The Art of Deception_ Controlling the Human Element of Security - Kevin D. Mitnick [60]
Mary H’s Phone Call
Date/Time: Monday, November 23, 7:49 A.M.
Place: Mauersby & Storch Accounting, New York
To most people, accounting work is number crunching and bean counting, generally viewed as being about as enjoyable as having a root canal. Fortunately, not everyone sees the work that way. Mary Harris, for example, found her work as a senior accountant absorbing, part of the reason she was one of the most dedicated accounting employees at her firm.
On this particular Monday, Mary arrived early to get a head start on what she expected to be a long day, and was surprised to find her phone ringing. She picked it up and gave her name.
“Hi, this is Peter Sheppard. I’m with Arbuckle Support, the company that does tech support for your firm. We logged a couple of complaints over the weekend from people having problems with the computers there. I thought I could troubleshoot before everybody comes into work this morning. Are you having any problems with your computer or connecting to the network?”
She told him she didn’t know yet. She turned her computer on and while it was booting, he explained what he wanted to do.
“I’d like to run a couple of tests with you,” he said. “I’m able to see on my screen the keystrokes you type, and I want to make sure they’re going across the network correctly. So every time you type a stroke, I want you to tell me what it is, and I’ll see if the same letter or number is appearing here. Okay?”
With nightmare visions of her computer not working and a frustrating day of not being able to get any work done, she was more than happy to have this man help her. After a few moments, she told him, “I have the login screen, and I’m going to type in my ID. I’m typing it now—M ... A ... R ... Y ... D.”
“Great so far,” he said. “I’m seeing that here. Now, go ahead and type your password but don’t tell me what it is. You should never tell anybody your password, not even tech support. I’ll just see asterisks here—your password is protected so I can’t see it.” None of this was true, but it made sense to Mary. And then he said, “Let me know once your computer has started up.”
When she said it was running, he had her open two of her applications, and she reported that they launched “just fine.”
Mary was relieved to see that everything seemed to be working normally. Peter said, “I’m glad I could make sure you’ll be able to use your computer okay. And listen,” he went on, “we just installed an update that allows people to change their passwords. Would you be willing to take a couple of minutes with me so I can see if we got it working right?
She was grateful for the help he had given her and readily agreed. Peter talked her through the steps of launching the application that allows a user to change passwords, a standard element of the Windows 2000 operating system. “Go ahead and enter your password,” he told her. “But remember not to say it out loud.”
When she had done that, Peter said, “Just for this quick test, when it asks for your new password, enter ‘test 123.’ Then type it again in the Verification box, and click Enter.”
He walked her through the process of disconnecting from the server. He had her wait a couple of minutes, then connect again, this time trying to log on with her new password. It worked like a charm, Peter seemed very pleased, and talked her through changing back to her original password or choosing a new one—once more cautioning her about not saying the password out loud.
“Well, Mary,” Peter told her. “We didn’t find any trouble, and that’s great. Listen, if any problems do come up, just call us over here at Arbuckle. I’m usually on special projects but anybody here who answers can help you.” She thanked him and they said good-bye.
Peter’s Story
The word had gotten around about Peter—a number of the people in his community