Category Archives: Social Engineering

Want to learn more about Social Engineering?

Filed under Social Engineering
Tagged as ,

Of course you do!

If you don’t know who Chris Nickerson is…then you should. Chris is the founder of Lares Consulting, was on the Tiger Team TV show and also a frequent speaker at security conferences who talks about tiger team/red team operations. He also talks about how social engineering is more important then ever to include in your penetration testing program. I couldn’t agree more! In fact, he’s giving a free webcast with Mike Murray on March 10th called “Modern Social Engineering – A Vital Component of Pen Testing”.

Via the Carnal0wnage Blog:

“The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?

To find out, we must do as Sun Tzu taught. “Think like our enemy!” That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn’t it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads… literally. It is only a matter of time before corporations feel the pain of wetware hacking requiring a new approach to testing and defense. “

You can sign-up for the webcast here. Also, Chris and Mike are doing a “Social Engineering Master Class” at ChicagoCon this year which looks awesome! Looks like there are only 25 seats so check it out if you can. Interestingly enough Chris has just started blogging so be sure to check out his blog. If that wasn’t enough…we (Security Justice) recorded a special edition podcast with Chris in which he talks about his adventures on the Tiger Team TV show.

Social Engineering Used in Museum Heist

Filed under Social Engineering

<%image(20080610-bear_spray.jpg|132|90|Bear spray is no joke)%>

Classic social engineering at it’s best…a professional thief (or thieves) apparently got away with over 2 million in rare art and jewelry. Pretty much sounds like a movie scenario! From the CBC article:

“Four hours before the break-in on May 23, two or three key surveillance cameras at the Museum of Anthropology mysteriously went off-line.

Around the same time, a caller claiming to be from the alarm company phoned campus security, telling them there was a problem with the system and to ignore any alarms that might go off.

Campus security fell for the ruse and ignored an automated computer alert sent to them, police sources told CBC News.”

Wonderful. It gets better…

“Then, as the lone guard working overnight in the museum that night left for a smoke break, the thief or thieves broke in, wearing gas masks and spraying bear spray to slow down anyone who might stumble across them.”

Bear spray you say? Yes sir…bear spray is some serious stuff. It’s like regular self defense pepper spray but “super charged”! By the way…what’s the deal with the surge in “bear spray” related crimes in Canada? Can anyone in Canada verify a serious bear problem up there? 😉

They still haven’t caught the thieves. These guys were good. Goes to show you yet another example of “no tech” hacking and how humans are always the weakest link in security.