zlacker

Would there be a modern version of this? I haven't read it and I'm interested, but mostly my parents are getting old, and with AI on the corner, I fear a bit the next level scams.

replies(4): >>brails+N2 >>jboy55+Y3 >>chris_+E8 >>TheBig+yR

>>dryrun+(OP)
I don't think it's ever gone away, and stands to get even worse now. Good to have a safe word with your family in-case they ever get an important call from you or the reverse

replies(1): >>iso163+nn

>>dryrun+(OP)
The scams are still the same as how he hacked.

He called someone, claimed to be an authority, knew the lingo, asked for help and time was the critical.

Someone calls your parents and claims to be an authority figure, that there is a crisis, and they must act now.

>>dryrun+(OP)
The modern version is "hang up".

replies(1): >>seabas+Ta

>>chris_+E8
The modern version should be 'put down' (does anyone still hang their phone on a wall nowadays?), and an even more modern one would be 'push red button' :)

replies(1): >>ralgoz+Ll

>>seabas+Ta
don't push, tap :-D

>>brails+N2
This is especially important now with easy and convincing voice generation

>>dryrun+(OP)
Any time a big hack makes the news it turns out that either some system had no security, they used social engineering, or a disgruntled former employee. Hackers aren't sitting there with a super computer in a Guy Fawkes mask trying to decrypt data. The scams are the same now as back then.

replies(2): >>defros+GT >>not_re+nb2

>>TheBig+yR
Two of the most recent most high profile hacks required a large degree of preplanning, scoping out, custom coding etc to achieve the breadth and depth of penetration gained upon execution.

How would you classify supply-chain attacks?

Primary security was bypassed by breaking secondary security .. so there was security to be overcome, there was no social engineering aside from understanding procedures in play, and no disgruntled employees.

https://www.techtarget.com/whatis/feature/SolarWinds-hack-ex...

https://forensiccontrol.com/guides/unravelling-the-moveit-ha...

replies(1): >>felixh+Wh1

>>defros+GT
let me blow your mind with "the lazarus heist" podcast: https://www.bbc.co.uk/programmes/w13xtvg9/episodes/downloads

replies(1): >>defros+Hk1

>>felixh+Wh1
Another good example, thank you.

Over time they got more interesting and less like the "basic unsophisticated | opportunistic | social engineer | inside agent" description given above.

https://en.wikipedia.org/wiki/Lazarus_Group

>>TheBig+yR
> Any time a big hack makes the news it turns out that either some system had no security, they used social engineering, or a disgruntled former employee.

Back in 2003 or so, my boss showed up at my desk at work, and looked like he was about to blow a gasket. There was a hack that was on the news, and it was getting featured in news stories all over the world.

He basically said he was going to fire me if it turned out it was my fault. (I built the servers that held the data that was compromised.)

Within a day, it turned out that it wasn't all the data, it was just one person, who had a lot of famous friends.

What had happened was that someone had accessed her account. The way that they did it was by guessing her password. Her password was the same as her dog's name, and she was a celebrity known to be seen at events with her dog.