11.15
I just stumbled upon Shoemoney’s post about Social Engineering. And it reminded me of my younger self — over 10 years ago — when I dropped out of high school…
Let me tell you a little story… When I was 16, I was a little different — picture young, scrawny kid with a mouth full of braces. Couldn’t get a date to save my life. (Ask about me.) Oh — and that didn’t bother me. I was busy trying to make money. Girls not on the radar.
I figured out how to hack into computers, ways to infiltrate organizations, and the easiest way is almost always social engineering — you know, talking your way in. I dropped out of high school on the basis that I could make money hacking full time…
My first target was a large hospital. (Think of the medical records… like knowing which celebritys have herpes and shit.)
- First – I forged a resume. This was pre-Monster.com era, but just go on a job site and download somebody else’s resume that would be qualified for the position. And edit it to suit your needs.
- Second – Applied for an entry level job at the organization. Good enough resume, and you’ll get a call back.
- Third – Interview your interviewer. (Uhmm… this should be a general rule.) But yeah, if you stop simply answering the questions. And have a normal conversation with your interviewer. You can lead your interviewer to disclose all sorts of interesting insider information!
At this point, I had learned enough information to begin my attack… I called up a small affiliate drug laboratory, and IMPERSONATED my interviewer. Telling the resident Doctor I was about to send a young computer repair guy out to his drug test lab.
I dressed up in a shirt and tie, put pens in my pocket, carried a clipboard, and some nerdy computer books. Drove out to the lab and introduced myself to the Doctor. He had been expecting me, and gave me full access to his computer.
His computer was networked with the hospitals main database. And about 30 mins later, I had full access to everything…
A week later, I sent over a full proposal disclosing several vulnerabilities in their system. And offered my consulting services to fix it for them!
Looking back — this was probably straight extortion. (And now hackers can even get prosecuted as terrorists… fuck that shit) I’m grateful I survived my teen years… and the social engineering skills have benefited me for years on end…
Heheh Great story!