Archive | Social Engineering


15 November 2007 | 4,347 views

Doubleclick Involved in Malware Distribution

We recently reported on thousands of people being hooked by big sites distributing malware, it now seems Doubleclick was the one at fault. It’s a pretty neat trick and a good spin on Social Engineering leveraging on the trustworthy nature of the sites. CNN even? Rogue anti-spyware software that pushes fraudulent PC scans has found [...]

Continue Reading


07 November 2007 | 3,620 views

Thousands Hooked by Malware from Big Sites

If I recall this is not the first time this has happened, delivering viral payloads via banner ads and flaws in scripting. It seems that malware peddlers are getting more aggressive though, it obviously shows there is actual monetary value in infecting people and stealing their data. A subtle form of social engineering too, by [...]

Continue Reading


04 July 2007 | 8,970 views

Trojan Mimicks Windows Activation Interface – KardPhisher

Recently a new Trojan popped up that mimics the Windows activation interface, phishing for credit card details and even the PIN number. The Trojan itself isn’t particularly advanced technically, it’s mostly just a social engineering attack. Symantec is reporting on a Trojan horse that mimics the Windows activation interface. What they are calling Trojan.Kardphisher doesn’t [...]

Continue Reading


25 April 2007 | 5,820 views

Social Engineering Gets a Big Jewel Heist

It just goes to show, sometimes the simple things are the most effective. A box of chocolates can defeat all the most hi-tech security systems if you add a little charm. 21 million Euros of diamonds, that’s one hell of a catch. A thief has evaded one of the world’s most expensive hi-tech security systems, [...]

Continue Reading


14 March 2007 | 5,981 views

Huge Online Loss by Swedish Bank Nordea – Claimed to be Biggest Loss?

A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD. Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided [...]

Continue Reading


20 September 2006 | 40,036 views

Domain Stealing or How to Hijack a Domain

Please note this is an old technique again, just for learning purposes, learn how the old techniques worked and why they worked, then try and discover new ways to do things. Summary The sole purpose of the information contained in this advisory is to point out the flaws in InterNIC’s domain name handling system and [...]

Continue Reading


30 August 2006 | 171,215 views

How to get Ops and takeover a channel on IRC Hack Hacking

I’ve been spending a lot of time online lately reading all kinds of stupid text files on how to “Takeover Ops Boi!!!”, “eLeEt WaYs To gEt OpS!!!”, “HOW TO GET OPS ON SERVER SPLITS”, etc. We all know none of these things work, at least not for me. They’re either written by morons, or they [...]

Continue Reading


07 July 2006 | 8,663 views

‘Free’ USB Drives Defeat Company Security

This is an excellent case of Social Engineering, you could also consider it playing on human greed/ignorance/stupidity. Whatever you want to label it really ;) USB drives are a real security risk.. We recently got hired by a credit union to assess the security of its network. The client asked that we really push hard [...]

Continue Reading


26 June 2006 | 5,067 views

US Veterans Information Leaked on The Web

Another HUGE information leak from the US government, seems they can’t help themselves. Or perhaps people are just ramping up the efforts against them.. The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian website. The Navy said Friday [...]

Continue Reading


18 June 2006 | 5,924 views

Kevin Mitnick Interview on Social Engineering

There’s a good interview with Kevin Mitnick on Social Engineering. Well afterall, that is where his skill lies, not in technical hacking. Arrested by the FBI in 1995 and convicted of breaking into the systems of Fujitsu Siemens, Nokia and Sun Microsystems, Mitnick served five years in prison–eight months of it in solitary confinement. In [...]

Continue Reading