The Art of Deception_ Controlling the Human Element of Security - Kevin D. Mitnick [29]
“That doesn’t sound good. You think it might happen?”
“We hope not, but you’ll call if it does, right?”
“You better believe it.”
“Listen, sounds like having your network connection go down would be a problem for you ...”
“You bet it would.”
“... so while we’re working on this, let me give you my cell phone number. Then you can reach me directly if you need to.”
“That’d be great. Go ahead.”
“It’s 555 867 5309.”
“555 867 5309. Got it. Hey, thanks. What was your name again?”
“It’s Eddie. Listen, one other thing—I need to check which port your computer is connected to. Take a look on your computer and see if there’s a sticker somewhere that says something like ‘Port Number’.”
“Hang on.... No, don’t see anything like that.”
“Okay, then in the back of the computer, can you recognize the network cable.”
“Yeah.”
“Trace it back to where it’s plugged in. See if there’s a label on the jack it’s plugged into.”
“Hold on a second. Yeah, wait a minute—I have to squat down here so I can get close enough to read it. Okay—it says Port 6 dash 47.”
“Good—that’s what we had you down as, just making sure.”
The Second Call: The IT Guy
Two days later, a call came through to the same company’s Network Operations Center.
“Hi, this is Bob; I’m in Tom DeLay’s office in Bookkeeping. We’re trying to troubleshoot a cabling problem. I need you to disable Port 6-47.”
The IT guy said it would be done in just a few minutes, and to let them know when he was ready to have it enabled.
The Third Call: Getting Help from the Enemy
About an hour later, the guy who called himself Eddie Martin was shopping at Circuit City when his cell phone rang. He checked the caller ID, saw the call was from the shipbuilding company, and hurried to a quiet spot before answering.
“Help Desk, Eddie.”
“Oh, hey, Eddie. You’ve got an echo, where are you?”
“I‘m, uh, in a cabling closet. Who’s this?
“It’s Tom DeLay. Boy, am I glad I got ahold of you. Maybe you remember you called me the other day? My network connection just went down like you said it might, and I’m a little panicky here.”
“Yeah, we’ve got a bunch of people down right now. We should have it taken care of by the end of the day. That okay?”
“NO! Damn, I’ll get way behind if I’m down that long. What’s the best you can do for me?”
“How pressed are you?”
“I could do some other things for right now. Any chance you could take care of it in half an hour?”
“HALF AN HOUR! You don’t want much. Well, look, I’ll drop what I’m doing and see if I can tackle it for you.”
“Hey, I really appreciate that, Eddie.”
The Fourth Call: Gotcha!
Forty-five minutes later ...
“Tom? It’s Eddie. Go ahead and try your network connection.”
After a couple of moments:
“Oh, good, it’s working. That’s just great.”
“Good, glad I could take care of it for you.”
“Yeah, thanks a lot.”
“Listen, if you want to make sure your connection doesn’t go down again, there’s some software you oughta be running. Just take a couple of minutes.”
“Now’s not the best time.”
“I understand ... It could save us both big headaches the next time this network problem happens.”
“Well ... if it’s only a few minutes.”
“Here’s what you do ...”
Eddie then took Tom through the steps of downloading a small application from a Web site. After the program had downloaded, Eddie told Tom to double-click on it. He tried, but reported:
“It’s not working. It’s not doing anything.”
“Oh, what a pain. Something must be wrong with the program. Let’s just get rid of it, we can try again another time.” And he talked Tom through the steps of deleting the program so it couldn’t be recovered.
Total elapsed time, twelve minutes.
The Attacker’s Story
Bobby Wallace always thought it was laughable when he picked up a good assignment like this one and his client pussyfooted around the unasked