Mitnick had so many stories that entranced the people around him. I heard one second hand of Mitnick dealing with a bank who had early voice verification software. Upon meeting the CEO he gave the executive his card and departed for the evening. Arriving back at his hotel, he called the CEO and asked him to read his phone number to him. The phone number contained all ten digits which Mitnick had neatly tape recorded so as to make the CEO’s voice reproducible. He then proceeded to use the bank’s vocal banking system to transfer $1 from the CEO’s account to his as the authentication mechanism was reading out your own account number in your voice.
When Mitnick arrived back in the board room the architect of the voice verification system was crestfallen and the bank CEO delivered a check on a silver platter.
Now how much of that tale is embellished I will never know as it was second hand, but that was the kind of whimsy Mitnick brought to our world.
Rest in Power.
The phone number contains all the digits needed to recreate the bank account number?
He somehow has the bank account number?
He meets the CEO (despite just being a security consultant) and gives his report to the board of directors?! That is not how companies usually work, especially the board part.
Check on a silver platter? architect of the voice system is brought into the room with the board to be humiliated? This reads like something a 13 year old would dream up (nothing against OP maybe someone even Mitnik really did claim this happened).
The tale is absolutely embellished if it has any truth at all.
Getting a phone number with all the necessary digits is a bit of a stretch, but not impossible. And I would suspect, because this is the way phone systems generally work, that there was no bound on the number of attempts to enter the account number. Account numbers are all the same length, so you know exactly how many characters to input, it's just a matter of brute forcing the number--and for all I know, there may be some kind of structure that Mitnick found out.
Meeting with the board sounds like an embellishment for sure, especially for Mitnick's initial report, but I could definitely see--especially if someone was looking for a big chunk of money to strengthen the system--the report eventually being given to them.
The check on the silver platter is the most believable part of the story. Have you ever met a CEO? And why wouldn't the architect of the system be there to receive the report on the security of the system? Who else should be there?
For me, the only truly unbelievable part of this story is that he needed the CEO's voice at all. And for all we know, he just said he recorded the CEO's voice for a laugh.
Random number, legit area code. Unless you are looking for all 10 digits, pretty easy social hack
But that's pretty easy. Sorry I didn't catch that could you do it one number at a time?
"Sorry, no 54, five-four."
"You said five ... four?"
"Yes, five ... four."
Doing the thing you want people to do is actually a pretty good strategy.
Recognizing when people are employing this strategy on you and intentionally not doing the thing is good fun too.