The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick, William L. Simon, Steve Wozniak Read Free Book Online Page B
documents.
Loop-Around Deception Every year the phone company publishes a volume called the Test Number Directory (or at least they used to, and because I am still on supervised release, I'm not going to ask if they still do). This document was highly prized by phone phreaks because it was packed with a list of all the closely guarded phone numbers used by company craftsmen, technicians, a others for things like trunk testing or checking numbers that always ring busy. One of these test numbers, known in the lingo as a loop-around, was particularly useful. Phone phreaks used it as a way to find other phone phreaks to chat with, at no cost to them. Phone phreaks also used it a way to create a call back number to give to, say, a bank. A social engineer would tell somebody at the bank the phone number to call to reach at his office. When the bank called back to the test number (loop-around) the phone phreak would be able to receive the call, yet he had the protection of having used a phone number that could not be traced back to him.
A Test Number Directory provided a lot of neat information that could be used by any information-hungry, testosteroned, phone phreak. So when the new directories were published each year, they were coveted by a lot of youngsters whose hobby was exploring the telephone network.
MITNICK MESSAGE Security training with respect to company policy designed to protect information assets needs to be for everyone in the company, not just any employee who has electronic or physical access to the company's IT assets.
Stevie's Scam Naturally phone companies don't make these books easy to get hold of, so phone phreaks have to be creative to get one. How can they do this? An eager youngster with a mind bent on acquiring the directory might enact a scenario like this.
Late one day, a mild evening in the southern California autumn, a guy I'll call him Stevie phones a small telephone company central office, which is the building from which phone lines run to all the homes and businesses in the established service area.
When the switchman on duty answers the call, Stevie announces that he's from the division of the phone company that publishes and distributes printed materials. "We have your new Test Number Directory," he says. "But for security reasons, we cant deliver your copy until we pick up the old one. And the delivery guy is running late. If you wanna leave your copy just outside your door, he can swing by, pick up yours, drop the new one and be on his way."
The unsuspecting switchman seems to think that sounds reasonable. He does exactly as asked, putting out on the doorstep of the building his copy of the directory, its cover clearly marked in big red letters with the "COMPANY CONFIDENTIAL - WHEN NO LONGER NEEDED THIS DOCUMENT MUST BE SHREDDED." Stevie drives by and looks around carefully to spot any cops or phone company security people who might be lurking behind trees or watching for him from parked cars. Nobody in sight. He casually picks up the coveted directory and drives away.
Here's just one more example of how easy it can be for a social engineer to get what he wants by following the simple principle of "just ask for it."
GAS ATTACK Not only company assets are at risk in a social engineering scenario. Sometimes it's a company's customers who are the victims.
Working as a customer-service clerk brings its share of frustrations, its share of laughs, and its share of innocent mistakes - some of which can have unhappy consequences for a company's customers.
Janie Acton's Story Janie Acton had been manning a cubicle as a customer service rep f Hometown Electric Power, in Washington, D.C., for just over three years. She was considered to be one of the better clerks, smart and conscientious
It was Thanksgiving week when this one particular call came in. The caller, said, "This is Eduardo in the Billing Department. I've got a lady on hold, she's a secretary in the executive offices
Loop-Around Deception Every year the phone company publishes a volume called the Test Number Directory (or at least they used to, and because I am still on supervised release, I'm not going to ask if they still do). This document was highly prized by phone phreaks because it was packed with a list of all the closely guarded phone numbers used by company craftsmen, technicians, a others for things like trunk testing or checking numbers that always ring busy. One of these test numbers, known in the lingo as a loop-around, was particularly useful. Phone phreaks used it as a way to find other phone phreaks to chat with, at no cost to them. Phone phreaks also used it a way to create a call back number to give to, say, a bank. A social engineer would tell somebody at the bank the phone number to call to reach at his office. When the bank called back to the test number (loop-around) the phone phreak would be able to receive the call, yet he had the protection of having used a phone number that could not be traced back to him.
A Test Number Directory provided a lot of neat information that could be used by any information-hungry, testosteroned, phone phreak. So when the new directories were published each year, they were coveted by a lot of youngsters whose hobby was exploring the telephone network.
MITNICK MESSAGE Security training with respect to company policy designed to protect information assets needs to be for everyone in the company, not just any employee who has electronic or physical access to the company's IT assets.
Stevie's Scam Naturally phone companies don't make these books easy to get hold of, so phone phreaks have to be creative to get one. How can they do this? An eager youngster with a mind bent on acquiring the directory might enact a scenario like this.
Late one day, a mild evening in the southern California autumn, a guy I'll call him Stevie phones a small telephone company central office, which is the building from which phone lines run to all the homes and businesses in the established service area.
When the switchman on duty answers the call, Stevie announces that he's from the division of the phone company that publishes and distributes printed materials. "We have your new Test Number Directory," he says. "But for security reasons, we cant deliver your copy until we pick up the old one. And the delivery guy is running late. If you wanna leave your copy just outside your door, he can swing by, pick up yours, drop the new one and be on his way."
The unsuspecting switchman seems to think that sounds reasonable. He does exactly as asked, putting out on the doorstep of the building his copy of the directory, its cover clearly marked in big red letters with the "COMPANY CONFIDENTIAL - WHEN NO LONGER NEEDED THIS DOCUMENT MUST BE SHREDDED." Stevie drives by and looks around carefully to spot any cops or phone company security people who might be lurking behind trees or watching for him from parked cars. Nobody in sight. He casually picks up the coveted directory and drives away.
Here's just one more example of how easy it can be for a social engineer to get what he wants by following the simple principle of "just ask for it."
GAS ATTACK Not only company assets are at risk in a social engineering scenario. Sometimes it's a company's customers who are the victims.
Working as a customer-service clerk brings its share of frustrations, its share of laughs, and its share of innocent mistakes - some of which can have unhappy consequences for a company's customers.
Janie Acton's Story Janie Acton had been manning a cubicle as a customer service rep f Hometown Electric Power, in Washington, D.C., for just over three years. She was considered to be one of the better clerks, smart and conscientious
It was Thanksgiving week when this one particular call came in. The caller, said, "This is Eduardo in the Billing Department. I've got a lady on hold, she's a secretary in the executive offices
Similar Books
Of Sea and Cloud
Jon Keller
A Texan's Promise
Shelley Gray
All Falls Down
Ayden K. Morgen
White-Hot Christmas
Serenity Woods
Spice & Wolf I
Hasekura Isuna
The Girl With No Past
Kathryn Croft
Here in My Heart: A Novella (Echoes of the Heart)
Anna DeStefano
Stolen Desire (The Lust List: Kaidan Stone #3)
Nova Raines, Mira Bailee
Last Call (Bad Habits Book 3)
Staci Hart
Before the Storm
Melanie Clegg