YOU: "Enter... Okay.
JACK: 'Now type 'TEMP'spacebar 'PUPPY."'
YOU: "Okay... Oh!"
JACK: "See?
YOU: "Thank you, lack - I don't know what went wrong before!'
Now I want to run through this conversation again, this time pointing out some of
the essential components of all successful social engi-neers.
PERSON ON OTHER END: "Hello; lack Chipper, Computing Department. "
YOU: "Hello, lack, this is Gary Harris from the Researching Department.
Notice here, how you begin your conversa-tion by mimicking the technician's words,
intro-ducing yourself in a way similar to the way the technician introduced him or
herself. This is done to make the person on the other end feel more comfortable
talking to you, and to show that you're not afraid to reveal who you are or what
business you do for the company.
If Jack had said he was from the Computer Room, then you would say you were
from the Research Room. Unless you have a company di-rectory as reference, you
won't know the exact names insiders use for each of the various seg-ments of the
corporation. Thus, it's usually a safe bet to talk like the insider in this case, the
technician. Even if you say "department" when you should have said "committee"
or "room," the fact that the technician used that term will make you sound, in his
ears, like an employee.
YOU: "Maybe you could help me with a problem?
This appeals to the technician's sense of computer godliness. Also piques his
curiosity as to what could be wrong with his system, or your use of his system.
Saying "maybe" will get the technician somewhat flustered - you should know
better than to question his ability to han-dle computers. He will then go overboard
to show you how smart he is. Knowledgeable users love to show off their
computing skills (I know I do, don't you?), especially technicians whose job it is to
help the multitude of non-experts get through the day.
Also, notice the mention of the word problem." Computer people love solving problems.
Mention in a vague way that there's a problem with his system, and he'll go
crazy: just open your ears and let the passwords roll right in!
YOU: "Well I'm thefirst one here...
Notice at the beginning I mentioned that the
time was 8:55 in the morning. It won't always be possible to call before the
workday begins, but it sure does help if you can. Doing so gives you a valid excuse
to call a technician for help; after all, if you're the first one there, there's nobody
else to ask. But technicians won't always be available before anyone else at the
office, so this won't always work.
Consequently, you may want to try making a phone call at the end of the workday.
Then you'll be able to say that the other people in the office shut off the computers
and went home be-fore you had a chance to finish your work.
YOU: "...and I can't seem to get things started up.
Will you talk me through it?
Now that he knows he's the superhero, you immediately identify the problem, while
still being vague enough to not alert suspicion if your assumptions about the login
procedures are wrong. After all, dialing into the company's computer system from
your house could look very different from actually being there, using it in person.
You're better off staying with general questions, and allowing the technician to
men-tally picture the specifics of your trouble. The will you talk me through it?"
request begs him to do something he does by rote every day.
Again, it is important to request that he do something specific (such as talk you
through the setup procedures) but not so specific that you blow your cover by
making yourself seem suspiciously knowledgeable. For example, if you had simply
said, "Can you help me?" he might want to walk over to your office to help you out.
Since you are not actually in an office, this will definitely tip him off to your deceit.
JACK: "Okay. Turn on the red switch on the floor. You see it there?"
YOU: "Yes, okay. I see it... Okay."
You have to pretend to be doing what the
technician asks you to do, because remember you're not actually in the office, and
perhaps the reason you are social engineering is because you don't even have a
dial-in number. It's good to have an actual computer next to you, so he or she can
hear the power being turned on and you clicking away at the keyboard.
JACK: "It'll take a few minutes for everything to boot up.
YOU: 'To what?"
JACK: "Uh, boot up. I mean, it'll take a minute or
twofor the computer to set itself, to get ready to use."
YOU: "Okay, it stopped.
"To what?" shows your complete helplessness when it comes to computers. You
don't want to pretend you've been living in a cave the last three decades, however.
Saying, "What's a keyboard?" will only provoke utter disbelief, not sympathy for
your naivet6.
Don't forget that the conversation has a plan to it - you're trying to steer the
conversation to your benefit, so make sure you stay in control of where it's heading.
"Okay, it stopped," reassures the technician that the computer is working fine, and
that his or her ability to give instructions over the phone has not faltered. But
above all, it keeps you on track so the conversation can con-tinue toward its
ultimate reward.
JACK: 'What do you see?'
YOU: "Just what you always see. It worked up to
herefine before, but after this, it didn't work. What do I do when it doesn't work
here?'
JACK: "What do you usually type?"
YOU: 'I don't know. This is my first day here. I'm
just a temp - they said someone would tell me!"
Boy! This guy isn't letting up! You can either
try for another generic answer ("Usually I type my password here..."), but what if
you guess wrong? What if at this point an office worker is placed at the DOS
prompt or Macintosh Desk-top? You see, it could be that dial-in lines are password
protected while in-house computers are not. In-house computers might be
protected by trust, physical keys, or biometric devices.
In this instance, you've used the "new per-son" ploy. It's usually a good bet to
pretend you're a new person, unless it's widely known that the company is actively
firing employees, or is ready to go bankrupt. Saying you're from a temporary
agency may or may not be a good idea. Temps will generally have a site contact or
local supervisor to whom they report and ask questions. The technician might not
know that, however, and in any case you can always say that your supervisor is in a
meeting and told you to call the computer department for advice.
JACK: 'Okay, press Enter.'
YOU: 'Enter... Okay.'
JACK: "Now type 'TEMP'spacebar 'PUPPY.
YOU: "Okay... Oh!"
JACK: "See?"
YOU: "Thank you, lack - I don't know what went wrong before!
The "Okay..." is said as if you've tried this same thing a million times, but it's never
worked. Thank the technician profusely for his help, and reassure him that you are
a genuinely naive but responsible member of the company (in this case, by saying
you don't understand what went wrong before).
I based this sample script on hundreds of real-life conversations that technicians
have with legitimate users who have the similar problems. I can recall dozens of
times when I personally have been asked how to do some-thing that the user has'
already done before, without getting it to work. Usually all it takes is a run-through
and everything works fine. My experience has been that these calls usually end
with the person who has been helped grouchily saying, "But I tried that before! It
didn't work be-fore!" So make sure that you are nice to your technician - you may
be needing help from him or her again and it will certainly boost his or her ego to
know you appreciate the help you have received.
Here's another example of how a hacker can pretend to be helpless when it comes
to comput-ers, but still make off with vital information. When a new computer
system has been installed in an office, there will often be business cards or phone
numbers taped near the terminals which are used to contact someone from the
technical department of the company which supplied the computers, to deal with
bugs that haven't yet been worked out.
The business cards (or you may just find a phone number on a slip of paper) may
also be taped to a section of wall devoted to important
messages, or they may also be hidden someplace behind a clerk's desk or counter.
Crane your neck if you must to get the name and number off the card (or simply
ask the person, we don't al-ways have to do everything on the sly!).
Let's say you managed to get Frank Smith's number at Corny Computing while you
were doing some business at a branch of an insurance company. Call the number
and say, "Hi, this is Lauren from Booboo, Insurance. There was some weird stuff
going on with the computers and I had to shut them off, and now I'm stuck...... And
let them lead the way.
One time I saw such a business card taped to a public access terminal at a library.
I copied off the information, then called up, saying, "This is Jack [a guy named Jack
really worked at the li-brary] from Whoopie Library. I'm having trouble getting into
the circulation system from public access mode. The computer's behind the
counter, so I don't know what it was doing in PA mode to begin with, but..."
Hacker In Power
If appealing to a technician's sense of godli-ness won't work in your situation,
perhaps it's time to become a god. In a military setting, pre-tending to be a high
ranking officer can put fear into the hearts of any lowly receptionist. Just call up,
saying either that you are the general, or you're the general's personal secretary.
In either case, both of you are pissed off that your computer isn't starting up the
way it should. Demand to know why your account isn't being accepted as valid.
Don't whine or complain just make angry demands. You will get results.
In a corporate milieu, pretend to be the CEO or the president, or secretary of a CEO
or presi-dent, especially in organizations where it is well known that the leader is a
hothead. No one wants to get fired or demoted. The anger routine is useful
because the person who picks up will want to be rid of you as fast as possible, and
will do anything to get you off his or her back.
Presidents, leaders, military officers, CEOs and the like, don't have to be angry,
however. Just the mention that you are whoever you say you are will work wonders
for your credibility (who else would possibly dare to proclaim themselves General
So-And-So?). But if you act as a high-up without being angry, make sure you've
done your research beforehand and know what your name is.
This is a sample encounter:
PERSON ON OTHER END: "Good afternoo -
YOU: "THIS IS GENERAL FROBBS. I AM AP-PALLED BY THE CAVALIER WAY IN
WHICH THIS
PLACE IS BEING RUN! I WENT AWAY FOR TWO DAYS AND WHEN I
RETURN I FIND I HAVE
BEEN ERASED FROM THE COM-PUTER! WHO'S IN CHARGE OF THESE
COMPUTERS? I'M
APPALLED! I DEMAND YOU RESTORE MY ACCOUNT. I HAD MANY IMPORTANT
DOCUMENTS SAVED THERE!"
PERSON ON OTHER END: "Did you try typing 'GROUP.1,' 'SEC'? That still works.'
YOU: "THAT'S THE DAMNED GROUP CODES! I NEED MY OWN PERSONAL
ACCOUNT BACK! I
AM APPALLED!
PERSON ON OTHER END: 'I'm sorry, I can't help you with your own codes. Would
you like me to find
someone who can?
Notice in this example conversation you have managed to procure a
usemame/password combination which, while not too powerful, at least will gain
you access. Even if the person on the other end never does manage to find the
general's password, at least you've ended up with not just one, but several accesses
to the sys-tem. After all, if there's a GROUPA, there must be a GROUP-2, right?
Hacker As Helper
This type of role playing is like reverse social engineering without the sabotage (see
next chapter). Here you pretend that something has gone wrong with a place's
computers, and you are the technician who is calling to fix it.
Let's say you want to break into the computers at the mayor's office. You call up
his secre-tary, and you say something like this:
"Hello, this is Jake McConnel from Computers. We were wondering, have you been
having any problems with the computer system? "
Of course she's been having some sort of problem with it - there's always some
problem
with computers!
The secretary answers: 'Why yes! First this was happening, then blah blah blah...'
You say, "Yes! That's exactly it! That wasn't your fault - there's something wrong
with the computers, and we're having troublefixing it. When you first turn on the
computer, what do you type in to get it started? One of the other guys here was
screwing things around last night and we think that has something to do with it. "
The secretary will not be suspicious; after all, you've identified yourself. Even if
you hadn't, what harm could possibly come from telling someone a password over
the phone? You see, the secretary, or any other underpaid, over-worked, menial
user of the system, is a very weak link in the chain of security. The secretary
doesn't understand computers and doesn't want to. All she knows is something's
going wrong and you're going to fix it for her. This is a very effective ploy.
Peak Hours
Don't use the above mentioned sort of ploy around lunch time or early in the
morning. It'll be harder to work effectively. Let the ressures of the work day start
to pile up before you call.
If the system you're breaking into is a place you have access to, such as a library,
dentist's office, bank or school, you should do a little re-search and figure out when
the best time is to make your call.
At one of the libraries I belong to, the com-puter system has a "3 o'clock slow
down." At around 3 o'clock every afternoon, the computers suddenly slow down to
half their usual speed. This leads to various other computer problems and,
ultimately, very frustrated library workers. I don't know why the computers slow
down; maybe the system gets the most use at 3 o'clock, or maybe at that time
information is forced to travel through an alternate route to get from the library's
terminals to the mainframe located at a college on the other side of town. If I were
to try some social engineering on the library, I would do it during the 3 o'clock slow
down, when most problems occur.
I've noticed another thing: The library pa-trons who don't realize that there's
nothing wrong with computers (who don't know that they always slow down around
that time) call up the "computer roomit at the college and ask why their computers
are down. Don't you think it would be a pleasant surprise, if one day they got a call
from the "computer room" (i.e., me or you), asking if there's anything we could do
to help? Surely they'd be more than willing to tell you the logon procedures they
use, if only you'd speed up the system for them!
Computers tend to be at their slowest to-ward the middle to end of the day, when
the most people are on the network. Especially in university settings, this is true.
Frequently stu-dents and faculty will log on in the morning, then stay connected
throughout the day, regard-less of whether they're using the system. On the other
hand, some systems will actually getfaster as the day proceeds, so research is
always a must. For example, the Prodigy service is proud of the fact that toward
the end of the day and into the night, as usage increases, system speed also
increases. This is because data is stored on a dual-tier basis. There are the
mainframes situ-ated in Prodigy headquarters somewhere on the globe, and various
minicomputers scattered about the country. Users connect to the semi-local
minicomputers, called Local Site Con-trollers, and as they use the system, data is
cop-ied from the far away mainframes, to the local minis. By the end of the day,
most of the data a user would request to view will have already been transferred to
the closer computer, making for less waiting time.
It's good to be aware of pace trends in the places you intend to social engineer. If
you can find a noticeable difference in pace (like a 3 o'clock slow down) naturally
you will want to work your magic around that time. Good times don't have to just
be when the computer changes pace; if the workload, noise-level, number of
customers, or some other aggravating condition worsens during a particular time,
that is gener-ally a nice time to social engineer. To find these times, try to visit
your target's office at various times throughout the day. Find out when the office is
busiest. If it's something like a library or travel agency, go visit the building or
make some phone calls. Ask a question about some-thing, and if they seem to be
having trouble when they look it up in the computer, call back as the guy from the
computer department. Re-member, offices will be at their most hectic after being
closed one or two days, so Monday morning is always a good shot. Just make sure
they're not so busy that they don't have time to schmooze on the phone with you.
Social engineering will work with any com-puter system, of course, but you will
naturally find it a lot more difficult to fool a system ad-ministrator at the
community college, than a teenage bank teller. Social engineering has been
successfully used to gain access to corporate networks, schools, government
offices, and other systems. Social engineering is a powerful tool, but you have to
be a good actor to use it prop-erly.
Other Hints
If it's possible to research the place, do so be-forehand. Do as much as you can to
find out about busy hours and what kinds of problems they might experience with
the system. If it's a public place like a library, for example, then try to figure out
which people working there know nothing about computers. Try to get those people
on the phone. Also, make sure you identify yourself as so-and-so from the
computer de-partment (or computer division, or section; if the person answers the
phone, "Hello, registration office," then use the same terminology - com-puter
office). And when you do so, use a com-mon, everyday first name, and also a
familiar last. If you can't get the login information the first time, try again at a
different time, on a dif-ferent day. Don't speak to the same person, however.
A friend of mine, Bill, told me this story. One summer day he called up a mail order
place to
buy some electronics equipment. As the woman was taking his order, she casually
mentioned that she was doing everything by hand because the computers were
down. Bill asked if she knew why they were down. She said she didn't know, but
she was pissed about it because com-puters in other parts of the building were
working fine. Well, as soon as Bill got off the phone, he called back and hearing a
different operator on the line, proceeded to have this con-versation:
OPERATOR: 'Shark's Radio Supplies, Pam speak-ing. May I help you?"
BILL: "Yes but actually I called to help you. This is Bill Robinson, in the computer
department. Are
you still having problems with the computers?'
OPERATOR: 'We sure are!"
BILL: 'Oh, okay. What's the computer showing right now?"
OPERATOR: "Nothing, we have them all turned Off. "
BILL: "Oh I see. I thought you were having problems with it, but I guess you're in
the part of the
building where they're not working at all.
OPERATOR: "Yeah."
BILL: "Well, have you tried turning them on lately?
OPERATOR: "No - oh, are they back on again?
BILL: 'I think they might be. Now would be a good time to try."
OPERATOR: "Okay.... Nothing came on the screen.'
BILL: "Can you type in anything?'
OPERATOR: "Lemme see.... No.
BILL: "Sometimes, even if it doesn't look like the letters are going to the screen,
they still go there. Try typing in all the stuff you usually type in when you first turn
on the computer.
OPERATOR: "Okay.
The operator went on to give Bill all the in-formation he needed to know. When the
opera-tor was finished "logging on," Bill gave a re-signed sigh and said, "Oh well, it
was worth a shot. I'll go back and tinker around some more. Thanks anyway." Of
course, he still didn't have a phone number to call. He didn't even know if the
computer system was connected to outside lines - after all, this all happened on
account of a freak accident, his finding out about the downed computers. But now
he knew how to go about logging in to Shark Radio Supplies's com-puter system,
and he had made a friend on the inside. The login information was important in
case he did find a phone number, or if another hacker needed the information.
Having an in-side friend was important because now Bill could use her as a further
information source, if the need ever arose.
Sample Social Engineering Situations
It's easy to get yourself into awkward situ-ations, especially at the beginning of
your social engineering career. You will speak to reception-ists and other company
insiders who know the lingo, know policies and screen setups, and know how to
spot a fake. Whether intentional or not, you will be asked questions to which the
answers are not readily apparent, due to the fact you are an impostor. Here are
some samples" and possible solutions.
RECEPTIONIST: "You're Charles Green? But there is no Mr. Green in our
computing department. "
YOUR RESPONSE: 'I've just been here a few days- "
RECEPTIONIST: 'That's funny, I didn't see your picture hanging up on the New
Staff bulletin board. "
YOUR RESPONSE: 'Yes, I know. What's-her-name hasn't had a chance to take my
picture yet. Maybe
later today.
RECEPTIONIST: "What do you mean, 'What's-HER-name'? lack's the one who
takes staff pictures.
YOUR RESPONSE: "Oh yeah, Jack -right!"
RECEPTIONIST: "I won't be able to help you until I have your staff ID. What is
your employee ID num
ber, please?'
YOUR RESPONSE: "Oh, I don't have one. I'm just a temp. I'm filling in for
someone who went off to have a
baby.'
RECEPTIONIST: "Just read the number off your ID badge.
YOUR RESPONSE: "I didn't get my badge yet there was some mix-up or something.
My supervisor said
she would give it to me tomorrow, maybe. You know how it is, no
one knows what
they're doing, and all that..."
RECEPTIONIST: "Who's your boss/supervisor/manager?
YOUR RESPONSE: "M______,Do you know any-thing about him1her? "
(You should've done your research, so you should know the answer to this sort of
question. If you don't know and it's a large company, or a large building, you can
try either answering with a false but common name, or try the old, "Uhm....
Something with an 'S' - Schindler? Schindling? Schiffer? Schifrin?")
Here's a different situation:
RECEPTIONIST: "But I don't have a computer!"
YOUR RESPONSE: 'I'm sorry. I must've dialed wrong. Is M- available? '
(M_______,is the name of the receptionist's boss.)
If you can manage to work in some company news or personal tidbits in an
unobtrusive way, then do
so- if the person you're speaking to seems friendly. This is just another way of
gaining credibility points.
YOU: "Sorry, I didn't hear that last thing you said. It's really loud here with that
construction they're
doing next door."
YOU:"By the way, does M have a kid in the Little League? My son has a friend
named
Note that for maximum benefit, credibility questions, should be worked in before
asking about login procedures.
Miscellaneous Social Engineering Tips
To improve your chances of getting in with social engineering, here are some tips.
Notice how the person you speak to reacts to your questions. If you speak to a
receptionist or other worker on the bottom of the pay ladder, he or she may not
want to chit chat or fool around with computers if he or she's being monitored, or if
calls are being screened by the boss.
Go to some public place where they have terminals hooked up, and look at the wall
where the terminal is connected to the phone box. Write down the four digits that
appear on the box (these are the last four digits of the phone line that the terminal
is hooked to). Guess the first three digits of the number by looking at a directory
for the "public place" in question. Call a couple times at different times of day to
make sure the line is always busy. Keep some of these "leased line" phone
numbers handy when you social engineer to give to people who want to call you
back. This is especially true of sysops who suspect you're a hacker and want to see
if you're brave enough to give them personal identification information about
yourself. This is better than just making up a phone number out of thin air,
because if they do call up, the busy signal will at least create some reassurance in
their mind that you weren't a complete fake.
Just giving them a number will usually relax them enough so they feel you are one
to be trusted.
Confront people in a lighthearted way when they give you a password. Say, "Are
you sure that's really the one you use?" Secretaries may have two passwords. One
is their own, which grants them access to a low-level group account. The other is
their boss's password, a higher level one that they know about because, frankly,
sec-retaries know everything about an organization.
Challenging someone in a non-accusatory way about the password you are given
may also cause them to fess up if they had indeed given you an invalid password to
get you off their backs. Second guessing them shows that you al-ready knew the
correct password, and that you caught them in a lie.
If they are bewildered when you ask for a higher password, just say, "Didn't they
upgrade your access yet? They just bought this whole new system that's supposed
to work fifty times faster and everyone's saying how wonderful it is...... Then
quickly change the subject.
Have a background tape playing with office sounds or whatever is appropriate for
the num-ber you call. Before using this tape, try to take a tour of the company and
listen to the real sounds made during the work day. Also, play the tape for a friend
over the telephone, and similarly have a friend play the tape while you listen over
the phone - trying to adjust the tape to a realistic sound level. Remember that if
you're the "first one in the office" as with our naive user example, you don't want
the tape to include background chatter or typing!
When you're talking to people, even if it's just over the telephone, keep a smile on
your face and act in a jovial, friendly manner. Pretend you're that person's best
friend. If the person picks up the phone with a, "Hello, General Widgit Corporation,
Lulu speaking," you re-spond with, "Hi Lulu! This is..." and go on with your spiel.
Now Lulu doesn't know if you two have met before, and as you continue with your
friendly attitude, she will begin to treat you more like a friend. Try looking through
some books on voice marketing, telephone selling, etc., to get more ideas.
The way in which your phone call is re-ceived can also affect your credibility. Often
a company telephone will make a different sort of ring, depending on whether the
caller is on an inside or outside line. Since you are pretending to be an inside
caller, you will want your tele-phone ring to reflect that. To fix that, call a wrong
office or department in the company, and have them transfer you to the number
you're after. For instance:
PERSON ON OTHER END: "Advertising. May I help you?"
YOU:"I'm sorry, I guess I dialed wrong. Would you mind transferring me to
extension 4358?
Now you'll get that in-house ring, and with it, an air of authority (and maybe even a
special inside caller light will flash on the telephone, too).
Another way to get that desirable inside caller ring/light is to dial, not the listed
number, but one next to it. Any organization with more than one phone line almost
certainly owns a block of phone numbers. So if the listed number to call is 1234567,
try calling 123-4568, or some-thing a few digits higher or lower. Your call
will usually go through, and it will take on the clout of having been placed by
someone who is ap-parently a company insider - anyone else would have dialed the
listed number.
Another thing to consider is if you're trying to reach a higher-up in the corporation,
you may only end up contacting secretaries, receptionists and/or other underlings.
A good trick is to call an office of higher or similar prestige as your goal office, and
let the secretary transfer you over. For example, suppose I want to try social
engineering Mr. Palooka - a middle manager who runs the shoe division. But I can't
get through to speak with him personally. What I do is, I call up Mrs. Colt, who is
either a same-level, or higher-level manager, and I ask her secretary to connect me
with Colt person-ally. Colt's secretary asks what I wish to speak to Colt in
reference to, and I say, "Shoes!" But Mrs. Colt handles only the rubber band
accounts, not shoes. So Colt's secretary says, "Well, you'll have
to speak to Mr. Palooka about that one; would you like me to connect you?" She will
then trans-fer your call to Mr. Palooka's secretary. Pa-looka's secretary comes on
the line, and you say to her, "Hello. This is so-and-so. Mrs. Colt's of-fice suggested
I speak with Mr. Palooka about shoes." Here you have a recommendation from
another company member! You're now much more likely to get in to bullshit Mr.
Palooka. Happy engineering!
Other Roles
Social engineering in its most important sense refers to the obtaining of personal or
group passwords by making up a story about yourself and role playing it, hoping
that who-ever you end up speaking to will play along. But the goal of social
engineering doesn't just have to be passwords. And the method of engineering
doesn't just have to be over the telephone. Con-versations may take place in
person or through the mail. The first requires strong nerves and greater acting
ability. The second is more suited to those who find it difficult to ad lib telephone
SE conversations.
In-Person Engineering
Any instance of impersonation is a form of social engineering. The impersonation
may be of an individual person (the president of a com-pany who demands to know
why his password isn't working) or of a generic person Gill Tech-rucian, calling to
ask if any computer problems have come up). The telephone is normally used
because it enables a hacker to reach distant businesses without travel, as well as
creating a defensive barrier between the hacker and the people he or she calls. If
the conversation starts to go sour, a telephone can be hung up; if a face-to-face
talk gets out of hand, it could be dif-ficult to get out of the building.
A good rule of thumb when doing in-person social engineering is to always wear a
suit - a good suit, one that fits properly. Make yourself look like you just stepped
out of a fashion magazine. At the very least, wear a shirt and tie. Females, wear
suitable business attire
Many kinds of SE that work over the phone, won't work in person. You can't
pretend to have an office, or pretend to have a computer termi-nal. Because of this
the information you get from bullshitting in person may be minimal or only
peripheral. You will probably end up with more background material than
immediately useful information.
Pretending to be interested in wanting a job at the firm, or going on a tour of the
place, or simply squeezing in and wandering around on your own, provide lots of
good data on how employees interact among themselves. Hackers and crackers
have also impersonated mainte-nance workers, painters, and other workers to get
inside a company. Being a security guard is also a nice ruse.
The prototypical in-person social engineer is the survey taker. You make up a
survey, and stand in the lobby of the building with a pen and clipboard, and get
people passing by to fill one out for you. The survey asks for name, spouse's name,
hobbies, pets and pets' names, and similar info. Then you go home and try all that
stuff as passwords. You might want to say there's some prize involved. For
example, that completely filled out forms will be entered in a raffle; winners get
tickets to a local show, or a free meal at a nearby restaurant. (Hint: Don't ask
people to fill out surveys in the morning when they're late getting to work.)
Written Engineering
Social engineering may be done through the mail or through other forms of written
contact with users of a system. For example, the survey method can be altered
such that the human ele-ment is eliminated. If you don't want to wait around in a
lobby all day, just leave out stacks of the forms with either a drop-box or an
address to mail them to. Expect minimal response.
Other written ruses take the form of adver-tisements. Put up a notice in a
computer room, saying that paid volunteers are needed for a special project.
"Become a System Manager' Great Experience!" Have interested folks mail you a
post card with their name, address, de-sired password, and possibly the machines
they
currently have access to on the net. While mak-ing the ads you'll say to yourself,
"Sheesh! This is so obvious!" But you won't believe how many people fall for it.
Have them address the post-cards to something like "X University, Computer
Science Department, Roger Hamm's Office" fol-lowed by your address. If your
address is thirty miles away from the university, forget about it.
Two Manhattan hackers tried this stunt. They noticed there was a blank space at
the bot-tom of a particular magazine advertisement for one of the popular pay-forplay
information sys-tems. They went to local area libraries and bor-rowed all
magazines they could find that had this ad in it. Using a "sideways printing" utility,
they fed the pages into their printer, which printed out, "Manhattan Area Residents,
Call [phone number] For Free Six Month Member-ship." Then they returned the
magazines to the library.
When people called them up, they would begin by playing a corny recorded
message: "Welcome to X-Net's Free Six Month Member-ship Program! Listen to all
these great things you can do with X-Net ... !" When that was done, one of the
hackers would come on and ask the caller a few questions: "Where did you hear
about this program?" "Have you ever subscribed to X-Net in the past?" "What other
fee-based bulletin boards, or other computer networks do you belong to?" "When
you call up X-Net, what would you like your sign-in name to be?" "And your secret
password?" "Are you sure you're going to remember that password? Perhaps you'd
like to choose something else?"
In this way, they ended up with a dozen names, computers they visited, and one or
two passwords to try out. You won't get as big a response if you don't live in a big
city, but it's worth a shot. Advertising can also be done by slipping a printed card
into the magazine, or by advertising on BBSs.
A similar ruse is to advertise your phone number as a local call switcher, especially
in places where there isn't already a Telenet or Tymnet link. When users log on
they will see what appears to be the usual opening screen, but is in reality a
simulation which you programmed. From hacking, you should be familiar with
which networks have which addresses, so
your program can simulate appropriate login screens for each of them that a caller
might try. (Otherwise, respond with a message like, "Line is busy" or "Connection
can not be established." Look at actual call switchers, to see not only what
messages are displayed, but to get the timing down right.)
After "connecting" to a computer or network, the program continues its simulation,
collects the user's name and password, then aborts due to erratic line noise or some
other ghastly prob-lem. If the user tries calling back immediately, a message can
be put up that warns certain transmission routes are undergoing mainte-nance, or
similar baloney.
Request For Information
And now, back to some pure social engineer-ing through the mails...
Scan all the computer mags and journals fu-riously, even the bad ones, for
warnings about product failures and security loopholes. Journal-istic morality
generally prevents dangerous se-crets from making their way to the mass media,
so the exact details of system security failings won't make it to print. You'll see
things like, "Four hackers were caught yesterday, after ex-ploiting a loophole in the
V software on the W machine at X Military Base." Or you'll see things like,
"Company Y has released a warning about its Component Z, which is supposed to
keep unauthorized users from penetrating a system......
What you do is, go print yourself up some official looking stationery, mail a
concerned let-ter to the folks at the company, and wait for their speedy reply. You
can try the annoyed approach:
Dear Mr. Abel Jones:
It has come to my attention that there are serious shortcomings in your product,
Component Z.
My business operates under the assumption that our data is secure because of
Component Z.
Seeing as how we have been misled for six years, I expect either: details on the
flaws which inhibit Component Z, or reimbursement for six years of twelve non-
functioning Component Zs, the cost of which amounts to $14,000.
I expect a quick reply.
Or the "Let's work together to make this world a better place to live in," approach:
Dear Mr. Abel Jones:
I was dismayed to read in Friday's edition of Computer Magazine that your
Component Z is defective.
My business uses twelve of these devices, and I would regret very much if we
experienced a data loss due to their not working.
Please send an explanation of the problem in the enclosed envelope, so that my
technicians may remedy the problem as soon as possible.
Thank you for your help.
Sincerely,
I'm divided as to whether or not you should mention specific threats in your letter
to the company or organization. On one hand, you don't want them to suspect your
letter is phony. But on the other hand, they're going to be receiv-ing many letters
similar to yours, most of which are legitimate. You shouldn't have any problem as
long as you type the letter on good quality paper, with either a real or imagined
letterhead on top. For added effect, type the address on the envelope, and instead
of stamping it, run it through a postage meter. You may also slip in a business card
of your own design; they are cheap to obtain.
If the company refuses to help you without proof of purchase, well then, you're on
your own. You can always try to social engineer the company technicians into
revealing the security flaws. There are also plenty of computer security
associations, organizations and other groups which will have the particulars of the
loophole.
You might also make an attempt to get the juicy details by calling the publication in
which you read about the security failing. Try to speak to the person who reported
the story. People at magazines and newspapers are surprisingly easy to reach on
the phone, but getting them to talk is a different matter!
Message From God
Dear User:
This is most embarrassing.
As the director of PinkyLink, America's largest on-line information service, I was
shocked to discover that a theft of several backup tapes took place over the July
6th weekend.
Contained on one of those tapes was, among other things, the personal security
data on a small percentage of our customers.
While your name was, luckily, not on that stolen tape, there is still some threat to
you. As of now we are uncertain whether any users with programmer-level
computer access were backed up on the stolen tape. Therefore, we request you fill
out this application and mail it back immediately in the postage paid envelope
provided.
Fill out the form and return it to us as soon as possible. Once received, we will
update you to this new, secure ID.
Thank you for your cooperation, and to offset any trouble this may cause you, we
will be subtracting 75% off your August bill.
Name
Address
Zip
Day Phone(_)
Night Phone(_)..-
Old (Invalid) Password
New (Updated) Password
PinkyLink, America's Largest On-Line Information Service, guarantees that the
above personal data will be inputted no later than September 1, 19--, (following
verification), and will be kept confidential before and after such time.
Please keep a copy of this for your records.
Imagine Joe User gets this letter in the mail. It looks authentic, having the logo
and letterhead of the service, and arriving in a metered, typed en-velope. But will
Joe believe that PinkyLink actu-ally sent this to him?
The whole situation is preposterous! Any real life computer service with a password
problem would require that all password updating occur on-line. It's simply the
cheapest and easiest way to update hundreds or thousands of pieces of user
information. Still, when Joe User looks at this letter, he will notice that he isn't in
immedi-ate danger as some other users of the system are; unlike those other poor
losers who got their passwords stolen, Joe doesn't have to be con-cerned that he'll
start getting huge bills in the mail from the criminal charging system usage to Joe's
account.
And what about that 75% deal at the bottom? That makes Joe twice as likely to
respond to the letter. Not only does he have a responsibility to himself to make his
account secure again, he has a responsibility to the database: if they were nice
enough to warn him of this and pay him for it, the least he can do is comply with
them. And the return envelope is postage paid!
Of course, PinkyLink probably has an on-line way for users to change their
password, but you don't have to mention that when you write a letter like this.
Remember, the style is more important than the wording of the letter. Before you
send out something like this, be sure to look at real examples of PinkyLink's
correspondence, to get an idea of the kind of paper and printing used, sizes of
fonts, coloring, etc.
You should expect high returns from this swindle, especially if the people you send
the letters to are absolute rookies. Later we'll talk more about how monitoring BBS
activity can pay off.
61
Trouble In Paradise?
Impersonating a huge corporation, or induc-ing people to mail you their passwords
under false pretenses, can get you into big trouble. The Post Office considers such
activity postal fraud, even if you're just doing it for laughs. These ideas are
provided to stimulate your imagina-tion - not to encourage you to do anything illegal.
Before you go and do something stupid, you might want to read Chapter
Fourteen.
When you social engineer there are many factors that inhibit the person you speak
with from giving out security data. Consider, when you social engineer someone,
that person
• may have been warned about security leaks
• may be knowledgeable about social engi-neering tactics
• can not verify your claimed identity
• might know you are not who you claim to be
• has no reason to assist you, and can give you wrong or misleading information
• can report your call to a security manager.
For all these reasons, a person you try to social engineer may not want to or may
not be able to tell you passwords and other information that you request.
Considering the above list, would you divulge confidential information to someone
asking you for it over the telephone?
That's the problem.
The solution?
See you in the next chapter!
62
Chapter Six
Reverse Social Engineering
Reverse social engineering, or simply reverse engineering (or the simpler RSE or
simplest RE) is a sometimes risky endeavor that varies in its effectiveness and in its
applicability. However, results from RSE are so strong - and often so humorous -
that it provides a flashy alternative to other methods of breaching system security.
You see, even though social engineering is an accepted and revered method of
finding out what you shouldn't know, it has its faults. No system is perfect, and
clearly the list of flaws from the previous chapter shows that there are deficiencies
in the usefulness of social engineering.
In many respects RSE is better than SE. However, reverse SE can only be used in
specific situations and after much preparation and research. In addition, the best
reverse engineering can only be done by more sophisticated (and mobile) hackers.
Don't expect this technique to be your bread and butter as you are first introduced
to the world of computer-criminal culture. Reverse social engineering in its most
consummate forms takes information you don't yet have, and skills you may not
have acquired. Here is a comparison
chart that shows some of the pros and cons of each form.
SOCIAL: You place call, are dependent upon them.
REVERSE: They place call, are dependent upon you.
SOCIAL: You feel indebted to them, or they believe and act as if you should be.
REVERSE: They appreciate your help and concern, will oblige you in the future if
ever you need
assistance.
SOCIAL: You need help from them.
REVERSE: They need help from you.
SOCIAL: Questions often remain unresolved to the victim.
REVERSE: All problems are corrected; no suspicious loose ends.
SOCIAL: You have less control.
REVERSE: You retain complete control of the direction and subject of conversation.
SOCIAL: Little or no preparation required.
REVERSE: Lots of pre-planning required; previous access to the site is needed.
SOCIAL: Can work anywhere.
REVERSE: Only can be used under certain circumstances.
Much of social engineering is based on the premise that you, an impostor, pretend
to have difficulties and need assistance from another computer operator to solve
your problems.
The reverse to this is that a legitimate system user has difficulties, and he or she
asks you the hacker for
assistance. In the process of assisting the user with his or her problem, the hacker
is able to (effortlessly) find out account names, passwords -the works.
An RSE attack consists of three parts:
• Sabotage
• Advertising
• Assisting
Sabotage is an initial brief contact with an on-site computer, during which the
hacker causes a malfunction of some kind that will need correcting.
Advertising is letting the user know you are available to answer computer-related
questions.
Assisting is the conversation in which you solve the user's problem, and the user
unknowingly solves yours.
Before I explain how this is accomplished and what good it does, you should
understand why it's better to have them call you than the other way around. Let's
step through that list of bad stuff about social engineering that was given
previously, this time demonstrating how reverse social engineering overcomes all
of those problems.
Overcoming Social Engineering
Drawbacks
May Have Been Warned About Security Leaks
Or May Know About SE Tactics
Trying to social engineer someone who knows about social engineering, especially
hip programmers and other hackers, won't get you anywhere. Even if the other
party doesn't know about "SEing" per se, he or she may take "Don't
reveal the password" warnings seriously enough to see through your bull. Social
engineering is based on the premise that the person you contact is naive. You can't
always guarantee that will happen.
In RSE, the legitimate user is calling you for advice. Consequently he or she
believes you are trustworthy, a member of the company or approved by the
company, and one who already knows passwords and protocols anyway. There is
no reason not to divulge this kind of data to you. In fact, it won't even be thought
of as "divulging" since the person you speak with will just matter-of-factly spill his
or her guts to you without hesitation.
it should be noted that reverse social en-gineering is not social engineering. It
takes a backwards approach to the problem of getting users to talk, and so it won't
be recognized by a person familiar with conventional hacker tricks. Furthermore,
even if the person is so sophisticated as to understand RSE, that person will
probably be so wrapped up in his or her own problem that he or she won't notice
what's going on. He or she needs your help to correct the problem; he or she
realizes that if he or she doesn't cooperate, you won't be able to assist.
Cannot Verify Your Claimed Identity Or Might
Know You Are Not Who You Say You Are
Social engineering suffers because to the person you call, you are an enigma -
someone they do not know personally. Besides, you never know if the person on
the other end of the line has been tipped off that you are lying about your identity -
using cues such as Caller ID, a distinctive in-house tele-phone ring, or a knowledge
of employees and protocol. In any case, magic passwords might not be readily
given to "mystery technicians" and "perplexed users" with modem troubles.
BUT in reverse SE, those who know the words of passage have no reason to suspect
you of deceit: you are the one they call for advice. You are the one who is going to
help them out of their misery. In fact, when they call you, you can legitimately
request that they identify who they are. It is a matter of security, after all.
Has No Reason To Assist You, Or Can Give You
Wrong/Misleading Information
What does the social engineered person care whether you are helped or not? I
know if I were a busy back-stabbing office worker or receptionist in the midst of a
hectic day, I would be furious if some idiot on the phone asked me to give up a few
moments of my time to tell him things he probably shouldn't know in the first place.
I would probably just tell the caller anything to get rid of him.
On the other hand, reverse social engineers know that the people they are speaking
with require their assistance. Even the grandest guru of power users will call you if
he thinks you will be able to quickly and simply pinpoint the problem and fix it,
rather than wasting his time trying to do so. That power user knows he will get the
solution when you reveal it to him so he can solve it himself the next time it occurs.
Might Report Your Call
To A Security Manager
The trained user will know immediately when you're trying social engineering. She
can then go off and tell others about your attempted pilfering of passwords. Those
"others" include co-workers, bosses, computer managers, the person you tried to
emulate, guards, or security officers. None of this will help you get in later on,
even if it doesn't immediately get you caught or hurt your chances of penetration.
Discovery is certainly not on your list of birthday wishes.
On the other hand, reverse SEing is sure to make you a friend on the inside. When
you help people overcome obstacles, they will happily spread the word of your
courteous, efficient manner of help to others - thus spawning more calls and more
passwords.
The preceding explanations were motivated by three goals. I want you to
comprehend the reasons why even such a powerful force as classic social
engineering will fail on occasion, and how reverse social engineering can eliminate
those failings. Yet my main concern is this: Social engineering can not remain as a
mainstay of the modem hacker's bag of tricks without word getting out to ordinary
computer users. Ordinary users are becoming increasingly aware of the need for
discretion when it comes to such intimate topics as passwords and computer
security. Ordinary users are reading more in the mainstream press about how we
hackers break into systems. They are attending computer security lectures given
by their companies, their community colleges, and their local law enforcement
branches. The systems them-selves contain warnings not to reveal anything to
anyone; their employers tell them that, their conscience tells them that. I - yes,
even I - tell them that some vile people are out there trying to rifle through their
computer files.
I doubt strongly there will ever come a time when all computer users know enough
not to blab. Perhaps in a few years, businesses will have output from their
telephones on a time delay, and have them hooked up to voice monitors. Then, if a
naughty word is spoken, it can be detected and eradicated before the electrons that
compose it leave the confines of the building's wiring.
Even if such a thing does become commonplace, or even if 95% of the com-puterusing
public decide not to be bullshitted any longer by social engineers, there will
still be those five percent, the hundreds of other new and old hacking methods, and
there will still be Reverse Social Engineering to get the hacker through his day.
Reverse Social Engineering
Sabotage Methods
The first step of RSEing is to disable the target computer or the user's ability to use
that computer. Generally this means you will be disabling a user's workstation,
terminal or computer so that he or she can not access the system properly. You
want to do something that is hard to detect yet easy to correct. Here is a list of five
general ideas, ranging in the amount of setup time and system familiarity required:
• Alter a parameter, the kind of parameter that novices don't know about or think
about. Examples: default
printer port, screen colors, macros, obscure printer codes, technical peripheral
settings.
• Set files to read-only, or rename them, or make them invisible in their directories.
Example: if
• WP.EXE is the word processor used, change the name to WP.$A$.
• Hardware tampering. Examples: switch a color monitor to monochrome mode;
reverse disk drives;
disconnect or loosen the keyboard, or unplug the computer or surge protector.
• Install memory-clogging TSR programs. User won't know why program fails to
run.
• Run a simulation program, such as an operating system simulation, which gives
lots of ugly error
messages.
WARNING!
Sabotage should not be permanently harmful to the user or the computer! Do NOT
delete files or directories: they may become unrecoverable. Do NOT install viruses:
they can easily get out of hand. Do NOT sabotage in a way such that the operating
system refuses to boot: they may not have a bootable DOS disk handy when they
call you later!
RSE Case Study:
The Translation Table
A hacker and phone phreak nicknamed Phlash -because of the speed with which
he'd managed a number of great hacks - was once almost resigned to the fact that
he couldn't get any information about the computers at a particular embassy.
"They were really tight-lipped," he told me. "I tried bull-shitting them, but they
wouldn't have any of it. And line connections were hard to establish. And once on,
they only gave you two chances before disconnecting you. So I needed some other
way of getting in."
From scavenging around in the trash bins he found evidence that at least one
computer there used a particular cheapo-brand modem. Since it was his only clue,
Phlash got some literature from the modem manufacturer, and found that all their
modems came with a home-brew terminal emulator, which featured, among other
technical details, the ability to define character translation tables for both incoming
and outgoing data.
Sometimes people want to be able to press a certain key on their keyboard, but
have it come out as a different key on the computer they're connected to. For
example, a lot of times editing keys such as Backspace don't work the way they
should when you connect to a different computer, because when you press
Backspace, the remote computer ignores it. To really send a Backspace to the
remote computer, you might have to type Control-Backspace.
If your terminal program allows it, you can set up a translation table to press
Control-Backspace for you. A translation table is a file that contains each key you
can type, and the character that is to be sent through the phone lines when you
type that key. If you had this Backspace problem, you would set up your table so
that any time you pressed Backspace, the computer would translate that to Control-
Backspace, and send that to the computer on the other end of the line.
Translation tables also work the other way. They take incoming data from the
remote computer, and translate the characters into other characters. If you want
to get rid of annoying linefeeds in a file, for instance, you can set up the table so
anytime it sees a Control-J, it translates it to a null, or to a tap of the spacebar.
Phlash realized that a translation table could be used to his advantage. He took a
copy of the terminal program and composed both an incoming and outgoing
translation table, both of which were made to jumble characters. If someone were
to connect with a computer using these translation tables, nothing they typed on
the keyboard would match its on-screen output. Any data they received would be
totally garbled gibberish.
He typed up a short INSTALL program and saved it to a floppy disk. His INSTALL
program looked in the directory for the already-installed terminal program, moved
any existing translation tables to the floppy disk, and copied his newfangled tables
over.
Phlash then printed up a convincing letter from the desk of "Technology Office,
Second Branch, Director" which said, To comply with new regulations governing
cryptography, and the exchange of corn-
munications between ourselves and others in any foreign nation, we ask that you
install this new, more secure version of communications software which includes
functions to ensure the confidentiality of all state matters.
He gave explicit instructions for the installation, then concluded with, "Any
questions or comments should be directed toward Sr. Benjamin Marcques, at
telephone number 9-212-WXY-WXYZ." And he mailed it to a top person at the
embassy.
Weeks later he got his phone call. "Actually, they had tried calling before but I had
been away," Phlash told me later. "That poor woman went almost a week without
being able to use her modem because I did that sneaky thing to her! When she
called me, I went through the whole engineering bit, asking her to try logging on
like she usually did. Of course it didn't work. I asked her if there was anyplace
else she usually called, and there was. So we tried that. Didn't work either.
Finally I decided it was in her best interest to try going through the reinstallation
again. Naturally that reversed the four translation tables, so everything was peachy
again. Of course now I also had all I needed to get into two important government
accounts!"
Phlash said that he was getting so caught up in his pretend role that he almost
forgot to get the passwords and phone numbers. During the course of "helping" the
embassy worker, he suggested that perhaps it was a problem with the phone line:
"Which phone number are you dialing in from?"
You would also want to ask if there were any alternate numbers to try.
Unlike typical reverse engineering, this particular case involved no physical entry of
the computer site. Normally, access is needed to set up a hardware or software
problem of some sort, and to set up advertising for your unique brand of assistance.
How to gain access is touched on elsewhere in this book.
Solving The Sabotage
When they call you, after going through the login procedure and finding the error
still there, you must tell the user what he or she can do to correct the problem.
This can be done by giving explicit instructions such as: "Type 'rename WP.$A$ to
WP.EXE...... But if it is a knowledgeable user who calls you, he or she will notice
something fishy going on.
So how to get around this obstacle? You have to give instructions which will soothe
the wary user. If the sabotage is software-related, put a software solution on disk.
For example, "Go into the word processor directory and type 'SETUP' and press
Return. Now try running the program again." In this case, SETUP was a file that
you put on the disk, which contained the renaming instruction, and also a command
to delete itself at the end of its run.
Hardware problems may be difficult to fix or explain over the phone, but then, most
RSE won't involve hardware anyway; if you had enough on-site time to physically
mess up their computer, you should have had enough time to glean the information
that you are trying to get.
RSE Advertising Methods
Here are five general advertising techniques that can be used to get them to call
you:
Switch notes. If you see a slip of paper taped to or nearby the computer, with the
phone number of the computing department, get rid of it and slip a note with your
own phone number in its place (or some number at which you can wait for a call
from them). Elite hackers will simply dial into their local telco computers and
change the number of a local pay phone to the listed computer help desk number.
Also look for business cards and Rolodex numbers to either hide or switch.
Post a public message. On a bulletin board (thumbtack style, not electronic!) put
up a huge, brightly colored, professional-looking sign that says something along
these lines:
Technical Helpline
COMPUTER PROBLEMS?
CALL US FREE AT
OUR NEW NUMBER:
(123) ABC-WXYZ
Technical Helpline
Be sure to put the name of the company you're hacking, and their address and logo
somewhere on the poster to make it look like it's endorsed by the company. Put
these signs up all over, or drop them as flyers on people's desks, especially in view
of the computers you sabotaged.
Social engineering. Call up the day before -or even a few hours before -the
sabotage and tell the person who answers about the computing department's new
phone number helpline (your number). Ask whoever answers to Put it in the
Rolodex, or to keep it otherwise close by and handy for whenever anyone needs it.
Ask if he or she is the only one who uses that terminal; if the answer is "no," tell
the person to make sure others know about the new number too.
Directory tailoring. Get a company's internal phone directory and add your number
to the list, either by crossing out the existing technical support line and writing in
your own, or by inserting a visible printed addendum to the book.
On-line advertising. When doing the initial sabotage, see if you can post a note on
the bulletin board (electronic this time!) concerning your computer helpline.
Alternately, have part of the sabotage program give out the phone number. For
example, rename WREXE, then create a simulated word processor which crashes to
the operating system after the first few keystrokes, leaving behind garbled
characters and colors, and this message:
<Beep!>
XERROR 3 ---Consult fdox 900.2a or call Jim at technical support @ (123) ABCWXYZ
In your advertisements, make sure the user realizes it is an outside line they are
calling (so they know to dial 9 or 2 or whatever to exit the company PBX). That is,
do that unless you have managed to appropriate an inside office or phone (by
sneaking into an office while someone's away on vacation, for example).
Trouble For Nothing?
Okay, granted the initial setup and planning and sabotage is an exciting, amusing
kind of thing to do. But is it worth the effort? Why not just stick with the easier
social engineering and not worry about the remote possibility that the guy on the
other end will be wise to you?
Well, first of all, that's foolish. Especially considering that many of the people and
places you will want to hack most will be very security-aware. You must, in many
circumstances, assume that they know what you're up to when you're bullshitting
them. And if they know what you're doing, you shouldn't be doing it.
Another factor, one related to both this and a remark I made earlier: when you
reverse engineer a situation, you create a friend on the inside. Once you start
hacking big-time you'll never know if somebody's on your tail unless you have an
inside connection. If you've proven yourself to some user by solving their
computing problem, you can then call back a short time after breaking in and ask
questions like, "Hi, remember me? I helped you with that problem... I was
wondering if you heard about anyone else having that problem, or any other weird
stuff going on with the system?" If they've heard about attempted break-ins or
system failures, you will be the first to know. You might want to tell them to call
you if they ever hear about "hackers" or whatever. This way if you are discovered
and, let's say a memo is distributed telling everyone to change their passwords
because a hacker is on the loose, your contact will innocently call and let you know
about it.
The continuing loyalty and assistance you will receive from the inside is well worth
the beginning trouble you may have in setting up the sabotage.
Share this on your favourite network