The Art of Deception_ Controlling the Human Element of Security - Kevin D. Mitnick [83]
Kaila looked starry-eyed. He went on, “Can you use a computer?”
“Sure,” she said.
“How would you like me to put your name in for a secretary’s job in Marketing?”
She beamed. “For that I’d even move to Dallas.”
“You’re going to love Dallas,” he said. “I can’t promise an opening right away, but I’ll see what I can do.”
She thought that this nice man in the suit and tie and with the neatly trimmed, well-combed hair might make a big difference in her working life.
Pete sat down across the lobby, opened his laptop, and started getting some work done. After ten or fifteen minutes, he stepped back up to the counter. “Listen,” he said, “it looks like Mike must’ve been held up. Is there a conference room where I could sit and check my emails while I’m waiting?”
Kaila called the man who coordinated the conference room scheduling and arranged for Pete to use one that wasn’t booked. Following a pattern picked up from Silicon Valley companies (Apple was probably the first to do this) some of the conference rooms were named after cartoon characters, others after restaurant chains or movie stars or comic book heroes. He was told to look for the Minnie Mouse room. She had him sign in, and gave him directions to find Minnie Mouse.
He located the room, settled in, and connected his laptop to the Ethernet port.
Do you get the picture yet?
Right—the intruder had connected to the network behind the corporate firewall.
Anthony’s Story
I guess you could call Anthony Lake a lazy businessman. Or maybe “bent” comes closer.
Instead of working for other people, he had decided he wanted to go to work for himself; he wanted to open a store, where he could be at one place all day and not have to run all over the countryside. Only he wanted to have a business that he could be as sure as possible he could make money at.
What kind of store? That didn’t take long to figure out. He knew about repairing cars, so an auto parts store.
And how do you build in a guarantee of success? The answer came to him in a flash: convince auto parts wholesaler Honorable Auto Parts to sell him all the merchandise he needed at their cost.
Naturally they wouldn’t do this willingly. But Anthony knew how to con people, his friend Mickey knew about breaking into other people’s computers, and together they worked out a clever plan.
That autumn day he convincingly passed himself off as an employee named Peter Milton, and he had conned his way inside the Honorable Auto Parts offices and had already plugged his laptop into their network. So far, so good, but that was only the first step. What he still had to do wouldn’t be easy, especially since Anthony had set himself a fifteen-minute time limit—any longer and he figured that the risk of discovery would be too high.
In an earlier phone call pretexting as a support person from their computer supplier, he had put on a song-and-dance act. “Your company has purchased a two-year support plan and we’re putting you in the database so we can know when a software program you’re using has come out with a patch or a new updated version. So I need to have you tell me what applications you’re using.“ The response gave him a list of programs, and an accountant friend identified the one called MAS 90 as the target—the program that would hold their list of vendors and the discount and payment terms for each.
mitnick message
Train your people not to judge a book solely by its cover-just because someone is well-dressed and well-groomed he shouldn’t be any more believable.
With that key knowledge, he next used a software program to identify all the working hosts on the network, and it didn’t take him long to locate the correct server used by the Accounting department. From the arsenal of hacker tools on his laptop, he launched one program and used it to identify all of the authorized users on the target server. With another,