A lot of people have bought into the Hollywood mythology of a hacker as someone who sits at a keyboard typing randomly until he magically manages to break into a secure computer system solely by the power of his superior understanding of computers and programming, but the truth is you don’t have to be a Super Genius™ to successfully invade a computer network. You just have to know how to ask nicely:
Inspector general finds lax computer security by IRS employees – SignOnSanDiego.com
WASHINGTON – IRS employees ignored security rules and turned over sensitive computer information to a caller posing as a technical support person, according to a government study.
Sixty-one of the 102 people who got the test calls, including managers and a contractor, complied with a request that the employee provide his or her user name and temporarily change his or her password to one the caller suggested, according to the Treasury Inspector General for Tax Administration, an office that does oversight of Internal Revenue Service.
All it takes to be a successful hacker is a little knowledge of social engineering.
Knowing how to ask nicely is the key to a lot of things, legitimate as well as non-.
Just ask Kevin Mitnick about Social Engineering. It’s definitely the most important security flaw to fix, and likely the cheapest too. But companies are more worried about technology for some reason. Even though just about every hacker uses Social Engineering.
Reminds me of all the fears of people stealing credit card numbers in the early days of ecommerce, when it was far more likely some kid at a Best Buy would lift your number.