Tech Fraud Beating Out Social Engineering 102
The Walking Dude writes "BBC News asked Frank Abagnale if technology is driving the old-school conman into extinction. 'Mr Abagnale really ought to know', as the 2002 movie Catch Me If You Can was based on his life. He served five years of a 12 year prison sentence for check fraud before being offered a job with the FBI. 'There may, after all, be life in the old con yet.'"
Old Con? Social Engineering in today's workplace (Score:5, Insightful)
I disagree. Now they all work in corporate america somewhere in Sales and Marketing department. Few of them even make it up to executive office. Social engineering is the template of sales and marketing.
Re:Old Con? Social Engineering in today's workplac (Score:4, Insightful)
And politicians?
Re:Old Con? Social Engineering in today's workplac (Score:1)
Strongly disagree.... (Score:2)
If you want to make your quick buck, become the President/CEO or CFO. Th you raid the shareholders capital, the pension fund and the corporate bank accounts directly. Actually with derivatives, you don't even have to raid the bank accounts (well, until you lose)!
Re:Old Con? Social Engineering in today's workplac (Score:1)
Torrent for "Catch Me If You Can" (Score:5, Funny)
http://thepiratebay.org/details.php?id=3343505 [thepiratebay.org]
Re:Torrent for "Catch Me If You Can" (Score:3, Funny)
What about all those at Enron? (Score:5, Funny)
Hey, BBC writer, didn't you ever hear of Enron?
Re:What about all those at Enron? (Score:5, Funny)
Re:What about all those at Enron? (Score:3, Funny)
Re:What about all those at Enron? (Score:1, Redundant)
Of course not... He's much too capable with a shotgun to resort to charms...
How about Schwartzinegger? (Score:3, Informative)
Ken Lay certainly had his fingers all over Cheney, but even worse, Enron basically gave the job of CA governor to Schwarzenegger. Sit down some time and watch "Enron, the Smartest Guys in the Room". Little birdies have told me it is, uh, "readily available" for download.
..or just fire up a google search. [google.com] Or Check out the PBS Frontline special, Blackout [pbs.org].
Basically, think "Iran Contra arms-for-hostages" scandal, o
Ken Lay's fingers (Score:1)
Eeeiwue. Could have done without that image.
Ah, well, they could have been bunk-mates in the woods, I guess:
http://en.wikipedia.org/wiki/Bohemian_Grove [wikipedia.org]
Re: (Score:1)
Re:What about all those at Enron? (Score:1)
Note to self: when responding to someone, be sure to quote them. That way, if the parent is modded down to -1, you don't look like a moron.
You got to be kidding (Score:2)
A good conman would make the victims feel bad if he was arrested.
What? (Score:5, Interesting)
Re:What? (Score:5, Insightful)
Re:What? (Score:5, Funny)
Me: "Hey, what's your password? No wait, I'll just reset your password and you can change it when the computer restarts."
Teacher: "NO! I don't want to make a new password. I just want them all to be the same so I don't have to remember two or three. My password is 'steak'."
Me: *Sigh* "Okay..."
Re:What? (Score:2)
Offhand I'd say I have a dozen different passwords (just for work), all of these have to be changed regularly but on different cycles, most of them are required to be non-repeating for at least eight changes and be at least 8 characters long.
To say it's a p
Re:What? (Score:1, Flamebait)
1. You use windows.
2. You don't use two-factor authentication.
For two reasons alone you're just a paranoid twat who couldn't draw a threat model to save oneself.
Tom
Re:What? (Score:2)
And I can't resist pointing out that I use windows *for work* because that's what I'm required to use, not because it's necessarily what I would chose myself.
Re:What? (Score:2)
Tom
Re:What? (Score:2)
PS. on second thoughts I don't object to being called paranoid - you may have been right on all three counts.
Re:What? (Score:2)
It's not paranoia if people are really out to get access to your resources.
Your particular machine don't actually have to have valuable information to be worth breaking into. The meta-data in your documents, your machine's access to other more valuable machines, and of course its use as a zombie ... makes us all valuable targets!
At last, someone really values each and every one of us: the criminals!
Re:hack to remember (Score:2)
First, I pick something. For the sake of the argument, I'll say it's 'car'. A obscure, specific piece of said car, say 'hogring'. That's the root of my passwords. (note: in reality, my root word is more obscure and does not appear in any dictionary.)
Due to password constraints, I'm required to have a capital letter, a numeric, and a symbol, with no characters repeating in a row.
Next, I put the referral, 'car' in
Re:What? (Score:3, Insightful)
His problem isn't that he's using Windows or is too stupid to understand what two-factor authentication means. His problem is that people like you have devised security policies that REQUIRE unmemorizable passwords.
Re:What? (Score:2)
At least if you keep the swipe card and your other factor isolated (e.g. on in your pocket the other in your bag or whatever) a compromise of one is not of both...
Swipe cards are also easy to reprogram and r
Re:What? (Score:2)
Re:What? (Score:1)
The most reasonable two-factor authentication that I know of is a single, unique password for your smart card, which maybe changes occasionally and maybe doesn't. The smart card then does all the authentication to the server. If the card is designed properly, nobody can get the private key off it by hacking your computer (they need physical access to the card, and a well-equipped electronics lab), and if they steal the card but don't have the lab, t
Re:What? (Score:2)
Re:What? (Score:2)
Re:What? (Score:2, Informative)
I've found that without some systematic method it's impossible to make this work, as a result of using a system I know that my passwords are relatively weak but what would you do?
Install KeePass [sourceforge.net].
Re:What? (Score:2)
Grab.
Re:Things change (Score:1, Offtopic)
Ultimate Fighting is more popular and more relevant than boxing.
Re:Selective prejudice... (Score:1)
Re:Selective prejudice... (Score:1)
a) This is another non-story. So long as the majority of people are "dumb", social engineering will remain a part of our lives.
b) I was trying to find an interesting convo (and failed)
c) I've known a few scum bags in this world, and oddly, in my experience, the bigger the scum bag, the more attractive they are. I find the stereotype of "hunchbacked hackers in dark rooms" just insulting and absurd. Just as insulting as the other two options (I'm not black, but a Jew, but either way its irrelevant.) Preju
Re:Selective prejudice... (Score:1, Offtopic)
Well, are you trying to assert that there aren't thousands of Jews who are good with money, or thousands of blacks who eat chicken? The point about fighting prejudice is that you shouldn't judge everyone by a sub-group. Even if all maffiosi are Italian it doesn't mean that all, or a majority of, Italians are maffiosi.
Re:Selective prejudice... (Score:2)
PLS REPLY TO MY PRAVATE BOX suleman775@mailsurf.com
I am Suleman , Bank Manager of Zenith Bank, Lagos, Nigeria. I have urgent and very confidential business proposition for you.
On June 6, 1997, a Foreign Oil consultant/contractor with the Nigerian National Petroleum Corporation, Mr. Barry Kelly made a numbered time (Fixed) Deposit for twelve calendar months, valued at US$26,500,000.00, (Twenty-six Million,five hundred thousand Dollars) in my branch.
Upon maturity, I sent a routine notification to his forw
But were you hunched? (Score:1)
By the way, is my money still good if it went through the wash?
He's misreading things, I believe (Score:5, Interesting)
Nor was Abagnale non-technical. One of his scames was so beautiful that you wish you could admire it, and it was based on manipulating the magnetic ink on a check to put the check-processing infrastructure into an infinite loop [snopes.com]. Talk about "float", especially since there was never anything behind the check in the first place. He'd withdraw the money after his victim bank decided "well, hasn't bounced yet, must be good".
Re:He's misreading things, I believe (Score:3, Insightful)
Right, it's still basically social engineering, but the real key (not mentioned in TFA) is that not only are tricks like phishing easy and practically anonymous, but the pool of victims is so much larger. I'll bet a single mass spam yields hundreds of valid accounts. It's then just a matter of logging in to all of them (hell, you can script that too!) and drain the easiest biggest targets.
Old scams are definitely still alive... (Score:5, Insightful)
Just ask James Randi [randi.org] - he's been keeping track of dubious scams and claims for decades. Just read through a few of his newsletters if you ever want to be amazed at the things people will pretend they can do for money, power, or just plain delusion.
In my oppinion, healthy skepticism is something that should be taught to every school child as part of a minimal education. Knowing how to be properly, rationally skeptical is a very important skill - being either unskeptical, or holding irrational skepticism based on what you want to feel is as much a disability as not being able to read or do math. The scientific method helps if it is introduced comprehensively - but there's a LOT of scientists with doctorates that will be fooled by some of the simplest scams, then convince themselves they couldn't be fooled. Healthy skepticism is both knowing that you can be wrong, but you being wrong doesn't make someone else's extrordinary claims correct, even if it's an innocent mistake for all involved.
Especially disturbing are the constant resurgance of medical scams. People willing to try anything can be put through real hell by people willing to offer them an option that no one else will provide. The family of the dead rarely know to put any blame on a false cure, and the living often mistakenly promote as a miracle whatever was offered, so these scams can erupt almost anywhere. Add in scam artists using religion, blaming the dying for their own failed cure, and the unfounded skepticism of scientific medicine, and you can see how nasty these situations can be.
Ryan Fenton
Re:Old scams are definitely still alive... (Score:5, Insightful)
Re:Old scams are definitely still alive... (Score:2, Interesting)
2. WMD in Iraq
3. WMD in Iran
4. No WMD in Israel
5. "We're at war with terrorists" so it's ok to suspend your rights to make you safe.
Nuff said.
Tom [-- hates seeing neighbouring country being destroyed by lunatic security policies]
Re:Old scams are definitely still alive... (Score:2)
Re:Old scams are definitely still alive... (Score:1, Flamebait)
Since it's obvious that too many people here are too fucking stupid to use their brain I'll spell it out for the mouth breathers here! One, just because it's on tape doesn't mean it's true; misinformation is a valuable tool. And two, you have to be a se
Re:Old scams are definitely still alive... (Score:2)
Re:Old scams are definitely still alive... (Score:2)
Too bad it doesn't provide food for everyone. I suppose you think communism is great except for the tens of millions of people who starved to death.
Re:Old scams are definitely still alive... (Score:1)
You mean when Bushie says he's not really mining and trolling the personal data of millions of innocent Americans - he's really full of Texas beans????
[My wet dream: the indictments of Rove...Cheney...and Bush.]
Re:Old scams are definitely still alive... (Score:5, Insightful)
Making a school class out of skepticism could be a delicate job. Designing a test that could be fairly applied to students without unfairly targetting subjects that are precious to people could be (politically) difficult. Still, it's a task well worth doing.
The ability to weigh skepticism rationally, to be able to accept not knowing things can be very tough skills to master. But I think most people would agree we'd be a lot better off if the basics of skepticism were a bigger part of public consideration.
The danger of such a class would be that it were poorly presented, most students end up concluding that they should just be skeptical about what they like to feel is wrong. That's how a scam artist uses the common sense ideas of skepticism. It's also how we fool ourselves into believing things we wanted to believe for irrational reasons. Other students may feel that they are being lead into mental paralysis by these endless considerations, and conclude effectively the same thing.
Still, I think such a class would be worth the potential for such mistakes. Even if all it does is make the "you're being skeptical" line in a discussion less of an insult and more of a legitimate consideration of unfair bias for people, it would be worth it.
Ryan Fenton
Re:Old scams are definitely still alive... (Score:1)
Re:Old scams are definitely still alive... (Score:5, Funny)
Wait a moment...
Re:Old scams are definitely still alive... (Score:5, Funny)
Perhaps a guy asked her to perform artifical resuscitation on his penis?
Re:Old scams are definitely still alive... (Score:2)
Re:Old scams are definitely still alive... (Score:3, Insightful)
I don't know how well it compares, but I once made an american girl believe that us the french people don't need to take showers because we spend much time under the rain. And yes she totally believed that.
But there's worse, just a few years ago I used to believe anything I was told without thinking twice about it, all of this just because of how I had been raised into believing the most
Re: (Score:2)
Teaching Skepticism (Score:3, Funny)
"Carter is President of the United States? What? What is a "Skylab? How is the Cold War going?"
Re:Old scams are definitely still alive... (Score:1)
Re:Old scams are definitely still alive... (Score:2)
I think that 50% of Americans beleive that 'little green men' exist, in France when we get hired we are usually tested with a 'graphological analysis' which is as much scientific as atrology, etc.
But it gets really interesting when you think about religions: having blind faith in unprovable stories.. Religions are really the total opposite of scepticisms.
Re:Old scams are definitely still alive... (Score:1, Flamebait)
I have family who seem permenantly stuck with the following untruths:
* that Bush is a wise, capable leader maligned by liberal haters of freedom
* that Microsoft is an innovator, maligned by competitors for its success
* that God personally blesses them, and bad things only happen to sinners
* that we orginate from a twinkle in god's eye, despite insurmountable evidence for evolution
* that they are successfully due
Re:Was it cheque fraud, are the greatest all caugh (Score:2)
Re:Was it cheque fraud, are the greatest all caugh (Score:2, Funny)
Re:Without insult; Explaining on matters of Commer (Score:1)
Perhaps this link is relevent? (Score:2, Interesting)
It came up in the BPL discussion yesterday...
Re:Perhaps this link is relevent? (Score:2)
> But Media Fusion's Stewart says Nortel and others made the early mistake of
trying to replicate telephone systems, which use radio waves to transmit
information through copper wires.
This is, of course, utter, utter nonsense. Telephony and its older ancestor, telegraphy, are not radio waves, they're low frequency electrical currents. They're carried by sets of
Slashdot admin message (Score:5, Funny)
Re:Slashdot admin message (Score:2, Funny)
Goodness gracious
Countermeasures (Score:1)
What disgusts me (Score:2)
The Story of Frank Abagnale (Score:1)
Frank's story is incredibly interesting and entertaining. Theres no way he would get away with some of his daring escapes today, such as posing as the fbi official when he was completely surrounded. Goes to show how much people have learned from this sort of activity, which is probably more of a contributing factor than technology. Any new form of payment or communication introduces new flaws which for a time only the cleve
A good account of the modern (Nigerian) scam (Score:2)
Principle of Least Privilege Whitepaper (Score:2)