Ocean’s 8 Social Engineering
In this edition of the famous series “Ocean,” a team of women wants to steal the “Toussaint” a diamond worth $150 million at the night of the Met Gala. While the movie is hilarious and full of action, it also makes us think about how essential cybersecurity education is. One of the team was a genius hacker named NineBall. Once she appears, she shows how good she is by hacking into the building’s power line.
NineBall has a task to build a blind spot by the women’s restroom at the Met. To construct this blind spot, NineBall needed access to the security cameras. However, the security system and the camera surveillance system at the Met is one of the best in the world. How did she achieve her goal and help the team steal the diamonds? The answer is in one word “Social engineering .”
It would be hard for anyone to find a vulnerability at the system of a massive security company that operated it the Met. However, NineBall is very smart and exploits a mistake made by an employee at the company. A so-called fatal error. She gets a list of employees of the company and finds the CEO of the security company. Then she searches his name on Facebook, and his page was public; she finds everything she needs. He is very interested in the Wheaten Terrier and has one at home. Moreover, he often takes his “wheatie” to dog shows, and most of the time he wins the grand prize.
She thinks he might not be able to refuse an advertisement for “a Wheaten Terrier dog show,” even if he was not sure about the link. Therefore, she creates a phishing advertisement for a show and posts it on the CEO’s timeline. Then, he makes the fatal mistake and clicks on it. While he is at a page full of cute dog photos, taking his attention, NineBall gains access to all of the security cameras at the Met. She gets all the required data to make the blind spot by the women’s bathroom. That way, she helped her team steal $ 150 million.
Here you have to understand the danger of social engineering. Perhaps it is not logical enough in the film, because one wonders how a CEO, who works for a large security company, would have made this fatal mistake. Even so, let us admit that an employee who learns little about cybersecurity is considered a weak point.
A potential hacker would not also try to attack a stable security system as long as he could exploit an inexperienced employee to gain access to all the data he needs in the business. On that basis, as a responsible person in your organization, you need to make sure your team is aware of cybersecurity and social engineering tricks.
January 7, 2019
November 11, 2018
October 31, 2018