Hacking Old-School

Two hackers took down Comcast's webpage last Thurs for over five hours - no mean feat given the security plus the traffic volume they had to contend with. Detect a note of respect? Good - these guys hacked the old-fashioned way. They found a weakness, they called Comcast and told them the weakness, and they were told to shove it. So they did - right up Comcasts collective internet pipeline. I know the act should be illegal, but there is something wonderfully cavalier and bad-old-days-of-the-internet about this attack. It is not done to harm, but done to wipe the corporate smirk off Comcast's face.

Also, "social-engineering" is becoming a prevalent term. This is like phishing (emailing/contacting someone and posing as a company rep to get their contact or login information). A hacker makes a call into a company, acts like a functionary in some remote support division and gets someone to help him/her. Usually the help sought goes outside the bounds of policy - but people want to be nice and they certainly don't want to be blamed for holding up 'Company Business' so they help out. Of course, the hacker-turned-prank-caller is manipulating the person to create a security gap and...voila.

1 comment:

bachrach44 said...

The term "social engineering" has been around for decades now. Phishing is a subset of, and a newer phenomenon than SE.