Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Businesses Security IT

How To Rob a Bank: One Social Engineer's Story 111

Posted by timothy from the oh-don't-worry-this-won't-take-long dept.
itwbennett writes "Today's criminals aren't stealing money — that's so yesterday, according to professional social engineer Jim Stickley. In an interview with CSO's Joan Goodchild, Stickley explains how he's broken into financial institutions large and small, and stolen their sensitive data. In a companion story, Stickley walks through the steps he takes to fool clients into thinking he's there for fire safety, while he's really proving they are an easy target for a data breach."
This discussion has been archived. No new comments can be posted.

How To Rob a Bank: One Social Engineer's Story More

How To Rob a Bank: One Social Engineer's Story

Comments Filter:

  • Small time (Score:5, Insightful)

    by Hatta ( 162192 ) on Thursday October 27, 2011 @12:10PM (#37857048) Journal

    The real big criminals own the banks.

  • As a victim of theft (Score:4, Insightful)

    by esocid ( 946821 ) on Thursday October 27, 2011 @12:12PM (#37857076) Journal
    by the banks, I'm ok with the role reversal.

  • Re:Euphemisms (Score:2, Insightful)

    by Anonymous Coward on Thursday October 27, 2011 @12:19PM (#37857186)

    When they get paid by the boss of the people they are engineering to help prevent real con men from doing it.

  • Re:Euphemisms (Score:5, Insightful)

    by cusco ( 717999 ) <brian.bixby@gmail . c om> on Thursday October 27, 2011 @12:29PM (#37857342)
    It can be. I had an instructor for a computer security class whose day job was doing pen tests for financial institutions. He and his partner would arrive at a site and set up in a random meeting room. While one guy started unpacking the trunk load of computers and getting set up the other would get on the phone and start dialing branch offices. Whoever answered on the other end would get a line like, "Hi, I'm Brad, the new guy on the Help Desk. We need to reconfigure the router in your office this afternoon. The guy who normally does that is home with his sick daughter, and the only other login on the router is your manager's. Can I get their username and password?"

    In two years they had never failed to get a manager's username/password by the time they were finished setting up the equipment.

  • Re:Small time (Score:5, Insightful)

    by ackthpt ( 218170 ) on Thursday October 27, 2011 @12:35PM (#37857466) Homepage Journal

    The real big criminals own the banks.

    Own?

    Nooooo....

    The really big criminals work in top positions of banks and are well connected in government, so they only have to look slightly admonished for a few weeks after nearly bringing down the entire economy of the West and then it's back to business as usual.

    They don't own banks, they pwn banks.

  • Re:As a victim of theft (Score:4, Insightful)

    by ackthpt ( 218170 ) on Thursday October 27, 2011 @12:38PM (#37857504) Homepage Journal

    by the banks, I'm ok with the role reversal.

    Old bumper sticker: Don't Steal - The Government Hates Competition

    New bumper sticker: Don't Steal - The Banks Hate Competition

  • If you want to rob a bank, become CEO. (Score:4, Insightful)

    by bussdriver ( 620565 ) on Thursday October 27, 2011 @12:56PM (#37857826)

    Surely recent years has shown the most successful bank robbers run banks.

  • Re:I think acting as a fake fireman is a felony (Score:5, Insightful)

    by Anubis IV ( 1279820 ) on Thursday October 27, 2011 @01:10PM (#37858030)

    Either my sarcasm detector is broken (please plant your tongue further in your cheek next time), or you've entirely missed the point. Actual criminals don't ask for permission before breaking the law. That's what makes them criminals. They'll still impersonate fire inspectors.

  • Re:And I call (Score:5, Insightful)

    by ackthpt ( 218170 ) on Thursday October 27, 2011 @01:27PM (#37858338) Homepage Journal

    Once there was an actual criminal going around a large office park at a place where I previously worked that would walk in wearing a VERY fancy suit and kindof wander around stealing laptops, electronics, etc. and then walk out. Nobody could ever identify him except that he was in a fancy suit, and nobody dared question what he was doing so as not to get in trouble for offending somebody important. Not saying any of these places were supposed to be highly secure, but was quite a problem for a while and he always got out before anyone noticed or realized what was going on.

    Then he walked into our office which was a startup, and he was obviously not familiar with the "atmosphere". As soon as he got in by following behind somebody, several people said "What the **** are you wearing a suit for and what the **** are you doing here?", took a picture of him, and escorted him out.

    The lesson is: You can steal more with a suit and tie than you can with a gun.

  • Re:Small time...Big Time was Congress (Score:2, Insightful)

    by BoRegardless ( 721219 ) on Thursday October 27, 2011 @02:46PM (#37859492)

    But the group that sets the rules TELLS THE BANKS what they will do.

    CRA, The Community Reinvestment Act demanded that banks make loans to low income areas regardless of meeting loan requirements or...the banks would be subject to having their approval to be a bank revoked by the Treasury Dept. or whoever oversaw the CRA.

    The banks made the loans but said "We can't keep these marginal loans" so all the biggies agreed that FMae and FMac would take them...but then they said they couldn't hold them, so rules were made to allow them to sell into "mortgage pool securities".

    The whole damned thing was pushed by the U.S. Congress.

Slashdot Top Deals

The one day you'd sell your soul for something, souls are a glut.

Close