June 21st, 2012Spearing the biggest phish
One of the major things our Social Engineering Capture the Flag events highlight is the rampant leaking of information by the very companies themselves. Defcon 19 showed us that a full-scale social engineering attacks could be carried out by simply using Open Source Information (OSI) freely available on the internet, most of which came from the companies themselves. We saw postings of access badges, full security schematics and procedure manuals, and our favorite, the full featured employee search engine!
Using the collected OSI, an attacker can wage a successful attack. Such was the case on June 11th, 2012. The hacker group UGNazi reportedly gained access to Google’s Mark Monitor account and by utilizing social engineering, convinced Mark Monitor employee, Olga Bougri, to reset the Google.com email address to the group’s email CosmoHateMail@gmail.com.
From Wikipedia, MarkMonitor is described as “a company that develops Internet brand protection software and services. … Over half of the Fortune 100 are clients of MarkMonitor, as are AAA, Facebook, Google, and the Wikimedia Foundation. It has software products for domain management, anti-fraud, brand protection and anti-piracy.” MarkMonitor’s own website touts the company as “the global leader in online brand protection, MarkMonitor delivers advanced technology and expertise to protect the reputations and revenue of the world’s leading brands.”.
UGNAzi released a full statement regarding the hack, notice their repeated mention of SE, even claiming they are “Social Engineering Gods”.
__ __ _______ ____ __ __
| | | |/ _____| | | ______ _______(__)
| | | | / __| | |/ __ |___ __| |
| |__| | |___ | | (__| |___/ /_| |
—> JoshTheGod > MrOsama > Cosmo > CyberZeist <—
“F*** With The Best , Die Like The Rest”
So, Today, we are releasing our statement on that no one on the Internet is safe from UGNazi.
On June 11th we gained access to Google’s MarkMonitor account. Our email address.CosmoHateMail@Gmail.com
Was successfully updated on Google’s Mark-Monitor Account. The agent that helped us reset the account should
get some what of credit, she helped us alot on reseting Google’s MarkMonitor account
Google Reset Image:
Mark Monitor senior account manager:
–removed personal details—
Thanks Guys!. You guys should be fired.
P.S Google, i suggest you move to a more secure registrar. but then again, we are Social Engineering Gods.
So, this just goes to show, even Google can be Social Engineered. P.S. It was Google’s Account Manager, Olga Was, so technically, we did Social Engineer Google.
We will continue to see Social Engineering used in attacks because it is cheap and extremely effective. We reported in our newsletter that one of the richest men in the world, Steve Balmer, had his debit card compromised. Now we see one of the largest tech companies, and one of the largest security companies get compromised. In both cases the methods are the same, social engineering.