«
»

The new social hacking

Hello everyone I am back. with projects at work and college I have had no time to write here.
Today’s subject is hacking. Back in my early days of computer work in the early 80s hacking meant something different than is does now. It wasn’t about purring together a script based on someone else’s work and creating a batch file that executes a virus. Part of hacking in that day was social engineering. An example might be the following:
“Hello this is Phil Daniels in programming. Is this Debbie?”
“Yes this is Debbie.”
“Good, I was hoping to catch you. We are rolling out an upgrade on the server and noticed we had some missing passwords. We have to continue since we have started which means in about twenty minutes you will no longer have access to the database if we don’t get your password. Can you verify that for us right now?”
“Oh, well I need to make sure it is alright let me run this past my supervisor and call you back.”
“That’s fine Debbie but if you don’t get in on the upgrade we can’t add or change new passwords for the 72 hour test period so we need this now or you will not have access for that amount of time.”
Oh, ok, well the password is ‘sparkles’”
“Thanks Debbie we will get you added. And I will report to the supervisor how security conscious you were. Have a good day.”
The caller just talked Debbie out of her password.

This year I have experienced this same thing happening in a new form. At the hotel group I work for one of the office workers responded to a popup that looked very official. It looked like a cross between a Microsoft security popup and the AVR resident shield. It was, in fact, a phishing add for antivirus 2009. This malicious program uses a digital version of social engineering to fool people into installing it and then paying for the privilege. I didn’t realize at that point how easy people fell for that trick. I work with computers every day and if something doesn’t look right I stop and investigate.

I wrote a three page description of how this virus got in and included screen shots so everyone would avoid the problem. The next person who got the virus did so less than a week later with the warning letter still on the bulletin board beside her desk. A third person fell or the trick in another two weeks. This was just proof to me how little people paid attention to their surroundings. I think that in this modern age all office workers should at least study the A+ material. In the past office work meant thay could type and run a copier. In this day and age they must have database, spreadsheet and word processor experience. It surprises me how often I am called to build a spreadsheet for a sales or accounting app when it should be part of the education of the modern office worker.

In short a better education in modern tools and the focus to pay attention to your surroundings is a must. It is a shame that it is often overlooked.

This entry was posted on December 29, 2008 at 1:05 am and is filed under mac, macintosh, tech, technology with tags , , , . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.