Everything You Wanted to Know about
Social Engineering -- But Were Afraid to Ask...
countered by getting the cooperation of Internet backbone providers
to trace the attacks back to their source and cut the perpetrators
off from the Internet. (We aren't making public the identities
of the owners of the attacking computers because in many, perhaps
all cases, they were unknowingly hosting the criminals who ran
Vranesevich was outsmarting the criminals - whoever they were
-- at every turn. It was becoming obvious that computer crime
was not the way to run Vranesevich out of business.
Enter Brian Martin. "Martin, who admits to some malicious
hacking in his past but says he has been an above-board security
consultant for years, is a member of Attrition.org,
a hacker group that has spearheaded an effort to discredit Vranesevich."
- "Tracker of Hackers
Goes from Friend to Foe," Matt Richtel, New York Times,
October 8, 1999
Martin was soon to prove himself a master of social engineering.
At first he had tried simply posting elaborate allegations against
Vranesevich on his Attrition.org web site. When this didn't seem
to harm him, Martin came up with something novel. He put up links
to Antionline from his Attrition.org web site. But these were
no ordinary links. Following is an example of these links:
The above URL was all one line. So every time people clicked
on it, they got both a no such URL message, and the entire long
URL was added to Antionline's security logs as a hack attempt.
The URL also contained strings such as nph-test-cgi, which trigger
intrusion detection systems. These had the effect of running
the CPU usage to near 100% on the intrusion detection computer.
Several other hacker web sites, such as Ken Williams' former
site at http://packetstorm.genocide2600.com,
also set up these links.
More on social engineering -->
Back to the index of "Everything You
Wanted to Know About Social Engineering -- But Were Afraid to