1. Welcome to CowboysZone!  Join us!  Come on!  You know you want to!

Great example of social engineering

Discussion in 'Political Zone' started by BrAinPaiNt, Aug 3, 2007.

  1. BrAinPaiNt

    BrAinPaiNt Bad Santa Staff Member

    61,251 Messages
    4,576 Likes Received
    LINK

    Although this is not really political in nature I put the article here instead of the off topic zone to keep things from possibly turning into a political topic on the other zone. (rambling on now).

    This type of thing has always interested me. Social Engineering as it is called in the hacking world. At one time I would read a great deal on hacking and such but it always amazed me how the best, and often most effective, way to hack was social engineering.

    I have also wondered how much hacking the government does into terrorist networks. Wonder if they breaking into Al Jazeer (sp?) to try and find information.

    Ok...on with the article...

    =======


    How do you get a secret username and password out of an IRS employee? ... Just ask.
    Submitted by Paul McNamara on Fri, 08/03/2007 - 1:02pm.

    The IRS is fairly diligent when it comes to warning citizens about IRS-related phishing scams, IRS-related malware, and IRS-related rip-off artists.

    What they've needed to be doing, though, is warning us about IRS employees.

    Turns out that the carelessness and gullibility of that bunch of nincompoops may represent at least as great a threat to the safety of taxpayers' digital information as the phishers, virus writers and con men.

    From an Associated Press report:

    IRS employees ignored security rules and turned over sensitive computer information to a caller posing as a technical support person, according to a government study.

    Sixty-one of the 102 people who got the test calls, including managers and a contractor, complied with a request that the employee provide his or her user name and temporarily change his or her password to one the caller suggested, according to the Treasury Inspector General for Tax Administration, an office that does oversight of Internal Revenue Service. The caller asked for assistance to correct a computer problem.


    As is so often the case with bureaucrats and their minions, it's not as though they fail to try - witness the agency's response to lax laptop encryption and the lengths to which it goes to help taxpayers at the filing deadline - rather, it's just that they're a bunch of screw-ups.

    Of the latest embarrassment, Inspector General J. Russell George said: "This is especially disturbing because the IRS has taken many steps to raise employee awareness of the importance of protecting their computers and passwords."

    No, it's especially disturbing because these people know all there is to know about our personal finances, yet seem incapable of locking a door.

    Sixty-one out of 102? Allow me to take back that bit about them trying.

Share This Page