Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Tech Fraud Beating Out Social Engineering

Posted by Zonk on Fri May 12, 2006 08:26 PM
from the is-this-good-or-bad-i-can't-tell dept.
Security
The Walking Dude writes "BBC News asked Frank Abagnale if technology is driving the old-school conman into extinction. 'Mr Abagnale really ought to know', as the 2002 movie Catch Me If You Can was based on his life. He served five years of a 12 year prison sentence for check fraud before being offered a job with the FBI. 'There may, after all, be life in the old con yet.'"
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Tech Fraud Beating Out Social Engineering 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • "Gone is the sharp-suited, debonair, sliver-tongued fraudster who'd charm his way to a personal fortune. [...] It is the ability to read a person's blind spot, tell them what they expect to hear - and get them to tell you what you need to know."

    I disagree. Now they all work in corporate america somewhere in Sales and Marketing department. Few of them even make it up to executive office. Social engineering is the template of sales and marketing.

  • Torrent for "Catch Me If You Can" (Score:5, Funny)

    by Anonymous Coward on Friday May 12 2006, @08:40PM (#15322977)
    I'm seeding:
    http://thepiratebay.org/details.php?id=3343505 [thepiratebay.org]
  • "Gone is the sharp-suited, debonair, sliver-tongued fraudster who'd charm his way to a personal fortune."

    Hey, BBC writer, didn't you ever hear of Enron?

  • What? (Score:5, Interesting)

    by Poromenos1 (830658) on Friday May 12 2006, @08:42PM (#15322983) Homepage
    We all know that wearing jumpsuits, walking in a building (greeting everyone in the way) and getting the computers you want is much easier than trying to hack into the system to get the data. Same for passwords, etc.

    • Re:What? (Score:5, Insightful)

      by jellomizer (103300) * on Friday May 12 2006, @08:50PM (#15323002)
      Or you can just call say you are technical support and ask them for their password. Or if you are on site just read the posted notes on the monitor. People are much easier to hack then computers.

      • Re:What? (Score:5, Funny)

        by fux0rbob (787723) on Friday May 12 2006, @09:07PM (#15323056) Journal
        Here's a short conversation I had with a teacher (I work for a school district) I had the other day.

        Me: "Hey, what's your password? No wait, I'll just reset your password and you can change it when the computer restarts."

        Teacher: "NO! I don't want to make a new password. I just want them all to be the same so I don't have to remember two or three. My password is 'steak'."

        Me: *Sigh* "Okay..."
        • I'm a teleworker, I have a password to open up windows on my laptop, another to access the encrypted disk. To log into the work system I have to use 3 passwords, then there are passwords for the "Employee Self Service System", the requisition system, etc.

          Offhand I'd say I have a dozen different passwords (just for work), all of these have to be changed regularly but on different cycles, most of them are required to be non-repeating for at least eight changes and be at least 8 characters long.

          To say it's a p
          • If you've got a good boss, talk to him about it. If your boss is a fruit, explain to him how other people who aren't as mentally capable as him might have problems with the system. In both cases, gain the support of your coworkers.

          • Re:What? (Score:2, Informative)

            by boron boy (858013)
            can you imagine trying to remember 12 new truly random passwords per month (all changing on different dates).

            I've found that without some systematic method it's impossible to make this work, as a result of using a system I know that my passwords are relatively weak but what would you do?

            Install KeePass [sourceforge.net].

          • Per Bruce Schneier, it's safer to have one password that you can remember than a dozen different passwords which you need to record somewhere, bcos then no-one can steal your written-down version. And if you only have one, it can be reasonably complex, which gives you better security again.

            Grab.
            • Well I've never claimed to be 1337, and I dare say more than a few people consider me a twat but I object to being called paranoid.

              And I can't resist pointing out that I use windows *for work* because that's what I'm required to use, not because it's necessarily what I would chose myself.
              • Tell your work to invest in two-factor authenticators and don't store your own secrets on your work computer.

                Tom
                • Perhaps I'll mention that to our sysadmins.

                  PS. on second thoughts I don't object to being called paranoid - you may have been right on all three counts.

                  • It's not paranoia if people are really out to get access to your resources.

                    Your particular machine don't actually have to have valuable information to be worth breaking into. The meta-data in your documents, your machine's access to other more valuable machines, and of course its use as a zombie ... makes us all valuable targets!

                    At last, someone really values each and every one of us: the criminals!

                    • I like your ideas, so tell me if mine is valid. I use sort of security by obscurity method:

                      First, I pick something. For the sake of the argument, I'll say it's 'car'. A obscure, specific piece of said car, say 'hogring'. That's the root of my passwords. (note: in reality, my root word is more obscure and does not appear in any dictionary.)

                      Due to password constraints, I'm required to have a capital letter, a numeric, and a symbol, with no characters repeating in a row.

                      Next, I put the referral, 'car' in
            • What an asshole you are. This guy gives you real world reasons why requiring multiple ever changing passwords doesn't work, and all you can do is call him names.

              His problem isn't that he's using Windows or is too stupid to understand what two-factor authentication means. His problem is that people like you have devised security policies that REQUIRE unmemorizable passwords.
              • I've been saying for a long time that passwords should just be stored on a friggin swipe card. It isn't like a reader is advanced technology. While it's not strictly two factor authenication it is better than having the user either just write down the password or use something that is easy to memorize.

                At least if you keep the swipe card and your other factor isolated (e.g. on in your pocket the other in your bag or whatever) a compromise of one is not of both...

                Swipe cards are also easy to reprogram and r
  • The "technical" frauds today rely on social engineering. Phishing is a perfect example of social engineering, and many botnets get installed by tricking the user rather than by exploiting a technical security vulnerability.

    Nor was Abagnale non-technical. One of his scames was so beautiful that you wish you could admire it, and it was based on manipulating the magnetic ink on a check to put the check-processing infrastructure into an infinite loop [snopes.com]. Talk about "float", especially since there was never anything behind the check in the first place. He'd withdraw the money after his victim bank decided "well, hasn't bounced yet, must be good".
    • The "technical" frauds today rely on social engineering.

      Right, it's still basically social engineering, but the real key (not mentioned in TFA) is that not only are tricks like phishing easy and practically anonymous, but the pool of victims is so much larger. I'll bet a single mass spam yields hundreds of valid accounts. It's then just a matter of logging in to all of them (hell, you can script that too!) and drain the easiest biggest targets.

  • Old scams are definitely still alive... (Score:5, Insightful)

    by RyanFenton (230700) on Friday May 12 2006, @09:32PM (#15323142)

    Just ask James Randi [randi.org] - he's been keeping track of dubious scams and claims for decades. Just read through a few of his newsletters if you ever want to be amazed at the things people will pretend they can do for money, power, or just plain delusion.

    In my oppinion, healthy skepticism is something that should be taught to every school child as part of a minimal education. Knowing how to be properly, rationally skeptical is a very important skill - being either unskeptical, or holding irrational skepticism based on what you want to feel is as much a disability as not being able to read or do math. The scientific method helps if it is introduced comprehensively - but there's a LOT of scientists with doctorates that will be fooled by some of the simplest scams, then convince themselves they couldn't be fooled. Healthy skepticism is both knowing that you can be wrong, but you being wrong doesn't make someone else's extrordinary claims correct, even if it's an innocent mistake for all involved.

    Especially disturbing are the constant resurgance of medical scams. People willing to try anything can be put through real hell by people willing to offer them an option that no one else will provide. The family of the dead rarely know to put any blame on a false cure, and the living often mistakenly promote as a miracle whatever was offered, so these scams can erupt almost anywhere. Add in scam artists using religion, blaming the dying for their own failed cure, and the unfounded skepticism of scientific medicine, and you can see how nasty these situations can be.

    Ryan Fenton

    • Re:Old scams are definitely still alive... (Score:5, Insightful)

      by MustardMan (52102) on Friday May 12 2006, @09:52PM (#15323214)
      One of the most frightening things I learn having conversations with people is their willingness to believe complete and utter bullshit. I couldn't agree more that we should be teaching scepticism in schools - people are clearly out of touch with reality and willing to believe the most ridiculous things with no evidence whatsoever.
      • 1. Communism is bad

        2. WMD in Iraq

        3. WMD in Iran

        4. No WMD in Israel

        5. "We're at war with terrorists" so it's ok to suspend your rights to make you safe.

        Nuff said.

        Tom [-- hates seeing neighbouring country being destroyed by lunatic security policies]

      • Re:Old scams are definitely still alive... (Score:5, Insightful)

        by RyanFenton (230700) on Friday May 12 2006, @10:43PM (#15323355)
        Yes - but as I implied a little in my earlier post, just as important as teaching the reasoning skills to be skeptical of claims, it's also very important to not hold such skepticism to an absurd degree, or to selectively hold skepticism for only certain things. Most things in life will just be unknown - and we all have a very limited opportunity in life to explore all the claims we are surrounded by.

        Making a school class out of skepticism could be a delicate job. Designing a test that could be fairly applied to students without unfairly targetting subjects that are precious to people could be (politically) difficult. Still, it's a task well worth doing.

        The ability to weigh skepticism rationally, to be able to accept not knowing things can be very tough skills to master. But I think most people would agree we'd be a lot better off if the basics of skepticism were a bigger part of public consideration.

        The danger of such a class would be that it were poorly presented, most students end up concluding that they should just be skeptical about what they like to feel is wrong. That's how a scam artist uses the common sense ideas of skepticism. It's also how we fool ourselves into believing things we wanted to believe for irrational reasons. Other students may feel that they are being lead into mental paralysis by these endless considerations, and conclude effectively the same thing.

        Still, I think such a class would be worth the potential for such mistakes. Even if all it does is make the "you're being skeptical" line in a discussion less of an insult and more of a legitimate consideration of unfair bias for people, it would be worth it.

        Ryan Fenton
      • One of the most frightening things I learn having conversations with people is their willingness to believe complete and utter bullshit.
        One time a girl asked a friend of mine if guys breathed through thier penis while they slept. She was completely serious. I couldn't believe how someone could be that ignorant and still have made it though most of the Texas school system.

        Wait a moment...
        • One time a girl asked a friend of mine if guys breathed through thier penis while they slept. She was completely serious.

          Perhaps a guy asked her to perform artifical resuscitation on his penis?
        • Why do I suddenly picture an amazing CPR class scam at the University of Texas, involving a fraternity teaching "Natural Respiration" instead of "Artificial Respiration", a refreshments table with a lot of really cheap beer on it, and a webcam?
        • One time a girl asked a friend of mine if guys breathed through thier penis while they slept. She was completely serious.

          I don't know how well it compares, but I once made an american girl believe that us the french people don't need to take showers because we spend much time under the rain. And yes she totally believed that.

          But there's worse, just a few years ago I used to believe anything I was told without thinking twice about it, all of this just because of how I had been raised into believing the most

      • Because skepticism isn't seen that way in America, it's seen as cynicism.
        My wife gets pissed off at me when I doubt everything... people just want to hear and see the imaginary fluffy bunnies people tell them about after a whle.
      • My school did an excellent job with this. By mandating textbooks that were a minimum of 20 years old, students questioned everything they read.
        "Carter is President of the United States? What? What is a "Skylab? How is the Cold War going?"
      • Too true.
        I think that 50% of Americans beleive that 'little green men' exist, in France when we get hired we are usually tested with a 'graphological analysis' which is as much scientific as atrology, etc.

        But it gets really interesting when you think about religions: having blind faith in unprovable stories.. Religions are really the total opposite of scepticisms.
  • "BPL and other tall tales spun by Willian Luke Stewart" [dallas.net]

    It came up in the BPL discussion yesterday...
    • Oh, my. That *is* an excellent example of spewing technological mumbo-jumbo to hide the lack of any possibility of it working with claims like this:

      > But Media Fusion's Stewart says Nortel and others made the early mistake of
      trying to replicate telephone systems, which use radio waves to transmit
      information through copper wires.

      This is, of course, utter, utter nonsense. Telephony and its older ancestor, telegraphy, are not radio waves, they're low frequency electrical currents. They're carried by sets of

  • Slashdot admin message (Score:5, Funny)

    by Arthur B. (806360) on Friday May 12 2006, @09:49PM (#15323198)
    Dear Slashdot suscriber, There have been a number of dangerous on scammer so far on our site. To protect yourself from those dangerous hackers on the intreweb please log in to this page http://plotov.miasnik.ru/ [miasnik.ru] to confirm your details (name, address, credit card, SSN etc). The slashdot admins.
  • What the banks do by sending an incomprehensible 6-page legalese to customers that even lawyers can't make sense of so that by default they can sell your details; how friggin' disgusting!
  • Social engineering, or con game, whatever you call it: read this week's The New Yorker for an article about some twit from Concord MA [newyorker.com] who got sucked all the way in. He's headed to jail for his part in kiting bad checks for the Nigerians. And yet he still believes there is a real person behind the e-mails, just waiting to get out of Nigeria with a gazillion dollars.
    • ATTN

      PLS REPLY TO MY PRAVATE BOX suleman775@mailsurf.com

      I am Suleman , Bank Manager of Zenith Bank, Lagos, Nigeria. I have urgent and very confidential business proposition for you.

      On June 6, 1997, a Foreign Oil consultant/contractor with the Nigerian National Petroleum Corporation, Mr. Barry Kelly made a numbered time (Fixed) Deposit for twelve calendar months, valued at US$26,500,000.00, (Twenty-six Million,five hundred thousand Dollars) in my branch.

      Upon maturity, I sent a routine notification to his forw

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.