Ghost in the Wires_ My Adventures as the World's Most Wanted Hacker - Kevin Mitnick [95]
“I’m Ginette,” she might say. “I’ll be here until twelve-thirty.”
I’d wait till after 12:30, then call back again and ask for Ginette. When I was told she was out, I’d introduce myself and say I was from another of the bank’s branches. “Ginette called me earlier,” I’d explain, “and said she needed this customer information faxed to her. But I’ve got to go to a doctor’s appointment shortly. Can I just fax this over to you instead?”
The colleague would say that was no problem and give me the fax number.
“Great,” I’d say. “I’ll send it right over. Oh, but first… can you give me the code of the day?”
“But you called me!” the banker would exclaim.
“Well, yeah, I know, but Ginette called me first. And you know our policy requiring the code for the day before sending customer information…,” I’d bluff. If the person objected, I’d say I couldn’t send the information. And I’d continue with something like, “In fact, please let Ginette know I couldn’t send her what she needed because you wouldn’t verify the code. Also, please let her know that I’ll be out of the office until next week and we can discuss it when I get back.” That was usually enough to push the holdout over the edge, because no one would want to undermine a coworker’s request.
So then I’d say, “Okay, what’s code E?”
He’d give me code E, which I would file in my memory.
“Nope, that’s not it!” I’d tell him.
“What?”
“You said ‘6214’? That’s not right,” I’d insist.
“Yes, that’s code E!” the banker would say.
“No, I didn’t say ‘E,’ I said ‘B’!”
And then he’d give me code B.
I now had a 40 percent chance of getting the information I wanted anytime I called any branch of that bank for the rest of the day, since I knew two of the five codes. If I talked to someone who seemed to be a real pushover, I’d go for another one and see if he or she would go along. A few times I even managed to get three of the codes in a single call. (It helped, too, that the letters B, D, and E all sound sort of alike.)
If I called a bank and was asked for code A when I only had B and E, I’d just say, “Oh, listen, I’m not at my desk right now. Would you settle for B or E?”
These conversations were always so friendly that the bank employees would have no reason to doubt me, and because they didn’t want to seem unreasonable, they’d usually just agree. If not, I’d simply say I was going back to my desk to get code A. I’d call back later in the day, to talk to a different employee.
For Wernle, I tried this first on Bank of America. The ruse worked, but there was no customer with Joseph Wernle’s Social Security number. So how about Wells Fargo? A little easier: I didn’t need a code since Danny Yelin, one of the investigators at Teltec, had a friend named Greg who worked there. Because the phone lines were monitored, Danny and Greg had set up their own personal code, which they now shared with me.
I’d call Greg and chat with him about going to the ball game that weekend or whatever, then say something like, “If you want to join us, just call Kat, and she’ll get a ticket for you.”
“Kat” was the flag. It meant I wanted the code of the day. He’d answer, “Great. Is she still at 310 725-1866?”
“No,” I’d say, and give him a different number, just for the confusion factor.
The last four digits of the fake phone number he had given me was the code for the day.
Once I had the code, I’d phone a branch and say I was calling from branch number so-and-so: “We’re having some computer issues, it’s so slow I can’t get anything done. Can you look something up for me?”
“What’s the code of the day?”
For my Wernle search, I gave the code and said something like, “I need you to bring up a customer account.”
“What’s the account