Sorry, but working in a Casino for these past 20 years has taught me one thing about the public...about 60% will do just about anything for a "free" drink. Chocolate! Hell, they just might give you their mothert for chocolate.
(oy, I sound cynical this morning)
Cynical? No. On this issue definitely realistic.
Many if not most security breaches are "social engineering" where the victim gives access to the hacker.
Of course this is where most criminals mess up. They forget the social aspect. If you look, sound and act as if you belong where you are most times no one will question your right to be there. As an example a couple of years ago a co-worker saw two guys breaking into an ATM and called the police - they were caught. If they had been dressed in clothing that made it look like they were legitimate repair people he wouldn't have reported it and they would have escaped uncaught.
A social engineering example (
link to full story):
ALISON CALDWELL: It's understood two men dressed as computer technicians managed to con their way into the Customs office, in the evening of August the 27th.
The men claimed to be technicians with the Customs Service's outsourced computer services provider. After presenting false identification, the two men were then given access to the centre's top security mainframe room. Once inside, they reportedly disconnected the computers, and removed them from the building, past the security guards at the front desk.
They presented themselves dressed and sounding right for the part and acted as if they had every right to be there doing what they were doing and walked out with 2 large computers from a secured facility. How much more could you do with a normal business?
Another (1924) social engineering example (
link to full story):
Reis then set about promoting a scheme he had worked out while in jail. He told potential business partners that he could arrange a contract with the Portuguese Government and the Bank of Portugal such that in return for a loan to Angola equivalent to $5 million he would receive the right to have printed up the equivalent of amount in Angolan currency. The notes for Angola were exactly the same as the notes for Portugal except that the word "Angola" was stamped on the bill. A note of Angolan currency was worth far less that than a note of Portuguese currency of the same denomination.
Reis typed up his supposed contract with the Bank of Portugal. All contracts in Portugal have to be notarized and the notary certifies that the contract is not for any illegal purpose. Reis had his contract notarized. He then took the notarized contract to the British consulate and had them certify the authenticity of the signature of the notary. The British consulate affixed an impressive stamp to the notarized contract. Reis did the same thing at the French and German consulate. With all these impressive stamps Reis' bogus contract began to look official. But the contract did not yet have the signatures of the officials at the Bank of Portugal. Reis had an assistant retype the contract with a translation in French. He then forged the signatures of the officials to the new contract and then cut the notarizations from the first version of the contract and taped them to the second. Furthermore he glued to large denomination Portuguese banknotes to the contract as examples of the notes which were to be printed. Now it appeared that he had a signed and notarized contract to have Angolan currency printed in return for a loan to Angola.
There is much more to this story and he was only caught in the end when 2 banknotes with the same serial # were found. He had persuaded a mint which printed money for Portugal to print money (using serial #s allocated to another mint) and deliver it to him. Only greed and arrogance brought him down in the end. But again it was a supposedly secure system brought down by appearances.
Topic: Oops, sorry, we didn't encrypt your CC#! (Read 1588 times)