************
    AT&T Network Fraud Advisory
    July 11, 2002
    ************************************************** **************
    Possible Hacker Social Engineering Attempts
    Friday July 12 – Sunday July
    14, 2002
    ================================================== =
    Be careful about giving information to anyone you don't know and those making unusual information requests by claiming to be an AT&T employee or customer. The H2K2 (Hackers on Planet Earth 2002) Hacker Conference will take place this weekend, Friday, July 12 to Sunday to July 14, 2001, [ed. note: 2001?] in New York City. This conference will be a gathering of over five thousand computer hackers, guest speakers, and computer enthusiasts. In 1994, 1997 and 2000 at the previous Hope (Hackers on Planet Earth) Conferences, live demonstrations of "social engineering" techniques were performed in front of thousands of hackers and other attendees. The hacker panel dialed live into AT&T offices and centers and demonstrated how to get proprietary information by pretending to be an AT&T employee and customer. These calls were recorded and videotaped by the hackers and are sold as instructional material at future hacker conferences. There is a very high likelihood that AT&T will be a target again this weekend. The social engineering contest is scheduled for Sunday July 14th, at 4 P.M. ET, (1 PM PT). During this period hackers may be dialing into AT&T to get information. AT&T Network Security would like to warn our employees to be on guard this entire weekend for any unknown person calling and claiming to be an AT&T employee to request proprietary information or claiming to be an AT&T customer with unusual requests. Remember, if anyone, who is unknown to you calls for proprietary information or make unusual requests, please follow your procedure by requesting additional information to ensure the person is who they say they are before giving out any information. · If the person is claiming to be an AT&T employee, please request name, callback and HRID #. Then verify through POST or the email global address list if the information is correct and even request to call the employee back at their contact number. · If the person is claiming to be an AT&T customer verify this by requesting additional info on their account like address and SS# and even request to call the person back at their contact number listed on the account. Please be on guard for any unusual requests. Verify the person is an AT&T employee or a legitimate customer and if they have a need to know the information they are asking. If you can't verify employment or number, don't give out the information. If you are still in doubt regarding the legitimacy of the caller, then speak to a supervisor regarding the situation before proceeding further and inform the caller you will call them back. If you still have questions you can call the Security Hotline 1-800-822-9009. Remember you do not want to be the lucky guest of honor on a telephone call from the hacker conference this weekend with thousands of hackers listening to you and attempting to scam AT&T out of proprietary information. Please be on guard.
    - - - - - - - - - - - - - - - - - - - - - - - - -
    Source: AT&T Network Security
    ************************************************** *****************

  • #2

    The scary thing is they're still not doing anything that can't be overcome. If they're gonna call you back though, then it gets a little tricky.

    But all of the other information is easy enough to come accross, maybe not as easy with AT&T, but here in BC with Telus the information they ask for is the employee number and department. We have lists of like 500 or so employees with Emp #, phone #s, Dept, vehicle # and in some cases email and fax #s.

    As with any SEing the point is to sound like you know what your talking about and in most cases I'd say we know more about what we're asking for than the people we're SEing the info out of!



    • #3
      You can always call AT&T and rescind the memo, say you wrote it, hehe. My stepmother retired from AT&T, she is in their good graces I am sure. Rats.


      • #4
        To me that just looks like a challenge to exploit the use of the hotline... then again, maybe that's just me...
        if it gets me nowhere, I'll go there proud; and I'm gonna go there free.


        • #5
          Try to find out the normal number atached to that 800 number, normally there is one. Then sign them up with MCI or Sprint.


          • #6
            Originally posted by c0nv3r9
            To me that just looks like a challenge to exploit the use of the hotline... then again, maybe that's just me...
            Funny how most security memo's are written as if the people they are writing about are never going to read it...


            • #7
              Good point. Maybe we need to issue a countermemo.


              • #8
                Originally posted by astcell
                Good point. Maybe we need to issue a countermemo.
                Don't give me any ideas... ;)


                • #9
                  Call their 1-800 number and tell them that you will hack into the system and erase late charges for 50 users at random nationwide. You will fid overdue accounts for people not likely to call in and ask where they credit came from, so they will never ever fins those whom you rescued.

                  Imagine the backup job they will begin!


                  • #10

                    Whoever the anonymous person is that submitted that to slashdot just copied and pasted a memo that was submitted about Defcon 6. I saw this years ago. It is lame that whoever it is decided to try and get exposure for H2K2 with something written about Defcon.
                    .: Grifter :.


                    • #11

                      Here's the link to the memo.

                      .: Grifter :.


                      • #12
                        I thought it sounded more like an se activity that would occur at dc, but then again, I've never really cared much about h2k2 and such
                        if it gets me nowhere, I'll go there proud; and I'm gonna go there free.


                        • #13
                          Well call the 800 number, ask for the memo for this year, maybe there is one and that is how to get it.


                          • #14
                            warning warning

                            what ever u do dont call that number they have caller ID and there mean as hell if u tell them u have the wrong number and they ask u all this stuff. i asked them if they were goin to be my friends. the lady said sir we cant be friends so i acted like we were goin out for a long time and she freaked out here is what happened.

                            Fused (F) thats me
                            OP (P) chic on fone

                            F: hello
                            O: hello how can we help you today
                            F: sorry i have the wrong number
                            O: ok
                            F: WAIT!
                            O: yes
                            F: dont i know you
                            O: no sir i dont think you do
                            F: you sound like a person i know
                            O: well i dont know u
                            O: who is this
                            F: Jim Rashome LOL
                            O: no i dont know u
                            F: ok i just remembered my friend sounding like you, we went out for a long time. she broke up with me to go out with a body builder.
                            O: hmm sir
                            O: i must go now
                            F: wait DOnt you love me
                            O: hangs up

                            I dont think they love me.


                            • #15
                              Reminds me of my wife making crank calls saying "Is Melissa there? We were supposed to have phone sex!" SOme folks would talk with her for 10 minutes, others would be disgusted and hang up. Tons of bad numbers and no answers. We never knew it was so hard to try lesbian phone sex, but you learn something every day!