Hackers will utilize social engineering many times because the human weakness factor is so much easier to penetrate than the network weaknesses. Many times hackers “win” when it comes to the battle because they are not limited by time or lack of motivation. Whereas the normal IT Director goes home at 5 or 6pm, the hacker will work 24 hours a day to accomplish his/her goal. After they have spent the time and due diligence to research every aspect of the target they can launch an all-out attack on the human infrastructure that can literally devastate a company in a matter of minutes. Obtaining personal information, password, remote user accounts and more the hacker will then use this information to launch a technology attack on the target.
We have collected just a small sampling of examples from the internet to show how devastating or how easy these attacks are and what can the consequences be.
This older story found on the CNET shows just how seemingly useless information can lead to an attack.
An AOL tech support member was called and the attacker spoke with them for over 1 hour. During the call the attacker mentioned his car was for sale. Using rapport building skills and a friendly voice he gained trust with the AOL employee quickly. The AOL employee showed interest in the attacker’s car. The attacker sent the support rep an email with a photo. Instead of sending a photo though, he sent a back-doored exploit that busted through the AOL firewall giving the attack access to AOL’s internal network. Before he was stopped he had accessed over 200 accounts gaining all their personal information.
Fluffi Bunni was an extreme group of underground hackers that combined social engineering and hacking skills to wreak havoc on companies.
They started an attack after the incidents in New York, USA on September 11th vandalizing website with a message that said “Fluffi Bunni Goes Jihad.” That landed them a spot on the FBI’s radar. The story that was posted on crimer-research.org can be found archived here.
Probably one of the most notable attacks is discussed on the bottom of the page from this infomit.com information page archived here. This article discusses how using social engineering an attacker can build trust and then gain access to a network. It then cites the example of how Fluffi Bunni defaced 100 websites in one day including attrition.org and securityfocus.com, using hacking and social engineering skills.
Mark Rifkin used a combination of social engineering and plain old guts to pull off a large bank heist in the 1970′s. This article on bookrags.com gives us Mark Rifkin’s whole story and we can read the TIME MAGAZINE article of his exploits archived here.
The Badir Brothers
This is an amazing story of three brothers born blind in Israel who became notorious phone phreakers and social engineers. It is reported at one point they could even tell you the number you dialed by the tones without being able to see you dial.
The interview that was done by Wired Magazine is archived here.