Social Engineering on a Grand Scale
29 April 2007Sounds like the makings for a new movie. If nothing else this story should be used in your next security awareness class.
From the United Kingdom’s Independent:
A thief has evaded one of the world’s most expensive hi-tech security systems, and made off with €21m (£14.5m) worth of diamonds - thanks to a secret weapon rarely used on bank staff: personal charm.
In what may be the biggest robbery committed by one person, the conman burgled safety deposit boxes at an ABN Amro bank in Antwerp’s diamond quarter, stealing gems weighing 120,000 carats. Posing as a successful businessman, the thief visited the bank frequently, befriending staff and gradually winning their confidence. He even brought them chocolates, according to one diamond industry official.
Mr Claes said of the thief: “He used no violence. He used one weapon -and that is his charm - to gain confidence. He bought chocolates for the personnel, he was a nice guy, he charmed them, got the original of keys to make copies and got information on where the diamonds were.
“You can have all the safety and security you want, but if someone uses their charm to mislead people it won’t help.”
If it can be this easy to gain access to roughly $20m in diamonds, how hard will it be to get someone to give up a password or plugin a USB key? This also shows that if the payoff is big enough, an attacker will invest a considerable amount of time and effort to achieve their end goal.
Technorati Tags: Insiders, Security Awareness Education, Social Engineering
September 21st, 2007 at 4:26 pm
Organizations need to start providing security awareness training on social engineering.
There are a couple of interesting views pointed out on this blog entry.
http://infosecalways.com/2007/09/21/extreme-social-engineering-paper/