Slashdot Mirror


First-Person Account of a Social Engineering Attack

darkreadingman writes, "A penetration tester tells how he broke into a bank's network dressed as a copier repairman. Some good lessons here — many companies spend millions on network security, but don't teach their employees how to challenge a stranger in the building. Social engineering at the company site can be one of the most difficult attacks to defend against." From the article: "Before departing scenes like these, we try to document the effort and provide proof of our success. I usually leave something behind and then contact the person who hired me and direct them to the mark. In this case I wrote his password on a ream of paper and tucked it under the machine."

4 of 347 comments (clear)

  1. Hmm... by The+Zon · · Score: 5, Funny

    You know, I was wondering why that guy needed my password to fix the copier.

    --
    Some attitudes replaced or by cgi optimizes
    1. Re:Hmm... by Anonymous Coward · · Score: 5, Funny

      Because you don't get karma for Funny moderations any more, so some moderators like to throw in an Insightful moderation for funny comments.

  2. 1 ream = 500 sheets by Anonymous Coward · · Score: 5, Funny

    In this case I wrote his password on a ream of paper and tucked it under the machine.
    That seems like an awful lot of effort, when you could just write it on one sheet. :)

  3. Re:Yikes! So much effort! by mrogers · · Score: 5, Funny
    Yeah I imagine all the money's sitting in a shared folder on the secretary's PC. Never mind a dozen key strokes, you can probably just drag and drop.

    "Are you sure you want to replace 'Teh Money.xls', size $13.28, modified 11/21/2006, with 'Teh Money.xls', size $1,000,000.00, modified 11/30/2006? [OK] [Cancel]"