Slashdot Mirror
How To Rob a Bank: One Social Engineer's Story
itwbennett writes "Today's criminals aren't stealing money — that's so yesterday, according to professional social engineer Jim Stickley. In an interview with CSO's Joan Goodchild, Stickley explains how he's broken into financial institutions large and small, and stolen their sensitive data. In a companion story, Stickley walks through the steps he takes to fool clients into thinking he's there for fire safety, while he's really proving they are an easy target for a data breach."
The real big criminals own the banks.
Give me Classic Slashdot or give me death!
by the banks, I'm ok with the role reversal.
Absolute power corrupts absolutely. indymedia
When they get paid by the boss of the people they are engineering to help prevent real con men from doing it.
It can be. I had an instructor for a computer security class whose day job was doing pen tests for financial institutions. He and his partner would arrive at a site and set up in a random meeting room. While one guy started unpacking the trunk load of computers and getting set up the other would get on the phone and start dialing branch offices. Whoever answered on the other end would get a line like, "Hi, I'm Brad, the new guy on the Help Desk. We need to reconfigure the router in your office this afternoon. The guy who normally does that is home with his sick daughter, and the only other login on the router is your manager's. Can I get their username and password?"
In two years they had never failed to get a manager's username/password by the time they were finished setting up the equipment.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
Surely recent years has shown the most successful bank robbers run banks.
Democracy Now! - uncensored, anti-establishment news
Either my sarcasm detector is broken (please plant your tongue further in your cheek next time), or you've entirely missed the point. Actual criminals don't ask for permission before breaking the law. That's what makes them criminals. They'll still impersonate fire inspectors.
Once there was an actual criminal going around a large office park at a place where I previously worked that would walk in wearing a VERY fancy suit and kindof wander around stealing laptops, electronics, etc. and then walk out. Nobody could ever identify him except that he was in a fancy suit, and nobody dared question what he was doing so as not to get in trouble for offending somebody important. Not saying any of these places were supposed to be highly secure, but was quite a problem for a while and he always got out before anyone noticed or realized what was going on.
Then he walked into our office which was a startup, and he was obviously not familiar with the "atmosphere". As soon as he got in by following behind somebody, several people said "What the **** are you wearing a suit for and what the **** are you doing here?", took a picture of him, and escorted him out.
The lesson is: You can steal more with a suit and tie than you can with a gun.
A feeling of having made the same mistake before: Deja Foobar
But the group that sets the rules TELLS THE BANKS what they will do.
CRA, The Community Reinvestment Act demanded that banks make loans to low income areas regardless of meeting loan requirements or...the banks would be subject to having their approval to be a bank revoked by the Treasury Dept. or whoever oversaw the CRA.
The banks made the loans but said "We can't keep these marginal loans" so all the biggies agreed that FMae and FMac would take them...but then they said they couldn't hold them, so rules were made to allow them to sell into "mortgage pool securities".
The whole damned thing was pushed by the U.S. Congress.