Thread: The scammers are getting smarter

Back when mobile phones were new, we (work) hired a brick to check on reception around the riverina. We were out in the middle of the Hay Plain, when it rang. "Is that the Wagga stripper?" I explained that it wasn't, and when I took the phone back, told the place we'd hired it from. He said that it had previously been hired to a working girl, and when she first returned it they were getting about 20 calls a day!

I can remember the early days of mobile phones - being able to listen to them on a scanner.

Originally Posted by smidsy

I can remember the early days of mobile phones - being able to listen to them on a scanner.

Isn't that how Charlie Windsor was caught out?

My son has been working for an IT security company as a "Penetration tester".
This is a "legitimate hacker", hired by Government, Corporates and Businesses to test their IT security,
Much of the testing involves phishing rather than sitting in a dark room trying to hack direct into a network.
He also dresses up and poses and company IT guy and enters their buildings and plugs gizmos direct into their network (lone PC or network point) that directly connects to the outside world via independent WIFI or telephony.
On one corporate test he was able to enter and place a gizmo onto their network and then sat in a car on the street and was able to hack and download most of their most sensitive data files within 30 minutes.
He attributes his skill in doing this successfully to the acting experience he gained in school productions.

In a recent test of a major Resources company he sent out 2 emails to the employees and senior managers of the company.
This company has been tested every year for the last 3 years and have been upgrading and educating their employees on IT security.
This time the boss of the Resources company reckoned their IT system would not be compromised.
My son's boss told them "we have a gun new pen tester and I reckon we will have full access within X time period"

Email A was, posing as company IT employee with company letter head, signature, and logos etc, "Here's a link to a new piece of software we would like you to try" - Within 24 hours he had the login details of ~20 general staff.
Email B was, now posing as an overseas company rep, "Here's a link to a document that could potentially compromise company PR, please read and comment" - Within 24 hours he had the login details of ~20 senior staff.
A few dozen staff did report email A as suspicious but the company's IT staff took more than 24 hours to investigate and put out an alert and by then it was too late.
Give that there are thousands of staff and only ~100 senior staff the latter are clear less IT security savvy than their general staff.'
From these accounts plus some direct hacking my son was able to get access to most of the companies IT resources and information well within X time period.
Only 30% of the employee had passwords that were strong enough not to be cracked in the time period allowed.

The results of some of the testing my son has done on Govt departments involved with vital infrastructure would make your hair curl.
He reckons the only organisations that are taking this matter seriously are financial institutions and the military but everyone else systems are so full of holes that it is embarrassingly easy to access.
BTW he has also tested several forum software apps and says they are one of the weakest apps out there and the reason they are are not targeted that often is because they contain little of real value.