The Ultimate Guide to Social Engineering [ PDF ] states social engineers offer free gifts of favors countingon the fact that reciprocation is a human impulse. An example is togive a plate of cookies, but what if the bait goodies were morealong the lines of a plate of nookie? We don t often hear too much about U.S. Secret Service cyber investigations , but since its beginning in 1865 the USSS mission had to evolvefrom its original counterfeit currency investigations to alsoinclude emerging financial crimes. The 2011 Verizon Data BreachInvestigation Report [ PDF ] included data from 257 Secret Service cybercrime investigations.In fact, the agency is extremely good at getting the job done andfrequently investigates electronic crime , data theft and security breaches. But what if hacking the hackerwas less high-tech, less about following a cyber-trail, and moreabout good old-fashion seduction to find a chink in thecybercrook s armor? USSS social engineering using sex as baithelped lure Romanian hackers to America where two men wereimmediately arrested upon their entry to the United States. |
Last December in a multimillion-dollar scheme, four Romanian hackers were charged with hacking point-of-sale (POS)systems which targeted more than 200 U.S. merchants including 150 Subwayrestaurants. The indictment said they remotely scanned forvulnerabilities in POS computer systems, guessed or usedpassword-cracking programs, installed keystroke loggers andbackdoor Trojans before stealing the credit card data of 80,000U.S. customers. The Romanian hackers used public filesharing services to transfer credit card data to fraud-minded customers.
Theywere charged with conspiracy to commit computer fraud, wire fraudand access device fraud. Adrian-Tiberiu Oprea was arrested in and extradited from Romania , but that left the Secret Service with figuring out how to nabIulian Dolan, Cezar Iulian Butu and Florin Radu. CTOvision reported the Secret Service successfully lured Dolan and Butu into theUnited States by using one of the oldest tricks in the book, by using a female agent as a honeypot. In espionage, a honeypotrefers to an agent or plan that uses seduction as bait forentrapment, and is one of the oldest and most successful tricks intradecraft. It took social engineering and a woman s wiles to bring down the27 year-old Dolan.
A female Secret Service agent pretended to beworking at a resort and casino. She and Dolan developed a rapport before offering Dolan a free flight and a complimentaryweekend of casino fun. The USSS and the casino had set up adedicated line for the female employee and gave her an emailwith the casino s domain name, Krebs on Security reported . When Dolan checked it out, even the airline ticket had beenpurchased by the casino. It seemed legit and Dolan took the bait,hook, line and sinker.
Brian Krebs spoke with Michael Shklar who is the public defender appointed asDolan s attorney. U.S. Secret Service agents tricked his clientinto voluntarily visiting the United States by posing asrepresentatives from a local resort and casino that was offeringhim a complimentary weekend getaway. Shklar added, Dolan arrived in the U.S.
with some clothes, a cheap necklace, a littlebit of money, and three very large boxes of grape-flavored Romaniancondoms. He was arrested upon his arrival to Logan InternationalAirport. The USSS used a different targeted honeypot to catch the 26year-old Butu. It started by subpoenaing Yahoo!, GoDaddy and othercommunications providers to study Butu s emails. Then USSSinvestigators posed as an attractive female tourist who Butuhad previously met in France.
Alex Olesker reported , Despite their in-depth information, the USSS didn t need tomake their story particularly believable for it to work, claimingto be an independently wealthy Hooters waitress working at therestaurant chain for the health insurance and a love of people.That was enough to get him to fly to Boston to meet her, where hewas arrested on the spot. Attorney Shklar told Brian Krebs , Butu gets off the plane and they nab him and the handcuffsdon t even have fur on them. As CTOvision pointed out , a lot can be accomplished using hackers and honeypots. As the FBI s veteran cyber cops have noted, that s how you get things done. Investigatingcybercrime is rarely a pure battle of wits between white hat andblack hat hackers.
Arresting the Romanian hackers requiredneither advanced technical expertise or capable and willinginternational partners. Radu remains at large, but might also fall prey to a socialengineer using a sexual undertone. Social engineering is lethal to corporations and individuals as has been proven time and again,such as when security specialist Thomas Ryan created the fictionalAmerican cyber threat analyst Robin Sage . By setting up social networking profiles, claiming to be fromMIT, and using photos from porn sites, the fake Sage was able todupe security, military and intelligence people.
Ryan compiled hisresearch and then presented Getting into bed with Robin Sage [ PDF ] at BlackHat USA. Women are thought to be better social engineers than men ; it will be put to the test this year with Battle of the SExes . The stakes are different than what the USSS was out to achieve.It s highly doubtful that either male or female social engineerswill dangle nookie as bait at Defcon.
The e-commerce company in China offers quality products such as UHF Labels , Mifare Smart Card, and more. For more , please visit Wet Inlay today!
Related Articles -
UHF Labels, Mifare Smart Card,