• Choose a category
• All
• Classic-Fiction

mitnick message

The truth of the matter is that no one is immune to being duped by a good social engineer. Because of the pace of normal life, we don’t always take the time for thoughtful decisions, even on matters that are important to us. Complicated situations, lack of time, emotional state, or mental fatigue can easily distract us. So we take a mental shortcut, making our decisions without analyzing the information carefully and completely, a mental process known as automatic responding. This is even true for federal, state, and local law enforcement officials. We’re all human.

Obtaining a needed charge code was handled with a single phone call. Then Arturo played the sympathy card with the story about “a meeting with the Secret Service in fifteen minutes, I’ve been absent-minded and left the file at home.” She naturally felt sorry for him, and went out of her way to help.

Then by using not one but two copy stores, Arturo made himself extra safe when he went to pick up the fax. A variation on this that makes the fax even more difficult to trace: Instead of having the document sent to another copy store, the attacker can give what appears to be a fax number, but is really an address at a free Internet service that will receive a fax for you and automatically forward it to your email address. That way it can be downloaded directly to the attacker’s computer, and he never has to show his face anyplace where someone might later be able to identify him. And the email address and electronic fax number can be abandoned as soon as the mission has been accomplished.

TURNING THE TABLES

A young man I’ll call Michael Parker was one of those people who figured out a bit late that the better-paying jobs mostly go to people with college degrees. He had a chance to attend a local college on a partial scholarship plus education loans, but it meant working nights and weekends to pay his rent, food, gas, and car insurance. Michael, who always liked to find shortcuts, thought maybe there was another way, one that paid off faster and with less effort. Because he had been learning about computers from the time he got to play with one at age ten and became fascinated with finding out how they worked, he decided to see if he could “create” his own accelerated bachelor’s degree in computer science.

Graduating—Without Honors

He Could have broken into the computer systems of the state university, found the record of someone who had graduated with a nice B+ or A-average, copied the record, put his own name on it, and added it to the records of that year’s graduating class. Thinking this through, feeling somehow uneasy about the idea, he realized there must be other records of a student having been on campus—tuition payment records, the housing office, and who knows what else. Creating just the record of courses and grades would leave too many loopholes.

Plotting further, feeling his way, it came to him that he could reach his goal by seeing if the school had a graduate with the same name as his, who had earned a computer science degree any time during an appropriate span of years. If so, he could just put down the other Michael Parker’s social security number on employment application forms; any company that checked the name and social security number with the university would be told that, yes, he did have the claimed degree. (It wouldn’t be obvious to most people but was obvious to him that he could put one social security number on the job application and then, if hired, put his own real number on the new-employee forms. Most companies would never think to check whether a new hire had used a different number earlier in the hiring process.)

Logging In to Trouble

How to find a Michael Parker in the university’s records? He went about it like this:

Going to the main library on the university campus, he sat down at a computer terminal, got up on the Internet, and accessed the university’s Web site. He then called the Registrar