How To Rob a Bank: One Social Engineer's Story 111
itwbennett writes "Today's criminals aren't stealing money — that's so yesterday, according to professional social engineer Jim Stickley. In an interview with CSO's Joan Goodchild, Stickley explains how he's broken into financial institutions large and small, and stolen their sensitive data. In a companion story, Stickley walks through the steps he takes to fool clients into thinking he's there for fire safety, while he's really proving they are an easy target for a data breach."
Small time (Score:5, Insightful)
The real big criminals own the banks.
As a victim of theft (Score:4, Insightful)
Re:Euphemisms (Score:2, Insightful)
When they get paid by the boss of the people they are engineering to help prevent real con men from doing it.
Re:Euphemisms (Score:5, Insightful)
In two years they had never failed to get a manager's username/password by the time they were finished setting up the equipment.
Re:Small time (Score:5, Insightful)
The real big criminals own the banks.
Own?
Nooooo....
The really big criminals work in top positions of banks and are well connected in government, so they only have to look slightly admonished for a few weeks after nearly bringing down the entire economy of the West and then it's back to business as usual.
They don't own banks, they pwn banks.
Re:As a victim of theft (Score:4, Insightful)
by the banks, I'm ok with the role reversal.
Old bumper sticker: Don't Steal - The Government Hates Competition
New bumper sticker: Don't Steal - The Banks Hate Competition
If you want to rob a bank, become CEO. (Score:4, Insightful)
Surely recent years has shown the most successful bank robbers run banks.
Re:I think acting as a fake fireman is a felony (Score:5, Insightful)
Either my sarcasm detector is broken (please plant your tongue further in your cheek next time), or you've entirely missed the point. Actual criminals don't ask for permission before breaking the law. That's what makes them criminals. They'll still impersonate fire inspectors.
Re:And I call (Score:5, Insightful)
Once there was an actual criminal going around a large office park at a place where I previously worked that would walk in wearing a VERY fancy suit and kindof wander around stealing laptops, electronics, etc. and then walk out. Nobody could ever identify him except that he was in a fancy suit, and nobody dared question what he was doing so as not to get in trouble for offending somebody important. Not saying any of these places were supposed to be highly secure, but was quite a problem for a while and he always got out before anyone noticed or realized what was going on.
Then he walked into our office which was a startup, and he was obviously not familiar with the "atmosphere". As soon as he got in by following behind somebody, several people said "What the **** are you wearing a suit for and what the **** are you doing here?", took a picture of him, and escorted him out.
The lesson is: You can steal more with a suit and tie than you can with a gun.
Re:Small time...Big Time was Congress (Score:2, Insightful)
But the group that sets the rules TELLS THE BANKS what they will do.
CRA, The Community Reinvestment Act demanded that banks make loans to low income areas regardless of meeting loan requirements or...the banks would be subject to having their approval to be a bank revoked by the Treasury Dept. or whoever oversaw the CRA.
The banks made the loans but said "We can't keep these marginal loans" so all the biggies agreed that FMae and FMac would take them...but then they said they couldn't hold them, so rules were made to allow them to sell into "mortgage pool securities".
The whole damned thing was pushed by the U.S. Congress.