Slashdot Mirror
Social Engineering in the Workplace
An anonymous reader writes "Could a total stranger walk out of your business with thousands of dollars in merchandise without your knowing? Even worse, could they manipulate you into helping them each step along the way?"
If a stranger could do that, I'd follow his example. :)
"thousands of dollars in merchandise"
Why merchandise?
Just take the cash and scram! O.o
Ken Lay did it to the tune of several billion dollars in California so I'd say it's very possible.
~S
No way. I'm too lazy to help the people I should be helping. Why would I help a stranger?
..so we don't have stuff worth thousands of dollars sitting around. I'd wish that someone would steal some crappy old computers sitting around though. Please take away the Apple IIs...please..
made me think for a moment this article was about how to score on chics and get laid ....
A lot of people are blind to anything that does not look out of place in their limited world. And a lot of others are sheep to any authority that comes along, anyone with confidence and some acting skills.
Actually, at my school the homeless people look more like professors. Go ASU!
No comment at this time
I'm not sure someone could walk out of my business with thousand dollars in merchandise, as I work at MacDonalds.
It's a place where no worker will listen to any social engineering attempt, you know. And anyway, thousand dollars of McDonalds food will probably kill anyone, in horrible pain.
____
nico
Nico-Live
"I followed one of the girls as she was taking off her jacket so I could take a look at the coat rack."
oh yeah baby take it off
Social engeneering is fun.
:)
;) )
It's even more fun when others don't notice that you are on to them and feeding them complete bull.
(from MSG)
'Isn't that that guy, from that other network? The script kiddy?'
'Yes.'
'the one that tried to hack you.'
'Yes.'
'And you are talking to him?'
'Yes.'
'WHY?'
'Shh,Watch.:)'
(In chan, after some yacking about and playing stupid, he was posing as a billing person from my ISP
'Oh, you need my new credit card info for that. let me msg it to you.'
'ok.'
(later, after he left)
'WTF! You gave him a CC number?'
'Yeah, of a old card.'
'I don't understand.'
'The card was reported stolen a year ago.'
'Yeah...okay..so, it won't work.'
'No, it wont, but guess what happens when you try to use a *stolen* credit card?'
'......'
'OHHHHH!'
Hee!:)
My new top secret key -> C>N|KB
At my uni you didn't even have to resort to social engineering to get the basics. All you had to do was show up at the finance office for your student loan.
They made everyone sign next to their name on a big printout that sat close to the counter. This was in surname order, but also contained forenames, date of birth, matriculation number, department, and a couple of other bits and bobs.
Which was great. Especially given that the network user IDs all took the form [first initial][last initial][matric no].[department code] and the default password was the date of birth.
As far as I'm aware, this wasn't used for anything beyond "I don't like Bob, log in as Bob, look at doggy-porn, print doggy-porn, log off, run" - which would still be pretty bad news if you were Bob. But it would have been so easy for anyone with even more malicious intent to take a few pages of the printout and use it to extract even more personal information.
Scary, really.
maybe I'm just in a bad mood but that guy seems to really enjoy being a smartass and getting people in shit. I hope one of the employees he dupes socially re-engineers his teeth next time.
I read a story about a military intelligence officer at the Pentagon who forged a security badge to test if anyone actually looked at them. He borrowed a Soviet KGB officer's uniform and had his picture taken wearing the uniform. He pasted the picture on the forged badge. He then wandered through the Pentagon wearing the forged badge. Nobody challenged him or took a second look at his badge.
Mea navis aericumbens anguillis abundat
When I was in college, two of my fraternity brothers made it a game to try and walk out of stores with ANYTHING. The bigger the better.
So one day they decided that they needed to snag a canoe from Sears. They walked in and waited until no one was looking and grabbed a canoe and headed for the door.
As they got near the door, a clerk stopped them and said "Excuse me, did you pay for that canoe?"
"No, we're just walking out the door with it!" they responded sarcastically. The clerk backed off and held the door open for them as they left.
RICKY: Hey, how's it going? I just need this table here... ... just let me call my supervisor please.
WORKER: Uh wait.. we're just about to start a production meeting.
RICKY: Yah I know, there's new furniture coming here in about 5 minutes. I'm just going to take this stuff.
WORKER: Uh just
RICKY: Actually I'd love to, but we need this phone, so sorry about that.
--
Hillarious.. here's a torrent.
Your story reminded me of one my dad used to talk about.
This was a paper mill, of the type that took trees and made them into paper.
These mills typically have several large boilers to make heat and steam to do stuff, and there is a lot of paper scrap that gets created during cutting. The scrap is put in the boilers to burn it... getting rid of the scrap helping on saving of the other fuel (coal I think). So there's always guys moving the stuff around and everybody has a chance to see with this scrap looks like.
So the guards catch a guy with a wheelbarrow full of this type of paper scrap attempting to leave with it. No printing on it, just big sheets or partial rolls of paper. They poke through it and let the guy go. (I don't know if he used to work there or worked there or what, but in any case there was no badge involved. It was the 70's so maybe they didnt have them yet.)
The guy goes by the same few guards twice a week for weeks, each time getting his cargo inspected for contraband. No problems, sure you can have the paper scrap.
At the end of the year, 102 missing wheelbarrows.
Theft is not always what it seems to be at the time.
Agreed, but it is morally wrong to purchase a copy of Mitnick's book. Shoplift a copy, or steal it from the library. At the minimum, deface all copies of it you find in the bookstore, so that they end up on the remainder/damaged-book table at a steep discount.
resigned
I guess I have to chime in with my story as well. I was working at a military base (as a contractor) and some of the uniformed guys had a contest to see what they could flash at the guards instead of their military ID and make it through. They started with driver's license and then somebody got through with a library card. The winner? Got through by flashing a piece of toast...
Excellent story but I have one question: what are these 'typewriters' you speak of?
As a student, the worst stunt I pulled was when I noticed the SPs would come into the chowhall for lunch and just leave their M-16s at a table with their headgear & other junk. The USMC is very particular about always leaving a "complete safe weapon", so I strolled over, popped out the magazines, checked the chambers, and verified the selector was set to "Safe." The two "security specialists" didn't even notice!. The next day they came in and left the rifles again - so I made them safe again. To make the point more obvious, I removed the firing pins and left them sitting on top of the SP's jaunty black berets in the middle of their table. The look on their faces was priceless.
Our commander was forced to order us to "stop helping the SPs", though he did so with a smile on his face. They stopped leaving the rifles out, at least while I was there.
When I later returned to the same base to be an instructor they had a much smarter officer in charge of the guard force. Some of my students were telling me they had been drawing moustaches and/or sticking pictures on the front of their badges and getting in without being challenged, but before I could test this myself I was invited to assist the SP colonel in a little experiment: He asked me to check in (& out if possible) using a fake badge he had made up. It was a quality job, using the regular forms and professional lamination - but it said I was Vladimir Lenin (with his picture) and a member of the KGB!
Sadly, I got right through - one of the guards touched the badge to verify I had one, but none of them looked at it. The colonel was so disgusted those guards were immediately pulled and sent back to their original training base. I wanted to keep the badge, but the colonel said he might need it again, if his guys got sloppy again ...
I expected to get some flack from the other guards, but they all felt that "anybody that careless was no loss".
Hmmm. Your ideas are intriguing to me and I wish to subscribe to your newsletter.
...except for the camera angle. but all in all, smooth.
Funniest one I ever read about was the phony night deposit box. All official looking, placed next to the banks night deposit slot, tape a BORKEN, DON'T USE sticker over the real one. The thing sat there until it was stuffed,lotta bars and restaurants, etc stuffing it in after closing time. The perps were rolling it into their truck in the early AM, (they got guard uniforms on), the real cops show up and HELP THEM LOAD IT UP.
These days, the most popular target for thieves is laptops. Easy to carry, valuable, and it's the one piece of equipment the guards will expect people to carry out.
Is it wrong for me to want to teach my company why a zero-tolerance policy is a good idea by stealing laptops until it's implemented?
Humpty Dumpty was pushed.
When I was in college, people used to do a textbook scam. They'd buy a textbook one day, then go back to the store the next day. They'd pick up a duplicate copy from the shelf, then use the receipt from the day before to return that book. Result: cash return plus they could still sell the original on the side OR keep it for class.
-- SYS 64738 --