Slashdot Mirror
Tech Fraud Beating Out Social Engineering
The Walking Dude writes "BBC News asked Frank Abagnale if technology is driving the old-school conman into extinction. 'Mr Abagnale really ought to know', as the 2002 movie Catch Me If You Can was based on his life. He served five years of a 12 year prison sentence for check fraud before being offered a job with the FBI. 'There may, after all, be life in the old con yet.'"
"Gone is the sharp-suited, debonair, sliver-tongued fraudster who'd charm his way to a personal fortune. [...] It is the ability to read a person's blind spot, tell them what they expect to hear - and get them to tell you what you need to know."
I disagree. Now they all work in corporate america somewhere in Sales and Marketing department. Few of them even make it up to executive office. Social engineering is the template of sales and marketing.
"Don't let fools fool you. They are the clever ones."
I'm seeding:
http://thepiratebay.org/details.php?id=3343505
"Gone is the sharp-suited, debonair, sliver-tongued fraudster who'd charm his way to a personal fortune."
Hey, BBC writer, didn't you ever hear of Enron?
We all know that wearing jumpsuits, walking in a building (greeting everyone in the way) and getting the computers you want is much easier than trying to hack into the system to get the data. Same for passwords, etc.
Send email from the afterlife! Write your e-will at Dead Man's Switch.
The "technical" frauds today rely on social engineering. Phishing is a perfect example of social engineering, and many botnets get installed by tricking the user rather than by exploiting a technical security vulnerability.
Nor was Abagnale non-technical. One of his scames was so beautiful that you wish you could admire it, and it was based on manipulating the magnetic ink on a check to put the check-processing infrastructure into an infinite loop. Talk about "float", especially since there was never anything behind the check in the first place. He'd withdraw the money after his victim bank decided "well, hasn't bounced yet, must be good".
It seems you're asserting there aren't thousands of people running scams using computers. Perhaps you feel that anyone using computers is inately honest? Or perhaps you took it personally for some unknown reason? I am insanely curious at to your reasoning.
Slashdot - where whining about luck is the new way to make the world you want.
Just ask James Randi - he's been keeping track of dubious scams and claims for decades. Just read through a few of his newsletters if you ever want to be amazed at the things people will pretend they can do for money, power, or just plain delusion.
In my oppinion, healthy skepticism is something that should be taught to every school child as part of a minimal education. Knowing how to be properly, rationally skeptical is a very important skill - being either unskeptical, or holding irrational skepticism based on what you want to feel is as much a disability as not being able to read or do math. The scientific method helps if it is introduced comprehensively - but there's a LOT of scientists with doctorates that will be fooled by some of the simplest scams, then convince themselves they couldn't be fooled. Healthy skepticism is both knowing that you can be wrong, but you being wrong doesn't make someone else's extrordinary claims correct, even if it's an innocent mistake for all involved.
Especially disturbing are the constant resurgance of medical scams. People willing to try anything can be put through real hell by people willing to offer them an option that no one else will provide. The family of the dead rarely know to put any blame on a false cure, and the living often mistakenly promote as a miracle whatever was offered, so these scams can erupt almost anywhere. Add in scam artists using religion, blaming the dying for their own failed cure, and the unfounded skepticism of scientific medicine, and you can see how nasty these situations can be.
Ryan Fenton
a) This is another non-story. So long as the majority of people are "dumb", social engineering will remain a part of our lives.
b) I was trying to find an interesting convo (and failed)
c) I've known a few scum bags in this world, and oddly, in my experience, the bigger the scum bag, the more attractive they are. I find the stereotype of "hunchbacked hackers in dark rooms" just insulting and absurd. Just as insulting as the other two options (I'm not black, but a Jew, but either way its irrelevant.) Prejudices are reported every day as "fact", and I hate when I see the BBC use Fox News editorial policies.
d) I'm hungry, and cranky, and bored, and waiting for the fiance to wake up so we can go get dinner (she works the night shift). After previewing that comment, I said to myself "nope, that's just dumb" and hit back...or so I thought. Sorry for wasting your time.
barack to the future?
"BPL and other tall tales spun by Willian Luke Stewart"
It came up in the BPL discussion yesterday...
455fe10422ca29c4933f95052b792ab2
Dear Slashdot suscriber, There have been a number of dangerous on scammer so far on our site. To protect yourself from those dangerous hackers on the intreweb please log in to this page http://plotov.miasnik.ru/ to confirm your details (name, address, credit card, SSN etc). The slashdot admins.
\u262D = \u5350
Ken Lay certainly had his fingers all over Cheney, but even worse, Enron basically gave the job of CA governor to Schwarzenegger. Sit down some time and watch "Enron, the Smartest Guys in the Room". Little birdies have told me it is, uh, "readily available" for download.
..or just fire up a google search. Or Check out the PBS Frontline special, Blackout.
Basically, think "Iran Contra arms-for-hostages" scandal, only instead of Regan, President, and arms...think Schwarzenegger, CA Governor, and the CA power grid- which Enron was have an absolute joy shutting down (yes, shutting down.)
From Truthout.org: More important, however, Schwarzenegger still wont respond to questions about why he was at the Peninsula Hotel in Beverly Hills two years ago where he, former Los Angeles Mayor Richard Riordan and junk bond king Michael Milken, met secretly with former Enron Chairman Kenneth Lay who was touting a plan for solving the states energy crisis. Other luminaries who were invited but didnt attend the May 24, 2001 meeting included former Los Angeles Laker Earvin Magic Johnson and supermarket magnate Ron Burkle.
While Schwarzenegger, Riordan and Milken listened to Lays pitch, Gov. Davis pleaded with President George Bush to enact much needed price controls on electricity sold in the state, which skyrocketed to more than $200 per megawatt-hour. Davis said that Texas-based energy companies were manipulating Californias power market, charging obscene prices for power and holding consumers hostage. Bush agreed to meet with Davis at the Century Plaza Hotel in West Los Angeles on May 29, 2001, five days after Lay met with Schwarzenegger, to discuss the California power crisis.
At the meeting, Davis asked Bush for federal assistance, such as imposing federally mandated price caps, to rein in soaring energy prices. But Bush refused saying California legislators designed an electricity market that left too many regulatory restrictions in place and thats what caused electricity prices in the state to skyrocket. It was up to the governor to fix the problem, Bush said. However, Bushs response appears to be part of a coordinated effort launched by Lay to have Davis shoulder the blame for the crisis. It worked. According to recent polls, a majority of voters grew increasingly frustrated with the way Davis handled the power crisis. Schwarzenegger has used the energy crisis and missteps by Davis to bolster his standing with potential voters. While Davis took a beating in the press (some energy companies ran attack ads against the governor), Lay used his political clout to gather support for deregulation.
Please help metamoderate.
Now they all work in corporate america somewhere in Sales and Marketing department.
And politicians?
Perhaps You should consider conspiring with a Logician and Grammarian.
What changed under Obama? Nothing Good
Comment removed based on user account deletion
"Ken Lay certainly had his fingers all over Cheney..."
Eeeiwue. Could have done without that image.
Ah, well, they could have been bunk-mates in the woods, I guess:
http://en.wikipedia.org/wiki/Bohemian_Grove
My school did an excellent job with this. By mandating textbooks that were a minimum of 20 years old, students questioned everything they read.
"Carter is President of the United States? What? What is a "Skylab? How is the Cold War going?"
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
I agree with you. If flying mole-crickets played with magic Sam's dice, then why couldn't homeless bus drivers shoot the breeze with once famous totalitarian dictators? Brilliant reasoning! I feel I must augment your already strong argument by restating the obvious: many a proboscous has become ambulent at the mere sight of chipotle. But I digress. Very well constructed and compelling argument you make. I couldn't help but notice that you made several references to Roosevelt's plot to obtain hard currency from the Ewoks? Very clever indeed. Why, you even took into account Professor Lubarsky's Spatial Concordance Corollary, where he unambigously redefines many previously held canards. This was some groundbreaking stuff, n'est ce pas? Well done, sluggo!
blah blah blah
You can fight technology with technology, but people will remain as gullible as ever. If anything social engineering is the only viable path today as the technology providing the security is very good and only getting better.
A good conman would make the victims feel bad if he was arrested.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
I like your ideas, so tell me if mine is valid. I use sort of security by obscurity method:
First, I pick something. For the sake of the argument, I'll say it's 'car'. A obscure, specific piece of said car, say 'hogring'. That's the root of my passwords. (note: in reality, my root word is more obscure and does not appear in any dictionary.)
Due to password constraints, I'm required to have a capital letter, a numeric, and a symbol, with no characters repeating in a row.
Next, I put the referral, 'car' in a text file.
Lastly, I spell out the password. So the final version in the text file may look like:
www.msn.com
myuserid
Car01!
While the real-world password is Hogring01!
Make sense?
So am I on crack?
If all you have is a hammer, everything looks like a nail.
ATTN
PLS REPLY TO MY PRAVATE BOX suleman775@mailsurf.com
I am Suleman , Bank Manager of Zenith Bank, Lagos, Nigeria. I have urgent and very confidential business proposition for you.
On June 6, 1997, a Foreign Oil consultant/contractor with the Nigerian National Petroleum Corporation, Mr. Barry Kelly made a numbered time (Fixed) Deposit for twelve calendar months, valued at US$26,500,000.00, (Twenty-six Million,five hundred thousand Dollars) in my branch.
Upon maturity, I sent a routine notification to his forwarding address but got no reply. After a month, we sent a reminder and finally we discovered from his
contract employers, the Nigerian National Petroleum Corporation that Mr. Barry Kelly died from an automobile accident. On further investigation, I found
out that he died without making a WILL, and all attempts to trace his next of kin was fruitless.
I therefore made further investigation and discovered that Mr. Barry Kelly did not declare any kin or relations in all his official documents, including his
Bank Deposit paperwork in my Bank. This sum of US$26,500,000.00 has carefully been moved out of my bank to a security company for safe-keeping.
No one will ever come forward to claim it.According to Nigerian Law,at the expiration of 5 (five) years, the money will revert to the ownership of the
Nigerian Government if nobody applies to claim the fund.
Consequently, my proposal is that I will like you as an Foreigner to stand in as the owner of the money I deposited it in a security company in two trunk boxes
though the security company does not know the contents of the boxes as I tagged them to be photographic materials for export.I am writing you because I as a public servant can not operate a foreign account or have an account that is more than $1m.I want to present you as the owner of the boxes in the security
company so you can be able to claim them with the help of my attorney.All these are to make sure that the fruits of this old man's labor will not get into
the hands of some corrupt government officials.
This is simple. I will like you to provide immediately your full names and address so that the Attorney will prepare the necessary documents which will put you in
place as the as the owner of the boxes.
The money will be moved out for us to share in the ratio of 60% for me and 40% for you. There is no risk at all as all the paperworkS for this transaction will be done by the Attorney and this will guarantees the successful execution of this
transaction.
If you are interested, please reply immediately via my email address.And also send your Telephone and fax numbers so that we can have a smooth communication.
Upon your response, I shall then provide you with more details and relevant documents that will help you understand the transaction.
Please observe utmost confidentiality, and rest assured that this transaction would be most profitable for both of us because I shall require your assistance
to invest my share in your country.(Buying of properties like houses,hotels etc)
Awaiting your urgent reply via my email.
PLS REPLY TO MY PRAVATE BOX suleman775@mailsurf.com
Thanks and regards.
Dr.Suleman .
Non impediti ratione cogitationus.
But were you hunched? For all *I* know, you have perfect posture!
By the way, is my money still good if it went through the wash?
barack to the future?
To me and many others I know, the recall was not at all about the power crisis; It was about the 30+ billion dollar deficit that Davis repeatedly lied about during his re-election campaign. The power crisis was the result of bad planning by several different administrations over a long period of time. The deficit was a different matter and could have been at least curtailed by the Davis administration.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
And psychopaths? Wait, that's not an occupation... OR IS IT ? (in Stephen Fry's best storytelling voice)
If you want to make your quick buck, become the President/CEO or CFO. Th you raid the shareholders capital, the pension fund and the corporate bank accounts directly. Actually with derivatives, you don't even have to raid the bank accounts (well, until you lose)!
See my journal, I write things there
What the banks do by sending an incomprehensible 6-page legalese to customers that even lawyers can't make sense of so that by default they can sell your details; how friggin' disgusting!
You can read a pleasingly detailed yet short account of frank abignales cons here.
Frank's story is incredibly interesting and entertaining. Theres no way he would get away with some of his daring escapes today, such as posing as the fbi official when he was completely surrounded. Goes to show how much people have learned from this sort of activity, which is probably more of a contributing factor than technology. Any new form of payment or communication introduces new flaws which for a time only the cleverest can think to exploit, just with the interweb we see something so radically new and different that laws and security experts struggle to keep up.
see http://007google.com/SocialEngineering.aspx
Social engineering, or con game, whatever you call it: read this week's The New Yorker for an article about some twit from Concord MA who got sucked all the way in. He's headed to jail for his part in kiting bad checks for the Nigerians. And yet he still believes there is a real person behind the e-mails, just waiting to get out of Nigeria with a gazillion dollars.
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
You may be a legal student or a lawyer with enough time to post on Slashdot. You invoked many legal tenents (idem sonans, etc) and managed to write some of the densest prose I have ever lain eyes upon. You have to understand, though, that your attemps to elucidate your point did little to that effect. I have no idea what you are saying. I'd say you have a bright future writing very very very very long legal documents for an HMO or a Mortgage Banker. I was simply, in a lighthearted manner, point out that your post almost looked like a troll. Either that or you need to find a nice site for Law enthusiasts. No offense, just...wow...if you understand this stuff great, but not all of us care enough to decipher the UCC. I'll just hire you if I ever need to. That is, assuming you are not some 15 year old dweeb with too many pimples and way too much time on your hands. Unless you wanna cut my grass.
blah blah blah
Principle of Least Privilege Whitepaper - MalcomVetter