Mitnick K.D., Simon V.L. - The Art of Deception (2003)(en)
.pdfjuggling schedules to find a time when all of our partners would be available sometime in the next couple of months, and was there any time slot I
should avoid, any period when Larry wasn't going to be in town? And she said, Yes, he hadn't had any time off in the two years since they started the company but his wife was dragging him away on a golf vacation the first week in August.
That was only two weeks away. I could wait.
Meanwhile an industry magazine gave me the name of the firm's PR company. I said I liked the amount of space they were getting for their robotics company client and I wanted to talk to whoever was handling that account about handling my company. It turned out to be an energetic young lady who liked the idea she might be able to bring in a new account. Over a pricey lunch with one more drink than she really wanted, she did her best to convince me they were oh, so good at understanding a client's problems and finding the right PR solutions. I played hard to convince. I needed some details. With a little prodding, by the time the plates were being cleared she had told me more about the new product and the company's problems than I could have hoped for.
The thing went like clockwork. The story about being so embarrassed that the meeting was next week but I might as well meet the team as long as I'm here, the receptionist swallowed whole. She even felt sorry for me into the bargain. The lunch set me back all of $150. With tip. And I had what I needed. Phone numbers, job titles, and one very key guy who believed I was who I said I was.
Brian had me fooled, I admit. He seemed like the kind of guy who'd just email me anything I asked for. But he sounded like he was holding back a little when I brought up the subject. It pays to expect the unexpected. That email account in Larry's name, I had it in my back pocket just in case. The Yahoo security people are probably still sitting there waiting for somebody to use the account again so they can trace him. They'll have a long wait. The fat lady has sung. I'm off on another project.
Analyzing the Con
Anyone who works a face-to-face con has to cloak himself in a look that will make him acceptable to the mark. He'll put himself together one way to appear at the race track, another to appear at a local watering hole, still another for an upscale bar at a fancy hotel.
It's the same way with industrial espionage. An attack may call for a suit and tie and an expensive briefcase if the spy is posing as an executive of an established firm, a consultant, or a sales rep. On another job, trying to
pass as a software engineer, a technical person, or someone from the mail room, the clothes, the uniform--the whole look would be different.
For infiltrating the company, the man who called himself Rick Daggot knew he had to project an image of confidence and competence, backed by a thorough knowledge of the company's product and industry.
Not much difficulty laying his hands on the information he needed in advance. He devised an easy ruse to find out when the CEO would be away. A small challenge, but still not very tough, was finding out enough details about the project that he could sound "on the inside" about what they were doing. Often this information is known to various company suppliers, as well as investors, venture capitalists they've approached about raising money, their banker, and their law firm. The attacker has to take care, though: Finding someone who will part with insider knowledge can be tricky, but trying two or three sources to turn up someone who can be squeezed for information runs the risk that people will catch on to the game. That way lies danger. The Rick Daggots of the world need to pick carefully and tread each information path only once.
The lunch was another sticky proposition. First there was the problem of arranging things so he'd have a few minutes alone with each person, out of earshot of the others. He told Jessica 12:30 but booked the table for 1 P.M., at an upscale, expense-account type of restaurant. He hoped that would mean they'd have to have drinks at the bar, which is exactly what happened. A perfect opportunity to move around and chat with each individual.
Still, there were so many ways that a misstep--a wrong answer or a careless remark could reveal Rick to be an imposter. Only a supremely confident and wily industrial spy would dare take a chance of exposing himself that way. But years of working the streets as a confidence man had built Rick's abilities and given him the confidence that, even if he made a slip, he'd be able to cover it up well enough to quiet any suspicions. This was the most challenging, most dangerous time of the entire operation, and the elation he felt at bringing off a sting like this made him realize why he didn't have to drive fast cars or skydive or cheat on his wife--he got plenty of excitement just doing his job. How many people, he wondered, could say as much?
MITNICK MESSAGE
While most social engineering attacks occur over the telephone or email, don't assume that a bold attacker will never appear in person at your business. In most cases, the imposter uses some form of social engineering to gain access to a building after counterfeiting an employee badge using a commonly available software program such as Photoshop.
What about the business cards with the phone company test line? The television show The Rockford Files, which was a series about a private investigator, illustrated a clever and somewhat humorous technique. Rockford (played by actor James Garner) had a portable business card printing machine in his car, which he used to print out a card appropriate to whatever the occasion called for. These days, a social engineer can get business cards printed in an hour at any copy store, or print them on a laser printer.
NOTE
John Le Carre, author of The Spy Who Came in from the Cold, A Perfect Spy, and many other remarkable books, grew up as the son of a polished, engaging lifelong can man. Le Carre was struck as a youngster to discover that, successful as his father was in deceiving other, he was also gullible, a victim more than once to another con man or woman. Which just goes to show that everyone is at risk of being taken in by a social engineer, even another social engineer.
What leads a group of smart men and women to accept an imposter? We size up a situation by both instinct and intellect. If the story adds up-- that's the intellect part--and a con man manages to project a believable image, we're usually willing to let down our guard. It's the believable image that separates a successful con man or social engineer from one who quickly lands behind bars.
Ask yourself: How sure am I that I would never fall for a story like Rick's? If you're sure you wouldn't, ask yourself whether anyone has ever put anything over on you. If the answer to this second question is yes, it's probably the correct answer to the first question, as well.
LEAPFROG
A challenge: The following story does not involve industrial espionage. As you read it, see if you can understand why I decided to put it in this chapter!
Harry Tardy was back living at home, and he was bitter. The Marine Corps had seemed like a great escape until he washed out of boot camp. Now he had returned to the hometown he hated, was taking computer courses at the local community college," and looking for a way to strike out at the world.
Finally he hit upon a plan. Over beers with a guy in one of his classes, he'd been complaining about their instructor, a sarcastic know-it-all, and together they cooked up a wicked scheme to burn the guy: They'd grab
the source code for a popular personal digital assistant (PDA) and have it sent to the instructor's computer, and make sure to leave a trail so the company would think the instructor was the bad guy.
The new friend, Karl Alexander, said he "knew a few tricks" and would tell Harry how to bring this off. Arid get away with it.
Doing Their Homework
A little initial research showed Harry that the product had been engineered at the Development Center located at the PDA manufacturer's headquarters overseas. But there was also an R&D facility in the United States. That was good, Karl pointed out, because for the attempt to work there had to be some company facility in the United States that also needed access to the source code.
At that point Harry was ready to call the overseas Development Center. Here's where a plea for sympathy came in, the "Oh, dear, I'm in trouble, I need help, please, please, help me." Naturally the plea was a little more subtle than that. Karl wrote out a script, but Harry sounded completely phony trying to read it. In the end, he practiced with Karl so he could say what he needed to in a conversational tone.
What Harry finally said, with Karl sitting by his side, went something like this:
"I'm calling from R&D Minneapolis. Our server had a worm that infected the whole department. We had to install the operating system again and then when we went to restore from backup, none of the backups was any good. Guess who was supposed to be checking the integrity of the backups? Yours truly. So I'm getting yelled at by my boss, and management is up in arms that we've lost the data. Look, I need to have the latest revision of the source-code tree as quick as you can. I need you to gzip the source code and send it to me."
At this point Karl scribbled him a note, and Harry told the man on the other end of the phone that he just wanted him to transfer the file internally, to Minneapolis R&D. This was highly important: When the man on the other end of the phone was clear that he was just being asked to send the file to another part of the company, his mind was at ease--what could be wrong with that?
LINGO
GZIP To archive files in a single compressed file using a Linux GNU utility.
He agreed to gzip and send it. Step by step, with Karl at his elbow, Harry talked the man there through getting started on the procedure for compressing the huge source code into a single, compact file. He also gave him a file name to use on the compressed file, "newdata," explaining that this name would avoid any confusion with their old, corrupted files.
Karl had to explain the next step twice before Harry got it, but it was central to the little game of leapfrog Karl had dreamed up. Harry was to call R&D Minneapolis and tell somebody there "I want to send a file to you, and then I want you to send it somewhere else for me"—of course all dressed up with reasons that would make it all sound plausible. What confused Harry was this: He was supposed to say "I’m going to send you a file," when it wasn't going to be Harry sending the file at all. He had to make the guy he was talking to at the R&D Center think the file was coming from him, when what the Center was really going to receive was the file of proprietary source code from Europe. "Why would I tell him it's coming from me when it's really coming from overseas?" Harry wanted to know.
"The guy at the R&D Center is the linchpin," Karl explained. "He's got to think he's just doing a favor for a fellow employee here in the U.S., getting a file from you and then just forwarding it for you."
Harry finally understood. He called the R&D Center, where he asked the receptionist to connect him to the Computer Center, where he asked to speak to a computer operator. A guy came on the line who sounded as young as Harry himself. Harry greeted him, explained he was calling from the Chicago fabricating division of the company and that he had this file he'd been trying to send to one of their partners working on a project with them, but, he said, "We've got this router problem and can't reach their network. I'd like to transfer the file to you, and after you receive it, I'll phone you so I can walk you through transferring it to the partner's computer.
So far, so good. Harry then asked the young man whether his computer center had an anonymous FTP account, a setup that allows anyone to transfer files in and out of a directory where no password is required. Yes, an anonymous FTP was available, and he gave Harry the internal Internet Protocol (IP) address for reaching it.
LINGO