Quantcast

Archive: Nov 2012

Social Engineering Defense Contractors on LinkedIn and Facebook 5: Tactic for Eliciting Private Data

Having obtained basic data on the targets, Jordan Harbinger makes a bold move to get their almost intimate details by applying more advanced social engineering. Step 6: [Hypothetically] Elicit classified info Now that I have tons of information about the company, the facilities and how things work from the...

Social Engineering Defense Contractors on LinkedIn and Facebook 4: Executing the Attack

Jordan Harbinger highlights the use of social engineering while carrying out the attack, and provides the specific data he managed to retrieve via such tactic. Step 5: Execute the attack So, I added a bunch of my targets on Facebook and I was able to get the privacy settings down so that if I added a few...

Social Engineering Defense Contractors on LinkedIn and Facebook 3: Associating with Targets

This part is about the strategy Jordan Harbinger implemented to get in touch with targets and learn their additional personal details for a successful attack. Step 3: Associate and gain rapport with targets So, now I was in and it was time to see what I could dig up. I want to make sure that I get something...

Social Engineering Defense Contractors on LinkedIn and Facebook 2: Selecting the Targets

The next phase of Jordan Harbinger’s social engineering study involves joining the environment with potential targets who have top secret level clearances. The question is: was this just some face-to-face magic that social engineers, or myself, can work in person that was getting this type of result, or is...

Social Engineering Defense Contractors on LinkedIn and Facebook

Jordan Harbinger, expert in interpersonal dynamics and social engineering, gives a great keynote at DerbyCon event, highlighting the methods it takes to elicit confidential information from people with top secret level security clearance. Thank you guys for coming to DerbyCon, aka EarlyCon, aka HangoverCon...

Facebook to Abolish User Voting

The world’s largest social network intends to abandon the practice of user voting for or against the new rules of site governance and new standards of data privacy. Facebook first conducted a similar survey back in 2009, when the number of its users amounted to about 200 million. The second time,...

PharmaLeaks 4: Spamming Techniques and Payment Service Providers

In his presentation’s final part, Damon McCoy dwells on the spamming strategies used by pharma affiliates, and breaks down the costs online pharmaceutical networks have to bear. Strategies for Spamming Now that we’ve looked at some general numbers on affiliates, let’s look at some of the top earning...

PharmaLeaks 3: Customer Acquisition and Affiliate Statistics

Damon McCoy highlights the customer influx trends and basic characteristics of the affiliates operating within the three major online pharmaceutical programs. Now that we’ve looked at product demand and demographics, let’s take a look at how these programs attract new customers (see graph). On the Y...

PharmaLeaks 2: Demographics and Revenue Structure for GlavMed, SpamIt and Rx-promotion

In this entry, Damon McCoy provides results of the study about customer base, products and revenue structure of major online pharmaceutical affiliate programs. In previous studies, a lot of people, including our group, have inferred just small little parts of these online businesses. And it’s always been...

PharmaLeaks: Understanding the Business of Online Pharmaceutical Affiliate Programs

Damon McCoy, Assistant Professor at George Mason University’s Computer Science Department, gives a great presentation at USENIX Security Symposium dissecting the business model of spam-driven online pharmaceutical industry. I am going to be presenting our work on PharmaLeaks, or as I like to call it:...

Questions with Kevin Mitnick 5: Present-Day Hackers and Controversial Legislation

Final part of this interview is a Q&A section, where Kevin Mitnick answers viewer questions about his attitude to today’s hackers and other relevant matters. Shannon Morse: Well, Kevin, right now we are going to have some awesome viewer questions for you. Alright, so the first one comes from...

Questions with Kevin Mitnick 4: The Grey Hat Houdini of Hackers

Kevin Mitnick expresses his ideas on the state of security nowadays, discussing some real-world engagements he undertook and new projects coming up. Shannon Morse: Given that this book is kind of a look at your past days and hacking, is there anything you regret from the past days? Kevin Mitnick: Yeah, you...

Questions with Kevin Mitnick 3: Escaping Prosecution

In this part, the once most wanted hacker Kevin Mitnick tells Hak5’s Shannon Morse about his experience with the law enforcement when he was a fugitive. Shannon Morse: Speaking of people that you might have social-engineered, and same with the people that might have accused you of things: did you worry...

Questions with Kevin Mitnick 2: Social Engineering and Technical Hacks

This entry reflects autobiographic facts provided by Kevin Mitnick during his interview at Hak5, specifically outlining social engineering tricks he used. Shannon Morse: There were a whole lot of security flaws for a lot of corporates, a lot of companies that you write about in your book. Did you run into...

Questions with Kevin Mitnick

Interviewed by Hak5 tech show’s Shannon Morse, the legendary former hacker Kevin Mitnick unveils exciting facts of his intricate and captivating life story. Shannon Morse: Today I am so excited to have Kevin Mitnick in this studio. Now, Kevin, you are known as the world’s greatest, most wanted hacker....

History of Hacking 4: Real-World Phone Phreaking Stories

As a copestone of his talk, John Draper tells a few stories from his phone phreaking past to show the power you could have playing around with phone numbers. Okay, what I’d like to do now is tell a few stories about some of the stuff that we did, because I kind of wanted to save the best for last. One of...

History of Hacking 3: The Dawn of Computer Hacking

Reasons for phone phreaking effectiveness, as well as peculiarities and flaws of the first known online systems are what John Draper outlines in this part. Why Phone Phreaking Worked Well, AT&T’s decision to use what they called ‘in-band signaling’ was their downfall, very bad idea....

History of Hacking 2: Insight into Phone Phreaking

This part of John Draper’s presentation is about the various methods of phone phreaking as one of the early manifestations of hacking into systems. Phone Phreaking 101 Who is a phone phreak? A phone phreak is a person, usually blind, because the only things that are in their lives are audio and what they...

Hackers have declared cyber war on Russia

Hacker group named GhostShell announced the launch of cyber war against Russia by disclosing about 2.5 million account records leaked from various governmental, law enforcement, educational, financial, medical, and other institutions. The hacktivists called this operation Project BlackStar and stated that it...

History of Hacking: John “Captain Crunch” Draper’s Perspective

Well-known old school hacker and phone phreak John “Captain Crunch” Draper delineates the major milestones in the evolution of different types of hacking at CONFidence IT security event. Hello everybody! I don’t know if you’ve heard of me or not, but I was the old school hacker back in the...

Pwned by the Owner 4: Lessons Learned

At the end of his fantastic Defcon talk, Andrew ‘Zoz’ Brooks takes some time to provide more details about the thief’s identity, and lists the lessons learned. Who is Melvin Guzman? The Close-Up Well, Melvin Guzman is the kind of person who spells his own name wrong on his Facebook page (see snapshot)....

Pwned by the Owner 3: VNC, Browser Cookies and Keylogger to the Rescue

Zoz Brooks elaborates on the methods he used for figuring out accurate personal details of the burglar who ventured to steal his beloved computer. Retrieving the Burglar’s Personal Details But childish fun aside, I wanted that machine back, so let’s start taking a look to see what we can find out about...