A fight against social engineering crooks

Foreword: World Hacker eldest brother Kecin is able to invade those world famous big company, rely on not only the perfect technology also has is the human brain intelligence intrusion way social engineering. Now a liar would be astonishing if the door were to be used by others to conform to their own science.

I. Discovery

Party A (i):

One day wandering on the internet, suddenly QQ has news prompts. Click to see the verification language is "I ah!" ”。 is a more than 10 QQ number, and then look at the personal data found with my eldest brother's information is exactly the same. I thought it was his QQ was stolen, without more thinking on the passing of the verification. Sure enough he came up the first sentence is my QQ was stolen. Then I exchanged greetings a few words, then I found that not very good to my hacker eldest brother never take the initiative to tell me so much and return to the message speed is slow. What's going on today? Confused ing suddenly noticed that his IP and geographic location was not quite right and was a city in the south. Think of the same thing, Big Brother is a hacker to get a proxy server is very light no big deal. Asked whether he used the agent, he returned a "Yes Ah!" Oh, yes! I surf the Internet at an agent's place? ”。 I began to doubt the truth of this big brother. It wasn't long before he said

"Brother Help Ah!" I was stolen from my wallet and I had no money to go home. Can you lend me some? I'll return it to you. ”。

No way, brother was still in Qingdao yesterday, I still chat with him how to run to the * * now. I can now assert that this man must be a liar and a half-baked one. Okay, I'm going to play with him.

"Eldest brother wants me how to help you, say!" ”

"Can you lend me some money?" Remittance to this account ********* "

Incredibly dare to tell me Bank account number, a look is young. If I call the police, he also took the initiative to send the evidence to my hands.

"OK, but how do I remit money?" How much do you want? ”

"You go to the bank to say you want to send money to teach you, 200 yuan is enough." ”

Oh 200 bucks? ”

"With you!" "I'm so calm."

"Oh, whatever, that would be 200 rubles."

"Ah! You............ All right! "Out of the Mr!"

"But how can you thank me when you come back?" ”

"You say it!" ”

"Then go to light-infused to eat a meal" at that time Qingdao Beer Festival just ended, light-infused early closed, this is to let him expose flaw.

"All right, please, you're going to have to remit the money."

"Good, you wait for me must give you ' remit '." ”

So n days passed by!

Party B (SB "hacker"):

Note: The following is my analysis of his heart

One day into Qingdao a red guest site, found on its several members of the QQ. Find webmaster QQ, according to his QQ information to understand his general situation, the observation found that the webmaster only midnight before the Internet. Find another member of the QQ data (that is me) find this member is on the line. Well...... Judging from my genius brain, since they're a league, that's a good relationship, and since it's a good relationship then I pretend that his boss cheated him out of a certain problem. My social engineering application is really good hey! So I will QQ personal data and that webmaster except QQ number no different.

And then there's this conversation.

Lessons learned:

Party A: 1. Do not use QQ plus others because they can wolf.

2. Even if the acquaintance with another QQ plus you have to have 120,000 points of caution. It's best to test him with the latest chat content.

3. A lot of smart hackers are looking at the person he's going to be posing as a chat material. So it's best to make up a thing that no one has to test him to see his reflection. For example: You let me help you steal the QQ when to you! (In fact, there is no such thing) if his answer is to let you give him some time to be sure he is a liar.

4. Try not to publish your full QQ number online. e-mail addresses are not commonly used to prevent certain unwanted injuries.

Party B: 1. It's very stupid not to tell someone your credit card account directly.

2. There should be a further understanding of the person to be disguised, for example, by pretending to be with the opposite sex.

3. When impersonating a person to be deceived by the words of every sentence analysis clear, necessary fashion silly.

Counter:

N days later

"Liar, are you here?" "To uncover his

"What are you talking about!" "Still playing dumb!" Good psychological quality Ah!

"This * * * * * * * * * * * * * * * * * * friends, don't pretend

"You found out how, you are not a hacker?" You fry me! "When you look like a chick, you know I'm fried."

"You said it."

"Well, you have a seed to fry!" I'm not afraid to tell you I was a hacker.

Send me a URL, is the Banyan tree under an article about the content is the author under the Banyan Tree account to steal, the hacker who stole his account appears to be the liar, but also let him how much money remitted to his account. I've been enraged!

Isn't he going to lie to anyone? I'm worse than him!

"You are a good teacher. ”

"For tuition!" ”

"Yes," he said. Teacher

I have to QQ played a patch according to QQ on the display of his IP and port analysis he is in the LAN, is probably in the Internet café. Based on IP to determine the location is not very accurate. But this port has not been asked to mention. QQ default port is 4000 his port number more than 5 bits must be LAN, or he is using the port redirection tool or software will end population, but he this young is unlikely. In the Internet café This is not very good to do, with DDoS will be the entire Internet café puppet him a call to the police I am not finished, with bomb tools LAN has _blank "> Firewall bombing he is equivalent to bombing the Internet Café server." Yes, I made a prank. Page has been kept to him today. Play.

"Teacher, this is the webpage I made, please take a look."

Hey! This way I chuckle. Send the countdown 10 seconds.

10~9~8~7~6~ ....... He's off-line! Ha! I added a lot of malicious code to that Web page, opened countless windows to kill his machine, and then the hard drive would be formatted when he was able to restart the machine ...

Written at the end:

Social engineering is a liar, so to speak more one-sided but the truth is this.

I believe that most of us play network games, but what is the application of social engineering in this respect? I need a classmate to stand in the game of the player gathered, ran a person to trade with him and said he had taken him before and this person is no money on the new body, want my classmate to give him the money. My classmate is silly enough, really put the money on the body left to that person. Did the man ask for a prop again? Results The students gave him some props, and the result was hilarious. That eldest brother actually said a sentence "Haha!" You've been cheated again! "So simple a few words have been cheated, my classmate is really worthy of sympathy." That liar may have made a mistake, but it's also taking advantage of other people's psychology. I know a master name Yue Byohacker He had an invasion, by chatting with the network administrator, learned the name of the network administrator girlfriend, wrote a dictionary, successfully cracked the password and then invaded.

Some people define social engineering as a science or art that allows others to follow your will. I feel like having him doesn't mean anything. But he can make the things you want to get away from you. Remember that there is no forever effective way, the old techniques are not useless, social engineering can let you learn to use the brain to think more things--please remember this is Byoox said!