Real Life and the Application of Social Engineering Part II

 

Hello again,
I see you’re back for more. This is the part of the story where I kinda hit rock bottom. During this part, I effectively, for all intensive purposes, shot myself in the foot.  There is no better vision than hindsight.
Enjoy the 2nd part in this series.

A few years later, I started to clean up my act and enrolled in the local university. I was studying architecture with a minor in Russian and even spent 2 different summer study abroad semesters at Moscow State University, Russia.  At the same time, I was also working 3 jobs:  bartending at a Metal Club, stage hand for national touring acts at local concerts, and as a handyman; burning the candle at both ends and in the middle, so to speak.

This led to my involvement in the drug scene (Weed, Coke, and Speed).  This wasn’t the smartest thing I could have done, but I was sure I could “handle it”.  Well, that turned out to be bullshit! Drugs always catch up with you and after 6, almost 7 years of having no problems while on probation (not counting the stupid insurance escapade), I was assigned a new Probation Officer (PO).  Like most new PO’s would do, she decided to drug test me.  Of course, I failed by ‘popping hot’ (i.e. testing positive) for Weed. This was the one time I didn’t buy the urine cleaner from the local head shop and by chance, it was the one time I got tested.  I was arrested and after I was able to bond out through my lawyer, I turned super duper stupid.  I started doing Cocaine like it was candy.  I ended up ‘popping hot’ for Coke 3 times before I even went to court for the first Motion to Revoke. Suffice it to say, not my proudest moment.

By this time, the court had a new judge sitting on the bench.  As luck would have it, another fortunate hand was dealt to me.  Needless to say, I was a mess and not thinking like a rational intelligent human being at this point.  I was still smart enough to ask a county sheriff buddy of mine, who moonlighted as head of security at a local “metal music scene” bar, for his advice on a lawyer. He recommended a lawyer who was my judge’s best friend and with a $1,000 campaign contribution (in my lawyer’s name), I was able to convince the judge to let me finish the school semester before I turned myself in for a stint at rehab. My lawyer told me that my judge was asking him for a campaign contribution and asked me to cover it.  (**Disclaimer** In all honesty, the lawyer could have just been scamming me for an extra grand.)

EXPLOIT USED:  The personal relationship between my judge and my lawyer.

VULNERABILITY EXPOSED:  The ‘good old boy system’ is alive and well.

PATCH:  If anyone has the answer to this, they need to run for office.  I’m sure their views will change promptly.

My new Probation Officer was livid.  She was already making me report weekly for a urine analysis (UA) drug test since she wanted to revoke my probation and send me away to prison for the full original 10 year sentence I received for burglary. Understandably, I wasn’t a fan of her plan.  I had already completed 7 years, or so, of probation with no problems (again, not counting the insurance card incident) before this drug mess started.  She turned into the biggest bitch I have ever had the pleasure of meeting!  When my Russian final exam was moved to a Friday (the day after I was supposed to turn myself in) and she didn’t believe me, she put out a warrant for my arrest.

Unbeknownst to my Probation Officer, when I was at my lawyer’s office one day, I had the paralegal check to see if I had any active warrants.  I watched the paralegal call the warrant hotline and check.  After observing this activity, I would regularly call the warrant line myself and pretend to be a paralegal checking the warrant status for “my client”.  I wanted to find out if I was going to be arrested when I reported in to my PO. (I mostly wanted to see if I needed to catch a ride or if I could drive myself to the Probation Office.) This was in the days when Caller ID had just come out and the Warrant Office didn’t have it yet.  In addition, the Warrant Office was listed in the phone book (the paralegal looked it up too)… So I knew every time my PO had a warrant out for my arrest.

EXPLOIT USED:  Use of professional “lingo” to gather information not provided to the public. I have since been informed that this information is now legal and easily obtained on the internet. But back a decade ago, while i’m not sure if it was illegal, it definitely wasn’t public knowledge that you could have access to warrant status’.

VULNERABILITY EXPOSED:    The public listing of the warrant hotline opened itself up to attack by a Social Engineer. With minimal knowledge of the professional phrases used, an unauthorized individual was able to obtain restricted data.

PATCH:   Better staff training.  Implementing an authentication system for law firms requesting data.  As I said, this was in the days when Caller ID was first introduced and even though this can be spoofed today, I’m sure that this would have at least helped them catch on to my activities.  The simplest way to prevent this type of attack would have been to have a call back policy in place, where the Warrant Office calls back the person who made the request. That would have stopped me in my tracks. At that time, I didn’t know how to spoof phone numbers.

 

So again, I need to emphasize that this was not my finest hour, but it was good enough for the moment. That was pretty much all I was capable of during that stretch.  It was like trying to juggle while looking into a spotlight. Looking back, all I needed to do was turn my back to the light. Tune in next week to see how I became an International Felony Fugitive, conned my way into a overseas military community, and lived with a Police Officer.

Robert Gude

Editing: Jay Trinckes