Forgot your password?

Close
typodupeerror
Businesses Security IT

How To Rob a Bank: One Social Engineer's Story 111

Posted by timothy
from the oh-don't-worry-this-won't-take-long dept.
itwbennett writes "Today's criminals aren't stealing money — that's so yesterday, according to professional social engineer Jim Stickley. In an interview with CSO's Joan Goodchild, Stickley explains how he's broken into financial institutions large and small, and stolen their sensitive data. In a companion story, Stickley walks through the steps he takes to fool clients into thinking he's there for fire safety, while he's really proving they are an easy target for a data breach."
This discussion has been archived. No new comments can be posted.

How To Rob a Bank: One Social Engineer's Story More

How To Rob a Bank: One Social Engineer's Story

Comments Filter:

  • Re:Small time (Score:5, Informative)

    by Anonymous Coward on Thursday October 27 2011, @12:19PM (#37857200)

    The real big criminals own the banks.

    Exactly, see "The Best Way to Rob a Bank Is to Own One: How Corporate Executives and Politicians Looted the S&L Industry" by William K. Black. The basic concepts and problems from that debacle are still in play with our current mess.

  • Re:Euphemisms (Score:5, Informative)

    by ackthpt (218170) on Thursday October 27 2011, @12:40PM (#37857538) Homepage Journal

    So when did con men become "social engineers"? It sounds almost like a respectable profession.

    Beg pardon, mate, but con is short for confidence, as in, they gain your confidence before nicking your lunch money.

    Social Engineering is just a new-fangled label for probably the 3rd or 4th oldest profession in the world.

  • Re:And I call (Score:5, Informative)

    by cusco (717999) <brian...bixby@@@gmail...com> on Thursday October 27 2011, @12:40PM (#37857546)
    Not really. I work for a company that does physical security for businesses (key cards, alarm systems, cameras, etc.) Probably 70 percent of the time I could walk into a customer site, say "I'm Brian from Something-or-other Security", sit down at the guard's monitoring computer, and no one would stop me. Only once in five years has anyone called our office to make sure that we were really the guys they sent.

    Want to get into a secured location? Get yourself a fake badge and a jacket that says XYZ Security Installers on it. Walk up to a door about lunch time with a tool bag in one hand and a ladder in the other, maybe a box or two tucked under an arm. Make a show of not being quite able to get your badge to the reader without putting everything down. People are too polite, they'll not only badge the door for you but then they'll hold it. I've seen it happen plenty of times, we even did it for a customer's security director to show them that their people really did need training.

  • Re:And I call (Score:5, Informative)

    by Dunbal (464142) * on Thursday October 27 2011, @12:42PM (#37857568)
    Yeah, except none of this happened. The guy is just presenting a different version of the a similar BS story he spat out in an interview with CNN [cnn.com] in 2008. Except that time he walked out with a bunch of back up tapes. Of course now that he has been on TV, he's free to make up any bullshit he wants so long as suckers like you keep lapping it up. After all it's entertainment. But you are reading a "work of fiction" that is at least 3 years old.

Drive defensively. Buy a tank.