One of my family members’ personal identification information was hacked and stolen last year. Since then, I’ve been particularly curious: In a world in which individuals and companies are spending millions of dollars to keep the bad guys out, how do successful hackers do it? How do they gain access?
In an odd moment of web browsing, I discovered an article published by Accenture in which an ethical hacker comments on techniques for hacking in to banks…. large banks…”major accounts,” we might call them in the sales world. Penetrating major accounts that are vigorously defending themselves.
While I don’t advocate the techniques portrayed in his answer to the first question (‘though it seems to me that I’ve heard stories about sales people who have done similar things), I found his answer to the second question VERY interesting:
“When it comes to security, what is a business’s weakest layer?
[People – social engineering” is the] easiest way to gain access to a physical infrastructure… Here’s an example: A large financial institution in the United Kingdom orders pizza for its developers every Friday. So I applied for a job at the pizza place and got myself a uniform. I was able to walk right past security—because Friday pizza was a normal thing.
With my own technology I could tell where switches were picking up the most data, which led me to the server room. There, I sprayed the lock pad with Luminal and waited an hour, after which I could see what punch codes had been pressed.
And I was [able to walk right into] the server room….”
“When you’re trying to
work out different vulnerabilities and different ways in, what do you use as
I use everything. I use LinkedIn®, I use Facebook®, I check out a person’s kids—online profiles are quite open, so I can build out where they’ve been, their holidays. I can target high profile CEOs and directors, who will be the ones with the most infrastructure access…
He goes on to say: “Hackers go to extreme lengths to access your data. They think nothing of spending months finding a way in if there’s lots of money involved….”
Almost everywhere we turn, from small accounts to major accounts, our clients and prospects are defending themselves against unwanted entry…. by sales people, particularly sales people they don’t know. They vigorously defend themselves with web-based procurement software, voice mail systems, spam filters, and, occasionally, expertly trained gate keepers.
And yet, I’ve noticed over time that successful “hackers” of these sales defense systems “…think nothing of spending months finding a way in if there’s a lot of money involved”, using the same source material as successful cyber-attackers. Who would have thought?
Nick Miller trains banks and bankers to attract and expand relationships with business clients. More profitable relationships, faster. He is President of Clarity Advantage based in Concord, MA. Additional articles on Clarity’s web site.
We Are Seriously Social.