Enkelt att lura sig in i känsliga nät
12 september 2006 | Ingen har kommenterat än
Det är meningslöst att spekulera i hur Folkpartiet fick tag på lösenorden till SAPnet. Men den här artikeln, om hur några unga män tog sig in på den skyddade sajt som gav dem tillgång till Paris Hiltons mobiltelefon, ger en del perspektiv på hackandet:
”The conversation – which represents the recollection of the hacker interviewed by washingtonpost.com – began with the 16-year-old caller saying, ’This is [an invented name] from T-Mobile headquarters in Washington. We heard you’ve been having problems with your customer account tools?’
The sales representative answered, ’No, we haven’t had any problems really, just a couple slowdowns. That’s about it.’
Prepared for this response, the hacker pressed on: ’Yes, that’s what is described here in the report. We’re going to have to look into this for a quick second.’
The sales rep acquiesced:’All right, what do you need?’
When prompted, the employee then offered the Internet address of the Web site used to manage T-Mobile’s customer accounts – a password-protected site not normally accessible to the general public – as well as a user name and password that employees at the store used to log on to the system. (—)
’Major corporations have made social engineering way too easy for these kids. In their call centers they hire low-pay employees to man the phones, give them a minimum of training, most of which usually dwells on call times, canned scripts and sales. This isn’t unique to T-Mobile or AOL. This has become common practice for almost every company.’ (—)
Large organizations that maintain numerous branches around the country are especially susceptible to social engineering attacks, said Peter Stewart, president of Baton Rouge, La.-based Trace Security, a company that is hired to test the physical and network security for some of the most paranoid companies in the world: banks.
More often than not, Stewart says, his people can talk their way into employee-only areas of banks by pretending to be a repairman or just another employee. In most cases, the break-in attempts are aided by information gleaned over the phone.
Paris Hilton Hack Started With Old-Fashioned Con
Det är ingen idé att försöka få tag på lösenord vid huvudkontoret, berättar artikeln också: helst går man via ett lokalkontor nånstans på landet. Skövde?
(Via infontology: Spännande experiment på Craigslist, 9 sep 2006.)
Relaterat: om tappade mobiltelefoner, säkerhet och integritet i Business Week, med flera länkar i kommentarerna: Stolen Cell Phone and Breaking Down Boundaries, 30 aug 2006.
Andra bloggar om: dataintrång, sapnet, folkpartiet, paris hilton, t-mobile, integritet, mobiltelefoner
Kategori: Webb och IT
Kommentarer
Kommentera