Spies from all around the world are taught different methods of “fooling” victims into believing they are someone or something they are not. In addition, to being taught the art of social engineering, many times spies will also build on credibility by knowing a little or even a lot about the business or government they are trying to SE.
Sometimes an event happens in which we do not condone or support the outcome yet we can learn from the situation by:
- Implementing the methods that were used
- Learning how to defend ourselves by reviewing the methods used in other attacks
One such situation involving the Dalai Lama can be found here.
What We Can Learn
- What was their goal?
- “used sophisticated social and computer engineering techniques to trick the Dalai Lama’s office into downloading malicious software”
- How did they make the staff click on the software?
- “The software was attached to e-mails that purported to come from colleagues or contacts in the Tibetan movement”
A mix of social engineering and a client side attack shows some serious vulnerabilities in the people involved.
Why Was This Successful?
It plays on the trust that most people feel towards other people. That trust will make people give information, click on a link and be overly friendly with those who do not deserve it.
This news story that we archived locally about a high school in Philadelphia Pa, USA will show a very disturbing case of spying.
Lower Merion School District issued laptops to over 1000 students in their school district. One day Blake Robbins came to school and was handed a disciplinary note for “improper behavior in his home”. After some research they found out that their school issued laptops all have web cams on them. Those web cams can be turned on remotely. It seems that the admins/teachers had turned on the web cams and viewed the students acting in ways that would get them in trouble. The implications of this type of spy action are astronomical. For the full story we have it archived here.