“Prepare to Cringe: 50 Epic School Presentation Fails That Will Make You Rethink Classroom Chaos!”
I studied went to school for Computer Security. In an introduction to computer security course, we had to do a project on Social Engineering. A student decided that for his project he was going to find a way to gain access to a chosen website.
* He found a small local business website.
* Identified that the domain was registered to an email address from a local ISP
* Called the ISP to reset the password, they asked him for his last 4 of his SSN, so he hung up.
* He found the phone number of the business, so called them and pretended to be from the ISP offering 3 months free if the person did a 5 question survey. They accepted, and answered some BS questions, then he asked for the last 4 of the guy’s SSN, which they gave no problem
* He then called the ISP with the last 4, got them to reset the password of the email account
* He then logged into the email, and used it to get the domain registrar to send a password reset to the email, which he used to reset the password of the domain account (and deleted the email).
* He recorded all phone calls and screenshotted the whole process
As he presented all these we kept expecting him to say “but that would be illegal, so I didn’t do X”, but he went all the way.
The professor finally stopped him after he said he logged into the domain registrar and told him to destroy everything and never speak of it again.
I think the professor was a bit nicer than he could have been… potentially to the point of accomplice (telling him to destroy evidence).
Post Comment