Schneier on Security
A blog covering security and security technology.
« MAESTRO-II: NSA Exploit of the Day |
| SOMBERKNAVE: NSA Exploit of the Day »
February 5, 2014
1971 Social Engineering Attack
From Betty Medsger's book on the 1971 FBI burglary (page 22):
As burglars, they used some unusual techniques, ones Davidon enjoyed recalling years later, such as what some of them did in 1970 at a draft board office in Delaware. During their casing, they had noticed that the interior door that opened to the draft board office was always locked. There was no padlock to replace, as they had done at a draft board raid in Philadelphia a few months earlier, and no one in the group was able to pick the lock. The break-in technique they settled on at that office must be unique in the annals of burglary. Several hours before the burglary was to take place, one of them wrote a note and tacked it to the door they wanted to enter: "Please don't lock this door tonight." Sure enough, when the burglars arrived that night, someone had obediently left the door unlocked. The burglars entered the office with ease, stole the Selective Service records, and left. They were so pleased with themselves that one of them proposed leaving a thank-you note on the door. More cautious minds prevailed. Miss Manners be damned, they did not leave a note.
Posted on February 5, 2014 at 6:02 AM
• 20 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
There were more than a few stories in "The Soul of a New Machine" about MIT student/hackers doing similar acts. One in particular involved a student who entered a professor's office after hours through the ceiling tiles and left a nice foot print on the desk. Lock picking seems to have been very popular among MIT hackers at the time for obvious reasons.
I would not be surprised if the note wasn't just "please leave this door unlocked" but had the additional "for cleaning".
They likely did a nice job of cleaning the floor.
no cleaning - the fewer lies you tell, the better.
True for any cover story.
Indeed, it may have been the cleaning crew that unlocked the door.
@Evan Anderson: yes & thanks on the correction and yes, they were/are both excellent books. I'll blame the confusion on poor memory. Maybe I should dig them out of the closet and read them again during the next snow storm. ;^)
I'll admit that in my misspent youth, I did leave a similar note "please leave door unlocked" at a building which I wanted to gain entry into after business hours. It worked rather well. Although it sounds like the FBI burglars put the note on the outside of the door. I put mine on the inside during business hours and came back several hours later once everyone had left.
In general, social engineering remains my most fav. and most effective "hack" I can think of. Even with my legitimate work today, I often find myself doing a little bit of social engineering to obtain information which would be a royal PITA to obtain using the normal process.
I can assure you that Social Engineering (confidence game) is alive and working 43 years later.
My elderly relative got a pop up on her yahoo account asking her to change her password and input her cell phone number for verification (the con-artists wanted her new yahoo password which was daisy-chained to her facebook, gmail, and so on. The cell phone number would probably have helped in the above scam and in credit card theft).
I saw the situation and moved her to an uninfected computer and she accessed her yahoo account with no problems or pop-ups asking for a change of password and cell phone number. It think this kind of scam happens every day.
I once got to a college class early, wrote "Class is cancelled" on the white board, and walked back out. I'm sure th professor wondered why nobody showed up ...
@kingsnake: The most likely thing that happened is when the professor arrived 3 minutes later, they erased your message. Everyone else attended the class, and you were marked absent.
What's the point of paying for college if you don't care about what you're trying to learn?
@Jen: One class, one day, in 250 college credits, with a 3.7 GPA. Mighty judgemental, aren't we?
How much did your classmates spend on that class? How much planning and time went into preparing for it for them? Collectively, how much do you think was wasted because of your not particularly imaginative prank?
You weren't even there to see it. How many years have you been laughing at what you imagined happened? It must be such a happy little fantasy. Do you imagine the professor throwing his papers down in frustration? "Who did this?!" he must have said, "I'll get them one day!" Do you imagine the cute kid who sat next to you looking around longingly and wondering where you went, suspecting that you were the only person cool enough to write the note? It must be so exciting to dream about what happened that day you weren't there.
I can't imagine a more lame thing to do. No, wait. Bragging about it years later in a thread about clever social engineering. That would make it just pathetic. Oh! Wait. That's exactly what you just did here, isn't it?
Just additional confirmation: human is the weakest link in security chain.
Trust on the inside could lead people to let their guard down.
The hacker, Kevin Mitnick, would walk through an office he was targeting and leave behind a floppy disk with a label similar to "payroll.xls". Actually, the disk had an infected file on it that allowed him to gain access to the office remotely.
I've got one better than the class is canceled story.
1st year physics students go to their first class. A graduate student knew the professor was late so he went ahead to the class. There he proceeded to talk about Math Physics (senior level stuff) and that there would be a test on the material next class. When all the students were suitably dumbfounded and near fainting, he got out of there just minutes before the professor arrived.
I always thought that guy was just mean.... :-)
Wow, you must be a hit at parties.
love the 'mods minecraft' spam comment - it's actually appropriate! You know what they say about stopped clocks...
In the '80s I did a post-doc at Columbia with Cy Levinthal, on protein folding. We used Davidon's cubic-interpolation algorithm in our minimization routines. Cy was an active anti-war and peace activist, and I met Davidon one time when he came through and gave a talk in the Engineering department. When I read about Davidon's masterminding of the theft I was amazed but also amused. Given Cy's background, I would not have been surprised if he knew about it all along. In any event, a number of people did, and were able to keep a pretty good secret for many years. I have to say, hats off to Bill Davidon. Black hats, perhaps, but hats nonetheless.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.