Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: How to rob a bank: A social engineering walkthrough

Jim Stickley | Oct. 27, 2011
If a company hires us for a social engineering engagement, typically they want us to get in and get to their back-up tapes, or into the data in their document room.

By the time it's over, we've stolen stuff, and gotten access to log-ins and passwords because we've been recording that information with the key logging devices, whether it be online sites or local accounts on their system. Weve been on their wireless network and have been able to hack into that as well.

When we've done everything we need to do, the last thing we will do is a dumpster dive. Its miserable, but it's crazy how lucrative it is. We show up with rubber gloves and start ripping bags open. It's amazing how much confidential information ends up in the trash. [Also see A real dumpster dive: Bank tosses personal data, checks, laptops.]

When we show up after the engagement to present what we found, there is often a total look of shock on the employees' faces. But it's a learning experience we hope they will all learn from. It's stuff they never thought would happen. If you talked to them a week earlier, they never thought they'd fall for some of the stuff we pulled. But now they see it can happen, and it can happen to them.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.