1971 Social Engineering Attack - Schneier on Security

Anon • February 5, 2014 9:08 AM

There were more than a few stories in “The Soul of a New Machine” about MIT student/hackers doing similar acts. One in particular involved a student who entered a professor’s office after hours through the ceiling tiles and left a nice foot print on the desk. Lock picking seems to have been very popular among MIT hackers at the time for obvious reasons.

Evan Anderson • February 5, 2014 9:29 AM

@Anonymous above is recalling a story from Steven Levy’s “Hackers: Heroes of the Computer Revolution”, rather than Tracy Kidder’s “The Soul of a New Machine”. (They’re both excellent books, BTW.)

nice • February 5, 2014 9:47 AM

xDDDDDDDDDDDDDDDD

John Campbell • February 5, 2014 10:09 AM

I would not be surprised if the note wasn’t just “please leave this door unlocked” but had the additional “for cleaning”.

They likely did a nice job of cleaning the floor.

(smirks)

Campbell Soup • February 5, 2014 10:18 AM

no cleaning – the fewer lies you tell, the better.
True for any cover story.

Taylor • February 5, 2014 11:00 AM

Indeed, it may have been the cleaning crew that unlocked the door.

Anon • February 5, 2014 11:19 AM

@Evan Anderson: yes & thanks on the correction and yes, they were/are both excellent books. I’ll blame the confusion on poor memory. Maybe I should dig them out of the closet and read them again during the next snow storm. ;^)

Alex • February 5, 2014 2:44 PM

I’ll admit that in my misspent youth, I did leave a similar note “please leave door unlocked” at a building which I wanted to gain entry into after business hours. It worked rather well. Although it sounds like the FBI burglars put the note on the outside of the door. I put mine on the inside during business hours and came back several hours later once everyone had left.

In general, social engineering remains my most fav. and most effective “hack” I can think of. Even with my legitimate work today, I often find myself doing a little bit of social engineering to obtain information which would be a royal PITA to obtain using the normal process.

h0l0d3ck • February 5, 2014 2:47 PM

Social Engineering Framework

http://www.social-engineer.org/framework/Social_Engineering_Framework

65535 • February 5, 2014 11:18 PM

I can assure you that Social Engineering (confidence game) is alive and working 43 years later.

My elderly relative got a pop up on her yahoo account asking her to change her password and input her cell phone number for verification (the con-artists wanted her new yahoo password which was daisy-chained to her facebook, gmail, and so on. The cell phone number would probably have helped in the above scam and in credit card theft).

I saw the situation and moved her to an uninfected computer and she accessed her yahoo account with no problems or pop-ups asking for a change of password and cell phone number. It think this kind of scam happens every day.

kingsnake • February 6, 2014 6:10 AM

I once got to a college class early, wrote “Class is cancelled” on the white board, and walked back out. I’m sure th professor wondered why nobody showed up …

Jen • February 6, 2014 8:58 AM

@kingsnake: The most likely thing that happened is when the professor arrived 3 minutes later, they erased your message. Everyone else attended the class, and you were marked absent.

What’s the point of paying for college if you don’t care about what you’re trying to learn?

kingsnake • February 6, 2014 11:53 AM

@Jen: One class, one day, in 250 college credits, with a 3.7 GPA. Mighty judgemental, aren’t we?

bilgoba • February 6, 2014 12:10 PM

How much did your classmates spend on that class? How much planning and time went into preparing for it for them? Collectively, how much do you think was wasted because of your not particularly imaginative prank?

You weren’t even there to see it. How many years have you been laughing at what you imagined happened? It must be such a happy little fantasy. Do you imagine the professor throwing his papers down in frustration? “Who did this?!” he must have said, “I’ll get them one day!” Do you imagine the cute kid who sat next to you looking around longingly and wondering where you went, suspecting that you were the only person cool enough to write the note? It must be so exciting to dream about what happened that day you weren’t there.

I can’t imagine a more lame thing to do. No, wait. Bragging about it years later in a thread about clever social engineering. That would make it just pathetic. Oh! Wait. That’s exactly what you just did here, isn’t it?

vas pup • February 7, 2014 2:24 PM

Just additional confirmation: human is the weakest link in security chain.

SchneieronSecurityFan • February 7, 2014 9:09 PM

Trust on the inside could lead people to let their guard down.
The hacker, Kevin Mitnick, would walk through an office he was targeting and leave behind a floppy disk with a label similar to “payroll.xls”. Actually, the disk had an infected file on it that allowed him to gain access to the office remotely.

Eras • February 11, 2014 2:11 AM

I’ve got one better than the class is canceled story.

1st year physics students go to their first class. A graduate student knew the professor was late so he went ahead to the class. There he proceeded to talk about Math Physics (senior level stuff) and that there would be a test on the material next class. When all the students were suitably dumbfounded and near fainting, he got out of there just minutes before the professor arrived.

I always thought that guy was just mean…. 🙂

William Lee • February 12, 2014 3:21 AM

@bilgoba
Wow, you must be a hit at parties.

William Lee • February 13, 2014 9:43 PM

love the ‘mods minecraft’ spam comment – it’s actually appropriate! You know what they say about stopped clocks…

Peter Shenkin • February 15, 2014 1:41 PM

In the ’80s I did a post-doc at Columbia with Cy Levinthal, on protein folding. We used Davidon’s cubic-interpolation algorithm in our minimization routines. Cy was an active anti-war and peace activist, and I met Davidon one time when he came through and gave a talk in the Engineering department. When I read about Davidon’s masterminding of the theft I was amazed but also amused. Given Cy’s background, I would not have been surprised if he knew about it all along. In any event, a number of people did, and were able to keep a pretty good secret for many years. I have to say, hats off to Bill Davidon. Black hats, perhaps, but hats nonetheless.

Y. Perco • March 14, 2014 3:51 AM

Here is an example of daylight robbery I heard recently. Several strong men in broad daylight went into the shopping center, raised ATM on their hands and carried it through the main entrance before visitors’ eyes. Then they loaded ATM in truck (maybe it was a mini-van) and went to unknown direction. I don’t know whether they were caught or not.

Eugenio • March 15, 2014 11:39 AM

Time ago, at launch time in our company (that has its own cafeteria) my colleague jokingly said, “let’s go for launch because they are closing 1/2 hour earlier”, but it still took us about 15 minutes to finally get together and go to the cafeteria, when we got there the cafeteria was crammed with people and more were arriving!, some of them bitching about the earlier closing for the day, apparently somebody heard my college comment not knowing he was just kidding so she/he spread the word. It seem liek people will fail on the safe side and follow rather that verify or challenge.

Robert.Walter • April 5, 2017 6:49 AM

Would have worked better if offhand comment had been “let’s wait to go because they open 1/2 hour later today”, LoL, live and learn.

locksmiths_and_more • April 5, 2017 8:46 AM

@Robert.Walker
reading the link reminded me of
https://www.abqjournal.com/813986/master-locksmiths-team-safeguards-critical-assets-at-sandia-labs.html

Schneier on Security

Comments

Leave a comment Cancel reply