Slashdot Mirror

← Back to Stories (view on slashdot.org)

Live 'Hacking' Clarified as Pretexting

Posted by Zonk on from the social-engineers-get-what-tech-skills-can't dept.

1up reports on a clarification of last week's Xbox Live security scare. Though there are no technical problems with the service, there is a service problem with the service: account information was obtained via pretexting. Essentially, social engineers called up Xbox Live tech support and lied, saying they were users of certain accounts. Thanks to the sloppy training and privacy consciousness of Live's customer service operators, information was given out that allowed these pretexters onto accounts. "That probably means calling in to deal with customer support about the nitty gritty of your Xbox Live account will become both much more secure and potentially a bit more time-consuming and annoying. That may be the necessary price for full security, although as long as we're dealing with humans (and information that can slip into others' hands), there's sure to be the occasional case of successful pre-texting."

7 of 51 comments (clear)

  1. People by hansamurai · · Score: 2, Insightful

    Not a big surprise that the weakest link of their security is the human element.

    --
    Reviewing just the first hour of video games.
  2. 'Pretexting' again!? by Anonymous Coward · · Score: 5, Insightful

    Why don't we call it what it is - lying.

    1. Re:'Pretexting' again!? by Volante3192 · · Score: 2, Insightful

      Because you can't be arrested for simply 'lying.'

    2. Re:'Pretexting' again!? by SeaFox · · Score: 3, Insightful

      Why don't we call it what it is - lying.

      I was thinking "identity theft".
  3. Lying or Fraud, not pretexting by maxume · · Score: 4, Insightful

    Inventing a pretty word for it doesn't change what it is.

    --
    Nerd rage is the funniest rage.
    1. Re:Lying or Fraud, not pretexting by Dahamma · · Score: 3, Insightful

      Fraud is narrowly defined as lying that results in personal gain, pretexting doesn't have to result in personal gain, hence is not equivalent.

      Lying isn't (necessarily) illegal. Pretexting is. Not equivalent.

      I think "pretexting" is a really stupid term, too, but it is in fact a legal term (ie. it's the term officially used by the FTC) that most succinctly describes the crime. You can gripe that it's a dumb word, but not that all of these terms mean the same thing.

  4. Well, of course. by Petersko · · Score: 3, Insightful

    this is what you get with outsourced call centers.

    You're SO right. No American call centre operators would EVER fall for such ruses. It's those darned gullible Indians.