The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick, William L. Simon, Steve Wozniak Read Free Book Online Page A
goals. Analyzing the Con As you'll notice repeatedly in these stories, knowledge of a company's lingo, and of its corporate structure - its various offices and departments what each does and what information each has - is part of the essential bag of tricks of the successful social engineer.
YOUNG MAN ON THE RUN A man we'll call Frank Parsons had been on the run for years, still wanted by the federal government for being part of an underground antiwar group in the 1960s. In restaurants he sat facing the door and he had a way of glancing over his shoulder every once in a while that other people found disconcerting. He moved every few years.
At one point Frank landed in a city he didn't know, and set about job hunting. For someone like Frank, with his well-developed computer skills (and social engineering skills as well, even ,though he never listed those on a job application), finding a good job usually wasn't a problem. Except in times when the economy is very tight, people with good technical computer knowledge usually find their talents in high demand and they have little problem landing on their feet. Frank quickly located a well � paying job opportunity at a large, upscale, long-term care facility near where he was living.
Just the ticket, he thought. But when he started plodding his way through the application forms, he came upon an uh-oh: The employer required the applicant to provide a copy of his state criminal history record, which he had to obtain himself from the state police. The stack of employment papers included a form to request this document, and the form had a little box for providing a fingerprint. Even though they were asking for a print of just the right index finger, if they matched his print with one in the FBI's database, he'd probably soon be working in food service at a federally funded resort.
On the other hand, it occurred to Frank that maybe, just maybe, he might still be able to get away with this. Perhaps the state didn't send those fingerprint samples to the FBI at all. How could he find out?
How? He was a social engineer--how do you think he found out? He placed a phone call to the state patrol: "Hi. We're doing a study for the State Department of Justice. We're researching the requirements to implement a new fingerprint identification system. Can I talk to somebody there that's really familiar with what you're doing who could maybe help us out?" And when the local expert came on the phone, Frank asked a series of questions about what systems they were using, and the capabilities to search and store fingerprint data. Had they had any equipment problems? Were they tied into the National Crime Information Center's (NCIC) Fingerprint Search or just within the state? Was the equipment pretty easy for everybody to learn to use?
Slyly, he sneaked the key question in among the rest.
The answer was music to his ears: No they weren't tied into the NCIC, they only checked against the state's Criminal Information Index (CII).
MITNICK MESSGAE Savvy information swindlers have no qualms about ringing up federal, state, or local government officials to learn about the procedures of law enforcement. With such information in hand, the social engineer may be able to circumvent your company's standard security checks.
That was all Frank needed to know. He didn't have any record in that state, so he submitted his application, was hired for the job, and nobody ever showed up at his desk one day with the greeting, "These gentlemen, are from the FBI and they'd like to have a little talk with you."
And, according to him, he proved to be a model employee.
ON THE DOORSTEP In spite of the myth of the paperless office, companies continue to print out reams of paper every day. Information in print at your company may be vulnerable, even if you use security precautions and stamp it confidential.
Here's one story that shows you how social engineers might obtain your most secret
YOUNG MAN ON THE RUN A man we'll call Frank Parsons had been on the run for years, still wanted by the federal government for being part of an underground antiwar group in the 1960s. In restaurants he sat facing the door and he had a way of glancing over his shoulder every once in a while that other people found disconcerting. He moved every few years.
At one point Frank landed in a city he didn't know, and set about job hunting. For someone like Frank, with his well-developed computer skills (and social engineering skills as well, even ,though he never listed those on a job application), finding a good job usually wasn't a problem. Except in times when the economy is very tight, people with good technical computer knowledge usually find their talents in high demand and they have little problem landing on their feet. Frank quickly located a well � paying job opportunity at a large, upscale, long-term care facility near where he was living.
Just the ticket, he thought. But when he started plodding his way through the application forms, he came upon an uh-oh: The employer required the applicant to provide a copy of his state criminal history record, which he had to obtain himself from the state police. The stack of employment papers included a form to request this document, and the form had a little box for providing a fingerprint. Even though they were asking for a print of just the right index finger, if they matched his print with one in the FBI's database, he'd probably soon be working in food service at a federally funded resort.
On the other hand, it occurred to Frank that maybe, just maybe, he might still be able to get away with this. Perhaps the state didn't send those fingerprint samples to the FBI at all. How could he find out?
How? He was a social engineer--how do you think he found out? He placed a phone call to the state patrol: "Hi. We're doing a study for the State Department of Justice. We're researching the requirements to implement a new fingerprint identification system. Can I talk to somebody there that's really familiar with what you're doing who could maybe help us out?" And when the local expert came on the phone, Frank asked a series of questions about what systems they were using, and the capabilities to search and store fingerprint data. Had they had any equipment problems? Were they tied into the National Crime Information Center's (NCIC) Fingerprint Search or just within the state? Was the equipment pretty easy for everybody to learn to use?
Slyly, he sneaked the key question in among the rest.
The answer was music to his ears: No they weren't tied into the NCIC, they only checked against the state's Criminal Information Index (CII).
MITNICK MESSGAE Savvy information swindlers have no qualms about ringing up federal, state, or local government officials to learn about the procedures of law enforcement. With such information in hand, the social engineer may be able to circumvent your company's standard security checks.
That was all Frank needed to know. He didn't have any record in that state, so he submitted his application, was hired for the job, and nobody ever showed up at his desk one day with the greeting, "These gentlemen, are from the FBI and they'd like to have a little talk with you."
And, according to him, he proved to be a model employee.
ON THE DOORSTEP In spite of the myth of the paperless office, companies continue to print out reams of paper every day. Information in print at your company may be vulnerable, even if you use security precautions and stamp it confidential.
Here's one story that shows you how social engineers might obtain your most secret
Similar Books
Of Sea and Cloud
Jon Keller
A Texan's Promise
Shelley Gray
All Falls Down
Ayden K. Morgen
White-Hot Christmas
Serenity Woods
Spice & Wolf I
Hasekura Isuna
The Girl With No Past
Kathryn Croft
Here in My Heart: A Novella (Echoes of the Heart)
Anna DeStefano
Stolen Desire (The Lust List: Kaidan Stone #3)
Nova Raines, Mira Bailee
Last Call (Bad Habits Book 3)
Staci Hart
Before the Storm
Melanie Clegg