Sorry for the funky email subject... was trying to prevent PRISM from
detecting keywords and flagging us! Not sure if I am being paranoid or
facetious.
Remember that old movie "Sneakers"
(kind of put Bay Area tech culture on the map for Hollywood)? Robert
Redford led a team of hackers who are paid to try to infiltrate an org's
security, in order to expose vulnerabilities. Well that job is alive
and well today, but with fewer shotguns. The pros don't waste their time
with high-tech hacking, they just employ the oldest confidence schemes
in the book! No point taking the Rube Goldberg path when marks will give
you want you want for free. But the whole point of a gov. sec.
clearance is to not broadcast to the world that you have one. How to out
the engineers and companies who do? 
It's much easier to convince someone on the inside to give you access rather than trying to break in yourself and risk getting pinched. There's always human psychology, and the gov't contractor-tech geek types aren't exactly known for their street smarts and social skills. So these "good hackers" went on LinkedIn, and used pretty simple tricks to reel in folks with gov't clearances to improperly expose themselves (not Anthony Wiener style fortunately).
They played to their impulses and egos: impress someone who claims to be a recruiter with your super-cool classified projects, and come to the aid of an attractive damsel-in-distress who wants to get into the NatSec industry. Kind of scary that it was this easy though. Clearly these orgs need to give more security training, especially when social media are involved. Or maybe they should snoop on their own workers first before sifting through the general population.
No comments:
Post a Comment