So what got you into Social Engineering?

Social engineering is the art of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim.

So what got you into Social Engineering?

Post by higHClass on Fri Sep 03, 2010 6:43 am
([msg=44781]see So what got you into Social Engineering?[/msg])

For myself, it was after reading up on Mitnick and his antics. It really got me because I am already an exceptionally good liar and story teller and have unknowingly done SE in the past. (not for bad)

Yes, strong first post, I know. I am interested in other SE people. I can't hack my way out of a paper box or crack a nut open but I can lie and tell stories like a mother fucker.
higHClass
New User
New User
 
Posts: 4
Joined: Fri Sep 03, 2010 5:15 am
Blog: View Blog (0)


Re: So what got you into Social Engineering?

Post by tremor77 on Wed Sep 15, 2010 3:36 pm
([msg=45828]see Re: So what got you into Social Engineering?[/msg])

I've used some gray-hat SE techniques for various endeavors, often work related... its amazing the things that you can accomplish by stating your name, title and a company that you represent. I work for a media company and some of the things that I do require taking over a client company's website and revamping it top to bottom... not just design but often setting up new hosting, gaining control of the domain name that some 3rd party purchased on their behalf, getting into their existing hosting account to retrieve files, images, and other data. A typical SE in this regard may go something like this...

After gathering as much information as possible. Company X, Company X CEO Name, website - CompanyX.com and current DNS records from WHOIS, whatever internal documentation from Company X that I've been able to get... I place a called to Webhost Y.

Me: "Hello Webhost Y, this is Tremor from Z Media calling on behalf of Company X. Company X has recently contracted us to redesign WebsiteX.com. I have been authorized to speak on behalf of Company X CEO Name and I have been tasked with gaining access to their hosting account at Webhost Y. You may call Company X at 123-456-7890 to verify our contract agreement. Company X has ended it's relationship with Old 'Design Company B' with whom they seem unable to contact for username and password to the ftp account. I do believe that 'Design Company B' is just some graphic designer operating out of his garage and he is just upset that he lost an account... haha.. you know how that is right?"

Webhost Y Rep: "Totally."

Me: "Anyway, we here at Z Media looked at your services at Webhost Y and find them to be of good quality and fair pricing, at this time we see no reason to change hosting service for Company X."

-That's the hook... You're not going to get what you want if your taking something away.. stroke the ego.

Me: "Anyway... Company X really wants to get off the ground with their new design so we were hoping to get access to the FTP... and Design Company B seems to have gone off the reservation. Additionally, we we're considering upgrading to your platinum hosting plan, so if you could a quote that I could pass by accounting that would be handy."

Webhost Y Rep: "No problem I'll send it right over. For the FTP the username is CompanyX and the password is also CompanyX."

Me: "Oh gee not very secure! We probably ought to fix that... thanks for the help."

Webhost Y Rep: "No problem, if you have any questions in the future you can call my extension directly."

---- And that's been the story atleast a dozen times. Goes pretty much the same acquiring a domain name transfer authorization code... sometimes have to fax a change of e-mail address to the registrar on company letterhead but that's easy enough. And I'm pretty astonished at how easy it was... I know that I am legit when I do this, but I can't help but think how it could be easily done by someone else with malicious intentions.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 884
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: So what got you into Social Engineering?

Post by 0xBEEF1337 on Sat Oct 02, 2010 4:15 pm
([msg=46917]see Re: So what got you into Social Engineering?[/msg])

Delete.
Last edited by 0xBEEF1337 on Sat Jan 29, 2011 3:21 pm, edited 1 time in total.
0xBEEF1337
Experienced User
Experienced User
 
Posts: 75
Joined: Wed Jul 07, 2010 11:34 pm
Blog: View Blog (0)


Re: So what got you into Social Engineering?

Post by insomaniacal on Sat Oct 02, 2010 6:09 pm
([msg=46927]see Re: So what got you into Social Engineering?[/msg])

Social Engineering started for me when I was a "bad" child at school. Knowing how far to take lies, when and how to kiss ass, and how to present yourself as a certain kind of guy is essential for having a good time at school, while not getting kicked out.

Prank calls and such also helped.

Social Engineering is an extension of that, it's not something I tried learning, it's just something that naturally happened, as it does with everyone to a point.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: So what got you into Social Engineering?

Post by Werevamp999 on Tue Oct 19, 2010 6:25 pm
([msg=47810]see Re: So what got you into Social Engineering?[/msg])

I went to catholic school for the majority of my schooling years, and I absolutely hated it as I was atheist for 7 of those 8 years. (i got kicked out before my 9th) Anyway, it started there, escalated with the book The Art of Deception (A++ would recommend) and peaked when I -almost- stole someones MasterCard #s. I told her before she gave me them that I was a fake though
Werevamp999
New User
New User
 
Posts: 12
Joined: Fri Oct 15, 2010 7:05 am
Blog: View Blog (0)



Return to Social Engineering

Who is online

Users browsing this forum: No registered users and 0 guests