Slashdot Mirror

← Back to Stories (view on slashdot.org)

Live 'Hacking' Clarified as Pretexting

Posted by Zonk on from the social-engineers-get-what-tech-skills-can't dept.

1up reports on a clarification of last week's Xbox Live security scare. Though there are no technical problems with the service, there is a service problem with the service: account information was obtained via pretexting. Essentially, social engineers called up Xbox Live tech support and lied, saying they were users of certain accounts. Thanks to the sloppy training and privacy consciousness of Live's customer service operators, information was given out that allowed these pretexters onto accounts. "That probably means calling in to deal with customer support about the nitty gritty of your Xbox Live account will become both much more secure and potentially a bit more time-consuming and annoying. That may be the necessary price for full security, although as long as we're dealing with humans (and information that can slip into others' hands), there's sure to be the occasional case of successful pre-texting."

51 comments

  1. People by hansamurai · · Score: 2, Insightful

    Not a big surprise that the weakest link of their security is the human element.

    --
    Reviewing just the first hour of video games.
    1. Re:People by PingSpike · · Score: 2, Interesting

      The weakest link has pretty much always been the people. Security methods change, but the principles behind social engineering are pretty stable.

  2. 'Pretexting' again!? by Anonymous Coward · · Score: 5, Insightful

    Why don't we call it what it is - lying.

    1. Re:'Pretexting' again!? by Volante3192 · · Score: 2, Insightful

      Because you can't be arrested for simply 'lying.'

    2. Re:'Pretexting' again!? by SeaFox · · Score: 3, Insightful

      Why don't we call it what it is - lying.

      I was thinking "identity theft".
  3. Lying or Fraud, not pretexting by maxume · · Score: 4, Insightful

    Inventing a pretty word for it doesn't change what it is.

    --
    Nerd rage is the funniest rage.
    1. Re:Lying or Fraud, not pretexting by chaosite · · Score: 1

      Or "Social Engineering", even.

      Though I can see where the word came from - "under the pretext of ... "

    2. Re:Lying or Fraud, not pretexting by moore.dustin · · Score: 4, Informative

      Pretexting is the practice of getting your personal information under false pretenses. Pretexters sell your information to people who may use it to get credit in your name, steal your assets, or to investigate or sue you. Pretexting is against the law. Source.

      Lying and Fraud are broad terms, pretexting adds clarity as to the specifics of the crime. It is the same as saying Wire Fraud or Check Fraud.

      It does not need to be either or, it can be both. Your suggestion only adds a nonconstructive, ambiguous element that will only serve to confuse, not clarify.

      --
      Invexi - a Phoenix, AZ based web design and web development company.
    3. Re:Lying or Fraud, not pretexting by maxume · · Score: 1

      No it doesn't. Show a situation where 'false pretenses' isn't 'lying'. The idea that there is ambiguity introduces ambiguity. Since there isn't any, there isn't any reason to 'clarify' anything.

      --
      Nerd rage is the funniest rage.
    4. Re:Lying or Fraud, not pretexting by Anonymous Coward · · Score: 0

      Malicious hacking will always fit into some generic-bad-stuff word like "lying"(If I'm logging into a computer system using someone else's account, I could, depending on context, be said to be representing myself as them) or "fraud"(obviously, if I try to scam someone out of something, it'd be fraud). However, there will be other words that describe other aspects of the acts: "pretexting" here specifically means that the "hackers" were tricking people, not machines.

    5. Re:Lying or Fraud, not pretexting by moore.dustin · · Score: 1

      I am simply saying that pretexting is lying/fraud, but the word allows for further definition. For us, we can take it the simple terms in context and we are fine, but for non-techies, I imagine it does not hurt to attempt to be more clear. I just do not think it is a euphemism to the degree we are making it out to be.

      --
      Invexi - a Phoenix, AZ based web design and web development company.
    6. Re:Lying or Fraud, not pretexting by maxume · · Score: 1

      When speaking to someone that you assume know less than you do, the clearest speech uses the broadest terms. You are basically saying that pretexting is jargon that everyday people will understand better than everyday words.

      --
      Nerd rage is the funniest rage.
    7. Re:Lying or Fraud, not pretexting by maxume · · Score: 1

      Ah so. Just how does one lie to a computer?

      --
      Nerd rage is the funniest rage.
    8. Re:Lying or Fraud, not pretexting by Dahamma · · Score: 3, Insightful

      Fraud is narrowly defined as lying that results in personal gain, pretexting doesn't have to result in personal gain, hence is not equivalent.

      Lying isn't (necessarily) illegal. Pretexting is. Not equivalent.

      I think "pretexting" is a really stupid term, too, but it is in fact a legal term (ie. it's the term officially used by the FTC) that most succinctly describes the crime. You can gripe that it's a dumb word, but not that all of these terms mean the same thing.

    9. Re:Lying or Fraud, not pretexting by moore.dustin · · Score: 1

      You are certainly right. I am just thinking that, if they wanted to obtain a better definition or understanding of the story, looking up pretexting would yield much more valuable and related information than just looking up fraud. That make sense? I agree with you really, just playing the devil's advocate if you will.

      --
      Invexi - a Phoenix, AZ based web design and web development company.
    10. Re:Lying or Fraud, not pretexting by maxume · · Score: 1

      Makes sense. My primary objection was that it was in the headline; "Live 'Hacking' Clarified" carries about the same amount of information, and then it can be explained in the story. "Live Hackers Liars" does well too(Maybe kick it off with an X-Box).

      --
      Nerd rage is the funniest rage.
    11. Re:Lying or Fraud, not pretexting by maxume · · Score: 1

      The article(really the summary) could say that they had been accused of lying to gain access to other people's accounts and then mention that that is legally called pretexting. Outside in is better than inside out. My big gripe is that it is being talked about as pretexting, which is the legal term for what happened, and then people forget that they had to lie to do it. The summary as written is really poor, mostly because it focuses on the technical legal term for what happened(by putting it in the headline).

      --
      Nerd rage is the funniest rage.
    12. Re:Lying or Fraud, not pretexting by CaseM · · Score: 1

      Pretexting is a technical term.

    13. Re:Lying or Fraud, not pretexting by Anonymous Coward · · Score: 0

      Why are you defending crime? It is a word that describes a type of fraud. A felony crime.

    14. Re:Lying or Fraud, not pretexting by Red+Flayer · · Score: 1

      No it doesn't. Show a situation where 'false pretenses' isn't 'lying'. The idea that there is ambiguity introduces ambiguity. Since there isn't any, there isn't any reason to 'clarify' anything.
      All squares are rectangles, but not all rectangles are squares.

      How about a situation where a lie isn't a false pretext? They exist (look up the definition for pretext), and this is where the term 'pretexting' is less ambiguous than 'lying'.
      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
    15. Re:Lying or Fraud, not pretexting by twistedsymphony · · Score: 1

      You could also dumb down any of the articles here on Slashdot for the lowest common denominator using only 6th grade vocabulary as to not confuse the masses... or you could just lookup words you don't understand the meaning to, learn to use it in a sentence and impress your friends with your New Brain(tm).

      If you don't think that Pretexting or Social Engineering falls within the bounds of a geeks vocabulary I think you need to brush up on your nerd history; start with Kevin Mitnick.

      --
      Collector's Edition
    16. Re:Lying or Fraud, not pretexting by CaseM · · Score: 1

      Um, I was merely pointing out that it's a technical term used by law enforcement to represent a specific type of crime. Where was I "defending crime"?

    17. Re:Lying or Fraud, not pretexting by maxume · · Score: 1

      Is there somewhere I can turn in my geek card? Normal people will still think I'm a crazy nerd, but at least I won't have to follow the policies of the Geeks International Zeitgeist.

      --
      Nerd rage is the funniest rage.
    18. Re:Lying or Fraud, not pretexting by twistedsymphony · · Score: 1

      It's not a zeitgeist it's simple backlash over a ridiculous complaint. I don't care where you are, it's taboo to walk into a specialized community and complain that they're using appropriate language to describe something, instead of used dumbed down language and defining every technical term, simply because you're too lazy to look it up.

      You might as well visit France and complain that the French aren't speaking English.

      --
      Collector's Edition
    19. Re:Lying or Fraud, not pretexting by maxume · · Score: 1

      Geeks
      International
      Zeitgeist

      That help? GIZ! How about that?

      It's a technical legal term, not a 'geek' word. Astonishingly, I even knew what it meant before I replied, but I have enough qualms about the manipulative usage of language(it was used here because somebody absorbed it somewhat poorly) that I felt the need to comment about it. Sorry.

      --
      Nerd rage is the funniest rage.
    20. Re:Lying or Fraud, not pretexting by maxume · · Score: 1

      The part of that page "There ought to be a law" refers repeatedly to fraud and false statements in explaining what is illegal about pretexting. The page also indicates it was published in February 2006. The page isn't there to establish pretexting as a term, it is there to explain to people what the hell it is supposed to mean, which I would take as an indication that people are hiding behind it in some way or another, but I'm probably crazy.

      --
      Nerd rage is the funniest rage.
    21. Re:Lying or Fraud, not pretexting by CaseM · · Score: 1

      I'm simply pointing out that "pretexting" is a specific type of fraud. "Stealing money" means a whole lot of things, almost all of which are punishable by law. "Embezzlement" is a specific type of money-stealing, but explains the context and manner/means in which the money is stolen. This is what "pretexting" is to "fraud", and I was merely trying to point that out to some who claimed that calling it "pretexting" is a denial of the moral implications of such actions. How they got from point A to B simply because they saw the word "pretexting" is beyond me and smacks of tin foil conspiracy theories.

    22. Re:Lying or Fraud, not pretexting by TaleSpinner · · Score: 1

      I don't know...it worked for negroes^H^H^H^H^H^H^Hblacks^H^H^H^H^H^Hafrican americans...

    23. Re:Lying or Fraud, not pretexting by Dahamma · · Score: 1

      The summary as written is really poor, mostly because it focuses on the technical legal term for what happened(by putting it in the headline).

      Well, I'll agree with that at least... then again, please remember this is the same site that just posted an article with the headline "Siberia - The Next Silicon Valley?"

  4. Hmm by ajenteks · · Score: 3, Interesting

    That's surprising to me to see that XBL's support staff would be so careless. Last time I called them up it was quite a chore... But then again maybe I had to verify and re-verify personal information to them because I was cancelling and not just getting a password reset.

    1. Re:Hmm by Anonymous Coward · · Score: 0

      I'm amazed it suprises anyone that outsourced, offshore call centres are incompetent. I thought everyone knew this, well apart from the companies who hire them it seems.

    2. Re:Hmm by Anonymous Coward · · Score: 0

      That's because XBOX Live's support is outsourced to a minimum wage call center in Surrey BC. Nobody who works there actually 'likes' it there.

      As stated in other articles, outsourcing does not equal company loyalty, Having worked in several outsourced places before, the common factor is that the employees of the outsourcer do not truely care about the client and only think about their metrics, and the outsourcer's management only care aboue the metrics, so if people screw up, they aren't let go unless their metrics suggest they are an absolute waste to have around. And even at that, I've known people who worked for a year basically trying to be as least helpful as possible since it insured they were kept in a job.

      Meanwhile those that actually care about the job get all the flack from the slackers providing poor service and they decide to quit and go work for a company that is not outsourced.

      The attitude between an outsourced center and a company-owned foreign subsidiary is night and day. Company owned centers everyone actually does feel loyalty to the company or they don't stick around very long.

  5. Penalties? by stratjakt · · Score: 1

    Ok, so some 12 year old asshats are upset that I beat them in Halo, so they "pretext" (lie) to get into my account.

    What sort of penalties could they face? None, I would think.

    Forget all that online multiplayer stuff, it's easier to have real friends.

    --
    I don't need no instructions to know how to rock!!!!
    1. Re:Penalties? by Anonymous Coward · · Score: 0

      Might be wire fraud. If they're kids that could be pretty expensive for the parents, and a juvie vacation. If they're adults, it could really suck.

  6. Wish you could change email.... by NetJunkie · · Score: 1

    I wish you could change the email login associated to your gamertag. Mine points to an old account I never ever use now. I keep it just for that.

    1. Re:Wish you could change email.... by Anonymous Coward · · Score: 0

      That's what you get for using hotmail. You can, with any other address.

  7. Pretexting? by AbsoluteXyro · · Score: 1

    Isn't pretexting a feature of the OoGhiJ MIQtxxXA? You know, sending text messages before you've even thought of them, reading them before you've even seen them!

    1. Re:Pretexting? by Anonymous Coward · · Score: 0

      OoGhiJ MIQtxxXA? You mean the Bad Ass Mother 4000! Twice as fast as your ass.

  8. Thanks for the clarification. by MrCopilot · · Score: 1
    Live 'Hacking' Clarified as Pretexting

    as opposed to : Dead 'Hacking' Clarified as PostTexting.

    --
    OSGGFG - Open Source Gamers Guide to Free Games
  9. A Monetary Interest? by ThinkWeak · · Score: 1

    I first heard about this a few months ago regarding user accounts on Phantasy Star Universe. Players would pre-text/lie/etc. to gain access to another user's account and then sell off/steal/etc. any items the victim had in their possession or player store.

    In this case, as with others to maybe a lesser extent, there is a monetary attachment involved. You have paid a $50.00 fee(not sure what the gold membership fee is) to access and play these games online. You have also invested time, which may not be directly related to a monetary investment - but there is an investment nonetheless.

    It's not EXACTLY the same as calling a bank and stealing all your money, but there is an invasion of privacy. Has this issued happened in The World of Warcraft or other mmo's? I'm sure it has, but how was it handled?

    Is there a legal precedent to take action against the perpetrators?

  10. outsourcing at it's best by Joe+The+Dragon · · Score: 1

    this is what you get with outsourced call centers.

  11. On occasion by Nerdfest · · Score: 4, Funny

    you can even get elected for it.

  12. Zero won, too. by Anonymous Coward · · Score: 2, Funny

    Ah so. Just how does one lie to a computer?
    When it identifies itself as a zero. :)
  13. Re:Pretensing? by Migraineman · · Score: 1

    Pretexting is the practice of getting your personal information under false pretenses.
    Then why isn't it called "pretensing?" That'd make more sense, but it doesn't sound as high-tech and scary as "pretexting," so the mainstream media outlets won't have anything to do with it.

    Nobody says "information was gained under false pretexts," in spite of pretext and pretense having almost identical definitions.
  14. Well, of course. by Petersko · · Score: 3, Insightful

    this is what you get with outsourced call centers.

    You're SO right. No American call centre operators would EVER fall for such ruses. It's those darned gullible Indians.

  15. "Pretexting"? *sigh* by Cervantes · · Score: 1

    I preferred it when it was called "Social Engineering".

    I wish HP would just hurry up and patent "pretexting" so we can all start using a different term.

    --
    If I knew the wedgies I gave you back in 6th grade would have resulted in this . . . I might have taken a moments pause.
    1. Re:"Pretexting"? *sigh* by XaXXon · · Score: 1

      It would be a trademark. If it was patented, only HP and their licensees would be able to do it and we'd still be able to call it pretexting.

    2. Re:"Pretexting"? *sigh* by Gideon+Fubar · · Score: 1

      indeed.

      pity the world at large weren't interested in *ahem* computer security in the early 90s.. except for the occasional supervillain whistling down telephone lines in order to start WW3.

      --
      http://www.xkcd.com/354/
  16. great... by Cryptnotic · · Score: 1

    Now hacking is some kind of precrime.

    I wonder if the precogs saw this one coming.

    --
    My other first post is car post.
  17. Impersonate by Luyseyal · · Score: 2, Interesting

    What the hell is wrong with using the word "impersonate"? At least it doesn't sound anything like sending text messages.

    -l

    --
    Help cure AIDS, cancer, and more. Donate your unused computer time to worldcommunitygrid.org. Join Team Slashdot!
  18. Microsoft Points by InFoMaD · · Score: 1

    From what I read the "hackers" also purchased xbox live currency (Microsoft Points) on some of the accounts. Would that be some kind of credit card fraud? 1000 microsoft points being roughly 12 dollars IIRC.

    --
    Tibi Ipsi Dic Vere