Live 'Hacking' Clarified as Pretexting

1up reports on a clarification of last week's Xbox Live security scare. Though there are no technical problems with the service, there is a service problem with the service: account information was obtained via pretexting. Essentially, social engineers called up Xbox Live tech support and lied, saying they were users of certain accounts. Thanks to the sloppy training and privacy consciousness of Live's customer service operators, information was given out that allowed these pretexters onto accounts. "That probably means calling in to deal with customer support about the nitty gritty of your Xbox Live account will become both much more secure and potentially a bit more time-consuming and annoying. That may be the necessary price for full security, although as long as we're dealing with humans (and information that can slip into others' hands), there's sure to be the occasional case of successful pre-texting."

People

[hansamurai]

Not a big surprise that the weakest link of their security is the human element.

Re:People

[PingSpike]

The weakest link has pretty much always been the people. Security methods change, but the principles behind social engineering are pretty stable.

'Pretexting' again!?

Why don't we call it what it is - lying.

Re:'Pretexting' again!?

[Volante3192]

Because you can't be arrested for simply 'lying.'

Re:'Pretexting' again!?

[SeaFox]

Why don't we call it what it is - lying.

I was thinking "identity theft".

Lying or Fraud, not pretexting

[maxume]

Inventing a pretty word for it doesn't change what it is.

Re:Lying or Fraud, not pretexting

[moore.dustin]

Pretexting is the practice of getting your personal information under false pretenses. Pretexters sell your information to people who may use it to get credit in your name, steal your assets, or to investigate or sue you. Pretexting is against the law. Source.

Lying and Fraud are broad terms, pretexting adds clarity as to the specifics of the crime. It is the same as saying Wire Fraud or Check Fraud.

It does not need to be either or, it can be both. Your suggestion only adds a nonconstructive, ambiguous element that will only serve to confuse, not clarify.

Re:Lying or Fraud, not pretexting

[Dahamma]

Fraud is narrowly defined as lying that results in personal gain, pretexting doesn't have to result in personal gain, hence is not equivalent.

Lying isn't (necessarily) illegal. Pretexting is. Not equivalent.

I think "pretexting" is a really stupid term, too, but it is in fact a legal term (ie. it's the term officially used by the FTC) that most succinctly describes the crime. You can gripe that it's a dumb word, but not that all of these terms mean the same thing.

Hmm

[ajenteks]

That's surprising to me to see that XBL's support staff would be so careless. Last time I called them up it was quite a chore... But then again maybe I had to verify and re-verify personal information to them because I was cancelling and not just getting a password reset.

On occasion

[Nerdfest]

you can even get elected for it.

Zero won, too.

Ah so. Just how does one lie to a computer?

When it identifies itself as a zero. :)

Well, of course.

[Petersko]

this is what you get with outsourced call centers.

You're SO right. No American call centre operators would EVER fall for such ruses. It's those darned gullible Indians.

Impersonate

[Luyseyal]

What the hell is wrong with using the word "impersonate"? At least it doesn't sound anything like sending text messages.

-l