How to steal information from defense contractors

Can you help me find a job?

Years ago, I was at a conference run by SCIP, the organization for Strategic and Competitive Intelligence Professionals, which concerns itself with "the legal and ethical collection and analysis of information regarding the capabilities, vulnerabilities, and intentions of business competitors." One of the presenters explained that by merely talking with people and really listening to what they said, you could glean lots of information about their companies.

Recently, Jordan Harbinger figured out how to do this using a more potent weapon: a pretty woman looking for a job.
About 1.4 million people in the US have a "top secret" security clearance. But what happens when an attractive man or woman friends them on Facebook, asking for career advice and wondering what they’re working on?

Jordan Harbinger, a dating coach based in Los Angeles, wanted to give a talk at the hacker convention Def Con. He was in his living room chatting with two clients who happen to work for a massive defense corporation that contracts with the US military when the pair started blabbing about their top secret projects. That gave Harbinger an idea for an experiment in social engineering, the dark art of influencing people to act against their own interest: what would it take for a defense contractor to reveal classified information to a total stranger?

The answer is: not much. Harbinger succeeded in getting contractors with top secret security clearances to reveal details of what they were working on, as well as enough personal information to access their bank accounts, credit card statements, and cell phone records. He spent fewer than 10 hours total on the project spread over a few weeks.

"I wanted to do it without breaking any laws, and ideally just with stretching the truth," he said. Marcia Hoffman, a lawyer with the Electronic Frontier Foundation at the time who is now in private practice, advised him in order to ensure he didn’t do anything illegal, such as impersonate a government employee.
And then he created a fake Facebook profile for an attractive woman named Alara...

Read more: Dating coach shows how to get classified military intel using social engineering, The Verge>>
- SCIP>>

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Related Posts with Thumbnails