Social-Engineer.org on FBI Access in Lower Merion Web Cam Scandal

default-featured-image

How would you feel if someone hacked into your computer or business and illegally captured screenshots or even camera images of you, your employees or even your family using social engineering? Now to extend that even further, what if in one of those screenshots they caught you doing something you should not have been doing, something illegal?

Would you expect to be brought up on charges, considering that those images where obtained by an illegal hacker? Most of us would probably think that we are quoting catman Social Engineer.org on FBI Access in Lower Merion Web Cam Scandalsome conspiracy theory movie… but the sad truth is that this may very well be the reality.

As you know the team at social-engineer.org has been following and blogging on the crazy story that continues to unfold in regards to the Lower Merion Web Cam Scandal. I can’t say much because as of this second we have a dedicated researcher scouring through the all of data, reports and information that has been gathered on this topic. Recently there has been in depth research into the terabytes of pictures and data collected to determine the real culpability of the school and the employees of the school.

As we have been preparing this story for release we saw a news story that just forced us to blog some information early. Here is the snippet that caught our attention:

“Plaintiffs’ counsel’s concern centers around the 50,000+ photographs and screen shots taken of other students and parents that Plaintiffs’ counsel has not examined,” Haltzman’s response reads in part. “Since the Government has not agreed to immunize all students and their parents from prosecution for criminality that could possibly be depicted in the data collected, and since it is conceded that the data collected by LMSD, a government entity, was illegally obtained in violation of the Fourth Amendment, there is concern that the Government will target, or worse prosecute, students and parents based upon the illegally obtained evidence.”

There are still parents who haven’t even seen their pictures yet and the government may intercede and grab the photos, catalog and possibly prosecute – WOW.

Previously on May 3rd
the FBI asked why so many images where taken without regard for privacy of families and especially minors. So the question comes in, who gave Lower Merion the right to intrude on those communications? Regardless of whether a student stole a computer, whether a student is a problem student or whether the parents missed an insurance payment – does it not seem inexcusable for the school to violate the privacy of minors, students and families?

What if whoever is in front of the camera is not a student or part of the school, friends, family or someone not related to a late payment or bad student? One article used a very good analogy, what if you were late on your cable bill and the cable company decided to just turn on a camera on your cable box to see if you were using the TV and for what? If we had this type of “luck” in a social engineering audit we would feel blessed, but this breach of privacy has only victims.

The lawsuits would be filed so fast it would spin your head off, and rightly so. That kind of privacy invasion is something we just can’t handle, nor should we have to.

This is just the tip of the iceburg and really doesn’t cover the real meat of this story. Our researcher is polishing the story as you read, so stay tuned and we will posting more in the next day or so.

Thanks to nick8ch for sending us the link and helping us with the research for this story.

The US 2010 Census may lead to increase in Social Engineer Attacks

default-featured-image

Even armed with this knowledge there are some things we must be aware of to avoid falling prey to a scam that can lead to identity theft. It is not private knowledge that 100 million surveys are being sent this week. You know it, I know it and all malicious scammers and social engineers know it too. Be aware of these attacks

Maltego 3 Leaked – A Social Engineers Dream

default-featured-image

The guys at Paterva are at it again. The tool that we all know and love, Maltego, has taken massive leaps into the future of information harvesting. The Paterva crew gave about 9 people in the world access to the new and MASSIVELY improved Maltego 3. I quickly installed it and after a few uses I forgot all about Maltego 2….

Stealing Credentials via Social Engineering

default-featured-image

The main objective was to compromise someone’s existing password which would provide ongoing opportunities to access all sorts of company systems in a stealth mode.

This exercise demonstrates what can be accomplished by an attacker, potentially an insider threat, in a very short period of time through non-technical means, mainly a telephone.

Client Sides and Adobe 9.3

default-featured-image

Exploit works with Adobe Javascript disabled.
Tested : successfully tested on Adobe Reader 9.1/9.2/9.3 OS Windows XP(SP2,SP3 any languages), also works with Adobe browser plugin

A new level to spearphishing

default-featured-image

Heck, most intelligent IT Admins won’t click on the link to “See Britney Naked” or “Adjust your Bank of America Account” because they know it is phishing.

But comes in the “new and improved shiny phishing”. These social engineers have done their homework.