How To Rob a Bank: One Social Engineer's Story 111
itwbennett writes "Today's criminals aren't stealing money — that's so yesterday, according to professional social engineer Jim Stickley. In an interview with CSO's Joan Goodchild, Stickley explains how he's broken into financial institutions large and small, and stolen their sensitive data. In a companion story, Stickley walks through the steps he takes to fool clients into thinking he's there for fire safety, while he's really proving they are an easy target for a data breach."
Re:Small time (Score:5, Informative)
The real big criminals own the banks.
Exactly, see "The Best Way to Rob a Bank Is to Own One: How Corporate Executives and Politicians Looted the S&L Industry" by William K. Black. The basic concepts and problems from that debacle are still in play with our current mess.
Re:Euphemisms (Score:5, Informative)
So when did con men become "social engineers"? It sounds almost like a respectable profession.
Beg pardon, mate, but con is short for confidence, as in, they gain your confidence before nicking your lunch money.
Social Engineering is just a new-fangled label for probably the 3rd or 4th oldest profession in the world.
Re:And I call (Score:5, Informative)
Want to get into a secured location? Get yourself a fake badge and a jacket that says XYZ Security Installers on it. Walk up to a door about lunch time with a tool bag in one hand and a ladder in the other, maybe a box or two tucked under an arm. Make a show of not being quite able to get your badge to the reader without putting everything down. People are too polite, they'll not only badge the door for you but then they'll hold it. I've seen it happen plenty of times, we even did it for a customer's security director to show them that their people really did need training.
Re:And I call (Score:5, Informative)