How to Rob a Bank With Words

[Greg Tito]

How to Rob a Bank With Words

The art of social engineering is making people believe you are trustworthy.

Any good grifter will tell you most people are willing to believe you are more important than you are. All you have to do is watch The Sting or Fox News to see the concept in action, but having the techniques of a "professional" conman laid out before you is a little bit like peeking behind the curtain at a magic show. Once you see the process, it seems impossible that anyone would be fooled, but these techniques still work. Jim Stickley is a self-described "Professional social engineer" who is hired by institutions to find holes in their security, much like Robert Redford's team in the movie Sneakers. Reading Stickley's step-by-step process of how he and his team enter offices and banks to steal vital information and install key loggers is just eye-opening.

"Let's say I am posing as a fire inspector," Stickley said. "The first thing I will have besides my badge and uniform is a walkie-talkie, like all firemen." Outside, the man in the car sends a recording of typical fireman radio chatter to Stickley's walkie-talkie.

"We walk into the facility and make sure that all the chatter is coming loudly into to the walkie-talkies as soon as we walk in their door so that we are immediately the center of attention," he said. "When I walk in, I want everyone to know that I mean business. My walkie-talkie is loud and everyone looks over as I apologize and turn it down."

The point of this is not quite misdirection, but to build an illusion of reality. After presenting his false credentials, Stickley conducts the fire inspection even though he has no idea what he is talking about. "I make stuff up and probably give the worst advice ever. I'll pull out cords and say 'This looks a little bit dangerous.' I'll comment on space heaters. I'm completely winging it."

Effective use of props is key for any good grifter worth his salt and Stickley is no different. "A few years ago, I got a device at Home Depot. It's like a measuring tape, but not a regular measuring tape. It has a laser pointer and makes a clicking noise. This device is like the Tricorder on Star Trek for me. I can do any magical thing with it as far as Im concerned. I'll put it up to a socket and say 'This looks like it has too much current running through it.' And they just believe it.

"It's amazing the stupid things I can do. It's the bells and whistles that count and people want to see that you have products," he said.

While Stickley is being escorted around, his partner wanders off, steals anything he can, and conducts inspections under people's desks. All he is really doing is putting USB dongles in their computers that will log all of the keystrokes of the user. "By the time it's over, we've stolen stuff, and gotten access to log-ins and passwords because we've been recording that information with the key-logging devices, whether it be online sites or local accounts on their system. We've been on their wireless network and have been able to hack into that as well."

The whole process might take a few visits, but Stickley plants the seed of a return by being called away on his walkie-talkie so that it's reasonable for the inspection to continue on a later day.

After Stickley and his team rob a place, they meet with the executives and employees to show them what they retrieved. "When we show up after the engagement to present what we found, there is often a total look of shock on the employees' faces," he said. "It's stuff they never thought would happen. If you talked to them a week earlier, they never thought they'd fall for some of the stuff we pulled. But now they see it can happen, and it can happen to them."

Let this be a lesson to all of you: Never let firemen search under your desk. That is all.

Source: CSO Online [http://www.csoonline.com/article/692551/how-to-rob-a-bank-a-social-engineering-walkthrough?page=1]

Permalink

 

[imnot]

I hope im not the only one taking notes here
*Scribbles on pad*
I drew a cat!

Oh and uh, good notes too!

 

[The_root_of_all_evil]

Thank you for this. I have real need of a con artist in my novel and this will be utterly perfect reading matter

 

[Formica Archonis]

Is it just me or has the news been rather Slashdot-ish this morning?

http://apple.slashdot.org/story/11/10/27/1618203/steve-jobs-missing-license-plate
http://it.slashdot.org/story/11/10/27/167238/how-to-rob-a-bank-one-social-engineers-story

 

[Fayathon]

It's a good thing that these guys are working for people rather than robbing them, though it does raise the question as to why the hell people don't go out of their way enough to learn some of the stuff about safety codes and shit like that, a little, and I mean a little knowledge, would be enough to deter these kinds of things a fair bit I would assume.

 

[Baby Tea]

Reading that was like watching an episode of Burn Notice, except I imagine Bruce Campbell playing all the parts.

"Pardon me! Chuck Finley here! I'll need to have a look at your electrical. People in the neighbourhood have been getting serious power spikes, and we need to make sure you aren't at risk of anything frying! Mind if I take a look under this desk?"

I love that show!

More on topic: Social engineering is just awesome.
It's also very cool when used for good, like in this case!

I'm jealous of this guy's job.

 

[Owen Robertson]

Ahh the conman. A more civil and respectable thief. Anyone here ever watch Matchstick Men?

 

[Dutch 924]

Perfect. Now my plan can be put in motion >

 

[BabySinclair]

I want this job so bad

 

[Diegolomac]

The fact that they put an image of "The Sting" already made this article go up to 100% in my concept. God I love that movie.

 

[Fbuh]

I want this job so bad

And it can all be yours! For the low, low price of a laser tape measure!

Waht he didn't cover on this is a flawless ability to act amd improvise, i.e. lie. Also, being a nice guy and apologetic does wonders. First, it gets people to like you, and second, it makes you seem more gullible, thus creating a false sense of security. Oh yeah, I could totally be a con man, if I wasnt so lazy.

 

[Mr Companion]

I want this job so bad

Agreed.

 

[ssgt splatter]

Oh great. This is just like when the US State Department or the White House Spokesperson was talking on the subject of 'terroists striking other targets in the US' after 9/11 by actually saying things like, "Well, we do have a minor security gap here and no electornic back-ups there so if the terrorists decied to attack this location we'd be completely unprepared to respond." Basically, this little article is now a "how to" guide to be a con-man.

 

[TheYellowCellPhone]

It's all a marvelous acting heist, anyone with enough charisma, a good plan, and a convincing costume can pull this off.

Don't they have TV shows where they do this -- they do various acts of burglary, just to show how horribly prepared places are for them?

 

[elilupe]

"A few years ago, I got a device at Home Depot. It's like a measuring tape, but not a regular measuring tape. It has a laser pointer and makes a clicking noise. This device is like the Tricorder on Star Trek for me. I can do any magical thing with it as far as Im concerned. I'll put it up to a socket and say 'This looks like it has too much current running through it.' And they just believe it.

I'm not the only one who thought of the sonic screwdriver here, am I?

 

[Mumorpuger]

It's Halloween! If there just happens to be a gal dressed as a sexy fireman, and she wants to go under my desk, I will be okay with it.

Now after Nov. 1st, Iz serius bizness.

 

[lumenadducere]

Why on Earth would you let an inspector of any sort put a USB stick into your computer, particularly a fire inspector? That makes no sense at all - how computer illiterate are people to have to think that a USB drive is in any way associated with fire safety?

 

[ShindoL Shill]

I hope im not the only one taking notes here
*Scribbles on pad*
I drew a cat!

Oh and uh, good notes too!

i drew a bunny with a shotgun!
and i noted it all down, bookmarked the page and committed it to memory to use at a later tomorrow. i am a god of hellfire bullshitting.
it's amazing how easy it would be to do this shit.

 

[GeorgW]

Sounds like a lot of fun, I'm just waiting for a chance to try it out without having to pay the consequences of failing.