Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pen Testers Break Into Gov't Agency With Fake Social Media ID

Posted by timothy on from the open-government dept.

itwbennett writes "Security experts used fake Facebook and LinkedIn profiles to penetrate the defenses of an (unnamed) U.S. government agency with a high level of cybersecurity awareness. The attack was part of a sanctioned penetration test performed in 2012 and its results were presented Wednesday at the RSA Europe security conference in Amsterdam. The testers built a credible online identity for a fictional woman named Emily Williams and used that identity to pose as a new hire at the targeted organization. The attackers managed to launch sophisticated attacks against the agency's employees, including an IT security manager who didn't even have a social media presence. Within the first 15 hours, Emily Williams had 60 Facebook connections and 55 LinkedIn connections with employees from the targeted organization and its contractors. After 24 hours she had 3 job offers from other companies."

6 of 109 comments (clear)

  1. Security? by Anonymous Coward · · Score: 5, Insightful

    Forget security, the real headline should be "How to get 3 job offers in 24 hours". She must have had some serious (fake) qualifications and/or a smoking hot profile pic.

    1. Re:Security? by Joining+Yet+Again · · Score: 4, Insightful

      Yeah, I imagine by "job offer" they mean "recruiter spam".

      And by "high level of cybersecurity awareness" they mean that some cunt installed Norton on the desktops.

  2. Re:Because they used an attractive woman. by jsepeta · · Score: 5, Insightful

    so really the title should be "attractive women more likely to get job offers." move along, no story here.

    --
    Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
  3. Re:Job offers? by Austrian+Anarchy · · Score: 4, Insightful

    How good can a company be if they offer you a job solely on your so-called resume?

    No interview, no verification..

    I suspect they are grossly misusing the term "job offer." Could be an indication of just what sort of people they have working in their own organization.

    --
    Time Bomber the Book coming soon.
  4. Re:What else do we expect to do? by Minwee · · Score: 4, Insightful

    They look just like us but like bad beer and hockey.

    And the ones who like good beer stay in Canada.

  5. Re:Elaborate social engineering hack != "pen testi by neminem · · Score: 4, Insightful

    How is it *not* a penetration test? They were testing whether they could get in. They got in. How does it matter whether they got in because they tricked a computer into letting them in, or a person? Both avenues are equally important if you want your office to be secure.