News you may have missed #356

Bookmark and Share

Advertisements

About intelNews
Expert news and commentary on intelligence, espionage, spies and spying, by Dr. Joseph Fitsanakis and Ian Allen.

One Response to News you may have missed #356

  1. Kohshi says:

    <>

    (From google translate of that page. Sry, don’t read German.)

    I am surprised I couldn’t find this in google news in english. This is a newsworthy story. I work in computer security and have not heard of this, though I have run across site admins who are guys that pose as women to gain confidence. (Simply a picture does it, the man’s imagination does the rest.)

    Good phrase: Trust no one.

    Facebook stories make top stories routinely.

    I find among other computer professionals – we are called “bug finders”, “security researchers”, “vulnerability analysts” – that though these people are supersmart, methodical, skeptical… they remain naive simply from ignorance of physical security methods and how intel organizations are adapting their tried and true methodologies online.

    It is routine in my spheres for hackers to pose as others and gain their confidence. “Social engineering”. Yet… As clever & paranoid as these guys are, they tend to remain ignorant of the potential the internet poses for physical security, intelligence organizations to apply their methodology they have used for years ‘on the street’ online.

    They also tend to remain ignorant of many of the confidence games of con artists before them. (Scammer hackers, no.)

    In fact, much of their success has been simply because of the medium, some creativity, some smarts. In inventing the term “social engineering” many have deluded themselves into believing this is a new concept.

    In reality… they do not understand about the creation of legends, maintaining legends, methods of dispelling suspicion, and on and on.

    They talk about MITM attacks… but don’t realize the real danger. Nothing online is necessarily real.

    One thing to change one’s name, pretend they are from some foreign city, or even one’s sex… something else to create an elaborate legend, and stick to that, with supporting evidence, and being able to have a stack of tactics to waylay any possible suspicion at any time.

    Or even in information gathering: profiling people’s likes and dislikes by indirect queries and research… then using this to gain footholds, rapport. Digging in.

    If anyone is a potential target at all… they should never make that information publicly available.

We welcome informed comments and corrections. Send us yours using the form below.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s