Social Engineering strikes back

digitally destroyed

In a very detailed article, Mat Honan, a Wired.com journalist, explains how he’s digital life exploded in 15 minutes.

As he explains:

I realized something was wrong at about 5 p.m. on Friday. I was playing with my daughter when my iPhone suddenly powered down. I was expecting a call, so I went to plug it back in.

It then rebooted to the setup screen. This was irritating, but I wasn’t concerned. I assumed it was a software glitch. And, my phone automatically backs up every night. I just assumed it would be a pain in the ass, and nothing more. I entered my iCloud login to restore, and it wasn’t accepted. Again, I was irritated, but not alarmed.

(…) When I opened my laptop, an iCal message popped up telling me that my Gmail account information was wrong. Then the screen went gray, and asked for a four-digit PIN.

(…) By now, I knew something was very, very wrong. For the first time it occurred to me that I was being hacked.

All of this occured in few minutes. But was the result of a well prepared attack. And this attack deeply relied on Social Engineering.

Social engineering: finding the flaw in the process

The basic of social engineering is to find  a trick to gain access to a place where you’re not supposed to be. The place can be real (a concert, VIP lounge, a company restricted area…) or virtual (iCloud account, Amazon account, twitter account…).

Here, the hacker managed to spoof the identity of Mat Honan during phone calls toward Amazon and Apple hotlines.

But before that, the hacker collected some personal data around the victim, Mat Honan: email address (found on his website), personal address (found on the whois record).

Scared about the outcome? Read the whole article on wired, and see what you need to change if you don’t want to be the next one…

Leave a Reply