1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Social Engineering

Discussion in 'Computer Security' started by ffreeloader, Aug 16, 2005.

  1. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Today I received an email with some pretty decent social engineering in it. It's a "job offer" to work with US financial institutions for a "German company" organizing "financial flow" in and out of the US. No education or experience needed.

    Now, it just so happens that a guy here in the US got himself in deep trouble not too long ago for shipping products and money in and out of the US. It turns out he got started in this when he answered an email like the one below. He liked the money because it seemed to pay so well for the amount of work he had to do. Turns out his bank account was emptied and a whole lot of other nasty things happened to him too such as people unknown to him using his bank account for large sums of monetary transfers.

    What follows is a copy of a portion of the email header. The email address showing as the return address was ledzeppelin.com.

    Notice that this "German" company is sending email through The Moscow Times. The guy that got way in over his head was working with the Russian mob.

    Hmmmm..... I wonder who sent me this email. Must be some find upstanding citizen wanting to lend me a helping hand by offering my "money for nothing".

    Anyway, I just thought I'd post this as an example of how to recognize social engineering.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  2. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    Hi ffree
    this is Pheo from the tech department
    I need your password to fix that problem you had with outlook, your welcome to change it once i've solved the problem


    still works :)
    hell users throw thier passwords at us, its rediculous

    nice find tho, organised crimes really getting into high tech shite and identity theft these days, its a booming industry :)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  3. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Just a minute. Let me get my cell phone and I'll tell you my bank account numbers personally. That will be a secure way to transmit them to you. :biggrin

    It's funny how many ways we transmit personal information over totally insecure means of communication. I used to work in a small town on the Oregon coast. The company I worked for did work on the A/C for the local cell phone provider and one day while I was there working I happened to be in the back room where their techs worked. They were listening to what I at first thought to be two-way radio transmissions but there were some very personal things be said. I finally commented that I couldn't believe these people would say such things on the public air waves and the techs laughed and said, they're not talking on radios, they're using their cell phones.

    We were listening in on cell phone conversations. Anyone with the right receiving equipment can do it as all cell phone calls are broadcast unencrypted. A cell phone is no more private than a two-way radio. It's just something to remember next time you're on your cell phone talking to your girl friend, your bank, etc.... There should never be any assumption of privacy where a cell phone is concerned.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  4. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    indeed, ofcourse the techs in question should of been fired

    whilst it is possible to do something, if your in a position like that it doesnt mean you should do it
    a doctor could run around telling everyone said tech had a bucket load of STDs, but they dont, because its not right, doesnt mean they cant



    good thing i talk to my girlfriend over skype! lol
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  5. The_Geek

    The_Geek Megabyte Poster

    772
    13
    64
    Were listening? You haven't picked up a good scanner at Radio Shack lately, have you? :biggrin
     
    Certifications: CompTIA and Micro$oft
    WIP: PDI+
  6. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Yeah, but the company knew what those guys were doing. They did it openly. It had to have been common knowledge in the company because they played it over a loudspeaker in their work room every day and there were people in and out of that room all the time. It was, in fact, open to the outdoors where passers by could hear what was going on because the room had a garage door on one side so they could bring vehicles inside and it was left open most of the time. It wasn't like they were trying to hide what they were doing.

    Listening in on cell phone conversations is something that is done all the time, and by a lot of people. It doesn't take a whole lot of technical sophistication to do it either. The equipment can be purchased at most electronics stores.

    And since when has something not been done just because it isn't the right thing to do? There are millions of people on this earth who don't give a rip about about right and wrong. If there weren't there wouldn't be theives, con artists, "social engineers", etc.... What a person does for living is no guarantee of ethical behavior either. That's a matter or character not education.

    I just brought this up because it is a very real security concern that most people just completely ignore or are blithely ignorant of. I would say it's very possible to have your identity stolen just through people monitoring your cell phone calls.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  7. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Case in point. A less than top-of-the-line scanner will intercept cell phone traffic. Anyone think that any person with less than a sterling character is denied access to these?

    Thanks TG.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  8. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    Dont get me wrong ffree, I know full well its dont by many less than reputable people
    however the company in question was in a position to make a stand and say 'adios' to said employees
    seems the companies character was as questionable as the techs :)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  9. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I'm in full agreement with that.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  10. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    question is, is it illegal? if you can use off-the-shelf equipment to tune into cell phone conversations, how much different is it from overhearing two people talking on the street?
    i mean, are you liable for picking up cell phone traffic, or is the telecom provider liable for not securing its network (or for not telling its customers that the network is not secure)?
    i guess the legal details are different in each country.
     
  11. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I'm not too sure if legality even enters into this in the way we were looking at things. It's about ethics and personal care taken to limit your own self-exposure. Lots of things that are legal aren't ethical so there is a legal right and wrong, and an ethical right and wrong, and it's the latter that we've been discussing.

    Is it illegal to eavesdrop in the street? No. Is it ethical? No. So we are looking at two different things.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  12. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    i know you were talking about the ethical side of it. that's why i even brought up the legal issues in the first place. :dry
    personally i'm never really interested in ethics, being a fairly unethical person myself. but i do wonder about the legality of this particular issue. :blink
     
  13. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    It's interesting because hooking up to someone's lan line to listen to their wired phone calls is considered an illegal wiretap, but listening to a cell phone conversation isn't. Would it be illegal to record a cell phone conversation? Probably not, but I doubt law enforcement could use it as evidence unless they got a court order to do it in the first place.

    People probably think their cell phone calls are as secure as their lan phone calls (assuming that they are anymore secure) and don't give it a second thought. We all assume our lives are more private than they are.

    Think about the behavior you see people engaged in when they are in their cars. The thing has glass windows all around, but I've seen people in public, shave, eat, make out, change clothes, put on make up (while the car in is motion) :eek: probably with the idea that they were "safe" in their cars.

    I'll go with Freddy on the "ethical" side of the street. Just because something isn't expressly illegal doesn't mean it's right.
     
    Certifications: A+ and Network+

Share This Page

Loading...