Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Amazon 'wish list' is gateway to epic social engineering hack

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 29 Aug 2013 07:09:53 +0000 (UTC)
http://www.cbsnews.com/8301-205_162-57600158/amazon-wish-list-is-gateway-to-epic-social-engineering-hack/

By CHENDA NGAK
CBS NEWS
August 27, 2013
Comedian Erik Stolhanske didn't know what he was getting himself into when he let a cybersecurity expert at SecureState take a crack at hacking him. The "Super Troopers" actor gave the company the green light to try to access his Twitter account with nothing more than his name. What he found out was that his entire digital life could have been compromised using simple techniques.
SecureState profiling consultant Brandan Geise went on a mission to hack into Stolhanske's Twitter account, but instead was also able to gain access to his Amazon, AOL, Apple and Dropbox accounts, as well his Web hosting account.
A manipulation tactic called social engineering can give anyone smart enough to connect the dots a gateway into your digital domain. It doesn't require a single line of programming code. 

"Pretty much anyone can do this," Geise told CBSNews.com.
Geise started by running a search of Stolhanske's name on Spokeo.com, a website that aggregates public information about people. Information found on Spokeo can include a home phone number, email address, all associated home addresses, family members and occupation. It took two pieces of information from Spokeo to gain access to Stolhanske's Amazon.com account: an email and home address. 

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: