Fast Company | Worker, Hack Thyself:
Social engineers hack the one part of IT that can't be patched: humans. The best line of defense? Learn how to do it yourself.
From: Issue 82 | April 2004, Web Exclusive By: Ryan Underwood
I know it was for demonstration purposes only. But still, when John Nunes, an information security consultant, called my cell phone and rigged the caller ID to display my office phone number (even though I was staring at my office phone at the time and Nunes placed the call from 300 miles away), it was spooky.
Spooky because it doesn't take a great leap to imagine an overworked, soon-to-be-outsourced IT grunt running a Fortune 500 company's database in San Diego getting a call from 'someone' at New York headquarters -- hey, the caller ID checks out -- asking him to shift some of the data to another server for a few hours. As it turns out, that server happens to belong to some Filipino teenager in desperate need of some fresh credit card numbers so he can score a new plasma screen TV. Or worse, it belongs to the company's fiercest competitor.
There's even a term for these kinds of human-computer shenanigans: social engineering. It's a phrase that often gets bandied about as an afterthought when talking about the hacker world of viruses and worms and all the rest. But, Nunes warns, it's the single area of hackerdom that individuals and companies have not paid nearly enough attention to.
A familiar cry among hackers these days goes something like this: There's no patch for human stupidity."