Slashdot Mirror


How To Rob a Bank: One Social Engineer's Story

itwbennett writes "Today's criminals aren't stealing money — that's so yesterday, according to professional social engineer Jim Stickley. In an interview with CSO's Joan Goodchild, Stickley explains how he's broken into financial institutions large and small, and stolen their sensitive data. In a companion story, Stickley walks through the steps he takes to fool clients into thinking he's there for fire safety, while he's really proving they are an easy target for a data breach."

4 of 111 comments (clear)

  1. Duh by Niris · · Score: 4, Interesting

    You can talk your way into almost anywhere by claiming you're from IT. A couple years ago I did these server upgrades for bank of the west. No ID cards or anything, just walk in and do what you want.

  2. as a former security auditor myself... by xxxJonBoyxxx · · Score: 4, Interesting

    As a former security auditor myself, I'd attack the voice response units. Quite frequently those boxes (often standalone towers covered with a quarter inch of dust) were neglected in the corner, with no IDS, no one checking logs and frequently no automatic lockouts. Routed through Skype and/or Google Voice...

  3. Re:And I call by dkleinsc · · Score: 4, Interesting

    A true story regarding the problem of walking in behind people (one of the easiest ways to enter a large building you shouldn't be able to access):

    Employee walks into the office building. A bit behind that employee was the CEO, but the CEO's badge was not visible, and this was a newer employee who didn't recognize the CEO. The employee made sure the door closed on the CEO. The CEO took swift action to send a message to the whole company: He called security, found out who that employee was, and sent word down the chain of command to give that employee a special award.

    --
    I am officially gone from /. Long live http://www.soylentnews.com/
  4. Re:And I call by Kyont · · Score: 4, Interesting

    I totally second that. For me, it was a tie and a clipboard, and my (totally true and legit) story that I worked for the building's property insurance company and needed to look everywhere and anywhere for risks (blocked doors, covered sprinklers, stacks of live ammo pointed at compressed oxygen canisters, that sort of thing). People would let me into the most amazingly sensitive areas, oftentimes with no escort, just a slap on the back and a "give the key fob back to Tina when you're done". Three hours later I would know every corner of the place.

    I ain't that charismatic, so I conclude the clipboard is key.

    --
    You shall see a cow on the roof of a cotton house.