Include glancing over authorized users’ shoulders to see their password entries; recording authorized users’ login keystrokes on video cameras; searching for password notes under authorized users’ desktop pads; calling system operators and saying that one is an employee who forgot his or her password and asking for the legitimate password; going through trash cans and collecting loose pieces of paper with passwords on them; searching for authorized users’ passwords by reading email messages stored on company computers; and guessing different combinations of personally meaningful initials or birth dates of authorized users—their likely passwords.
Though there were all sorts of high-tech conjectures about how Paris Hilton’s cell phone was exploited in February 2005, a piece appearing in The Washington Post online on May 18, 2005, indicated that the exploit may have relied on very basic social engineering techniques—combined with vulnerabilities in the Website of Hilton’s cell phone provider, T-Mobile International. A young cracker involved in the cell phone information heist told the reporter that he was part of an online group that succeeded in its crack attack only after one member tricked—using his social engineering techniques—a T-Mobile employee into releasing information not supposed to be in the public domain. Though protecting the minor’s identity, the reporter said that the young cracker provided him with evidence supporting the claim, including screen shots of what he maintained were internal T-Mobile computer network pages.
Krebs, B. Paris Hilton Hack Started With Old-Fashioned Con. [Online, May 18, 2005.] The Washington Post Company Website. http://www.washingtonpost.com/wp-dyn/ content/article/2005/05/19/AR2005051900711.html; Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It, Why, and How. Westport, CT: Quorum Books, 2002; Schell, B.H. and Martin, C. Contemporary World Issues Series: Cybercrime: A Reference Handbook. Santa Barbara, CA: ABC-CLIO, 2004.