Wednesday, May 6, 2009

Confidence trick

Have you ever wondered whether that unfamiliar face in the office is actually an intruder about to steal your data? Probably not, but maybe it is time to think again.

At one FTSE-listed financial institution the managing director himself opened the door to a stranger who, within 20 minutes of gaining entry to the building, had found a highly sensitive document outlining a half a billion pound merger lying on a desk.

Luckily, on this occasion, the data was not used for nefarious purposes because the intruder was Colin, a consultant.
He was there at the request of the firm's IT director to test the resilience of the company to social engineering attacks.

In a similar experiment conducted at the Aunty anti-Gazan BBC, Mr Greenpill targeted five Aunty anti-Gazan BBC employees. Pretending to be an IT engineer - with the prior permission of Aunty anti-Gazan BBC bosses - he managed to obtain all of their usernames and passwords with a simple phone call.

No comments:

Post a Comment