The Art of Deception_ Controlling the Human Element of Security - Kevin D. Mitnick [65]
“What do you mean, ‘server’?” he was asked.
“What computer do you connect to when you need to look up student academic information?”
The answer, admin.rnu.edu, gave him the name of the computer where student records were stored. This was the first piece of the puzzle: He now knew his target machine.
lingo
DUMB TERMINAL A terminal that doesn’t contain its own microprocessor. Dumb terminals can only accept simple commands and display text characters and numbers.
He typed that URL into the computer and got no response—as expected, there was a firewall blocking access. So he ran a program to see if he could connect to any of the services running on that computer, and found an open port with a Telnet service running, which allows one computer to connect remotely to another computer and access it as if directly connected using a dumb terminal. All he would need to gain access would be the standard user ID and password.
He made another call to the registrar’s office, this time listening carefully to make sure he was talking to a different person. He got a lady, and again he claimed to be from the university’s Computer Center. They were installing a new production system for administrative records, he told her. As a favor, he’d like her to connect to the new system, still in test mode, to see if she could access student academic records okay. He gave her the IP address to connect to, and talked her through the process.
In fact, the IP address took her to the computer Michael was sitting at in the campus library. Using the same process described in Chapter 8, he had created a login simulator—a decoy sign-in screen—looking just like the one she was accustomed to seeing when going onto the system for student records. “It’s not working,” she told him. “It keeps saying ‘Login incorrect’.”
By now the login simulator had fed the keystrokes of her account name and password to Michael’s terminal; mission accomplished. He told her, “Oh, some of the accounts haven’t been brought over yet to this machine. Let me set up your account, and I’ll call you back.” Careful about tying up loose ends, as any proficient social engineer needs to be, he would make a point of phoning later to say that the test system wasn’t working right yet, and if it was okay with her, they’d call back to her or one of the other folks there when they had figured out what was causing the problem.
The Helpful Registrar
Now Michael knew what computer system he needed to access, and he had a user’s ID and password. But what commands would he need in order to search the files for information on a computer science graduate with the right name and graduation date? The student database would be a proprietary one, created on campus to meet the specific requirements of the university and the Registrar’s office, and would have a unique way of accessing information in the database.
First step in clearing this last hurdle: Find out who could guide him through the mysteries of searching the student database. He called the Registrar’s office again, this time reaching a different person. He was from the office of the Dean of Engineering, he told the lady, and he asked, “Who are we supposed to call for help when we’re having problems accessing the student academic files?”
Minutes later he was on the phone with the college’s database administrator, pulling the sympathy act: “I’m Mark Sellers, in the registrar’s office. You feel like taking pity on a new guy? Sorry to be calling you but they’re all in a meeting this afternoon and there’s no one around to help me. I need to retrieve a list of all graduates with a computer science degree, between 1990 and 2000. They need it by the end of the day and if I don’t have it, I may not have this job for long. You willing to help out