Google's MarkMonitor account hacked by #UGNazi via Social Engineering

[Kate]

Google's MarkMonitor account hacked by #UGNazi via Social Engineering

The well-known Hacker group UGNazi claimed that they gained access to the Google's MarkMonitor account. According to their press release, hackers managed to reset the account via social engineering attack.


"The agent that helped us reset the account should get some what of credit, she helped us alot on reseting Google's MarkMonitor account " hacker said in the press release.

...

http://www.ehackingnews.com/2012/06/googles-markmonitor-account-hacked-by.html

 

[alien51]

she helped us alot on reseting Google's MarkMonitor account

They probably sent her a "Click here to redeem your 90% Discount coupon at Macy's" email.

 

[NPer]

"The agent that helped us reset the account should get some what of credit, she helped us alot on reseting Google's MarkMonitor account " hacker said in the press release.

That's too funny. :D

 

[Obosh]

They probably sent her a "Click here to redeem your 90% Discount coupon at Macy's" email.

hahahah....so funny...

 

[Blake]

Just goes to show that Social Engineering is still the most powerful medium when it comes to bypassing security protocols. For the most part humans are very trusting and this trust is what we define as the weak link. At any rate I hope someone is accountable for this as it's a huge issue.

Thanks for sharing Sdsinc

 

[alien51]

humans are very trusting and this trust is what we define as the weak link.

Actually, you humans are extremes. Either you are too trusting, or you are too skeptical.

But human skepticism, always has a weak spot.

 

[dcristo]

Actually, you humans are extremes. Either you are too trusting, or you are too skeptical.

But human skepticism, always has a weak spot.

Most are too stupid.

 

[Dave_Z]

Sticky spot for Google and MarkMonitor. They can't admit it, yet they can't necessarily deny it either.

Someone at MarkMonitor's gonna get it.

 

[alien51]

Weakness spots:

Male Domain Administrator: Sex
Female Domain Administrator: Shopping

 

[JPC-Sabrina]

The weakest link can be on the human side. It is being proved more and more often as these social engineering attacks are occurring more and more frequently. Beware of the savvy sweet talk.

 

[DNNabber.com]

Weakness spots:

Male Domain Administrator: Sex
Female Domain Administrator: Shopping

Well, now that you've identified it!

That's truly an antiquated way of thinking. There are at least 49 if not more shades that I can think of that prove your second assumption questionable at best.

Wait...

Oooohhhh, those shoes are so cute...




Love,
Marcia

 

[enlytend]

Weakness spots:

Male Domain Administrator: Sex
Female Domain Administrator: Shopping

Social engineering attacks are usually someone manipulating the target into giving them the information by elaborately pretending to be someone authorized to have it.

(The best admins from a security standpoint are the total a**holes who aren't inclined to be nice to anyone and who insist that everyone follows proper procedure, no matter who they are.)

 

[DNNabber.com]

UGNazi claims take down of Twitter website

UGNazi hacker group claims responsibility for Twitter outage

A hacker claiming affiliation with the Underground Nazi Hacktivist Group (UGNazi) has claimed responsibility for a two-hour Twitter outage this morning.

Souse: READ MORE



Love,
Marcia

 

[Peter]

Social engineering is nothing new. Look at Kevin Mitnick for example almost everything he did involved social engineering.

It is the easiest way for for someone to get the information they desire to do something.

I personally work in a call center and find it quite ironic when people kick uop a stink because we refuse to give them information if they cannot pass security yet they would be the first to file a complaint if their information got out due to a lax in security.

 

[enlytend]

I personally work in a call center and find it quite ironic when people kick uop a stink because we refuse to give them information if they cannot pass security yet they would be the first to file a complaint if their information got out due to a lax in security.

Just human nature.

Social engineering succeeds when someone can be intimidated or coerced into giving up the information. Just takes a skillful person who knows how to push all the right psychological buttons.

UGNazi has been busy lately ...!

 

[alien51]

There are at least 49 if not more shades that I can think of that prove your second assumption questionable at best.

I forgot another one:

Female Domain Administrator: Shopping,.... Romance.




---------- Post added at 06:30 PM ---------- Previous post was at 06:28 PM ----------

Look at Kevin Mitnick for example almost everything he did involved social engineering.

I can tell your age, man. My hacker whiskers are tingling.



---------- Post added at 06:51 PM ---------- Previous post was at 06:30 PM ----------

Social engineering attacks are usually someone manipulating the target into giving them the information by elaborately pretending to be someone authorized to have it.

However, that's a more direct, and difficult approach. Because it demands direct confrontation with the target. You will be hoping that the target is dumb enough or will commit a mistake in running through a defined identity checklist measures. (Like the T-1000 liquid metal cyborg pretending to be John Connor's mother in Terminator 2).

The other approach is to distract the target, so he will lose his guard. You don't need to steal someone else's identity. But instead, you come as you are and work on the target's innermost desires. Either you offer him a night of unforgettable sex... or a Macy's shopping coupon. Both very powerful social engineering weapons.

In the movie "Catch Me If You Can", Leonardo DiCaprio tried to do a Social Engineering tactic on a bank teller.... using a necklace, as his weapon.

(The best admins from a security standpoint are the total a**holes who aren't inclined to be nice to anyone and who insist that everyone follows proper procedure, no matter who they are.)

The Colombian prostitutes who penetrated (and i mean literally, and suggestively speaking) President Obama's Secret Service agents, didn't have to pretend to be authorized personnel.

Sex brings down even the total a**holes.

 

[enlytend]

Bad as it was, from what I read about it, the prostitutes weren't targeting the secret service guys for any reason other than their normal business.

Sex/love/social acceptance can be used on anyone. Dating site scams, for example. Shopping as a way to target women? Sorry, you're way off base on that one. :td: Offering deals and free stuff works for both genders.

In the movie "Catch Me If You Can", Leonardo DiCaprio tried to do a Social Engineering tactic on a bank teller.... using a necklace, as his weapon.

That was a good movie ... but it was a movie. And the story behind it took place at a time when everyone was a lot more naive and before use of social engineering became rampant.

Here's a pretty good and fairly recent paper, for anyone interested in further reading:

http://www.proceedings2010.imcsit.org/pliks/36.pdf

 

[alien51]

Bad as it was, from what I read about it, the prostitutes weren't targeting the secret service guys for any reason other than their normal business.

Of course, the prostitutes went about their normal business. They are normal prostitutes.

I think you are missing the point, that their weakness was exposed. If you expose your weakness, it is open for exploitation by "not-your-normal" prostitutes in the future.

It's amusing that even the oldest profession in history, "can" (quote, unquote) be used to target today's extremely intelligent and highly secured modern-day US Secret Service.

Shopping as a way to target women? Sorry, you're way off base on that one. :td: Offering deals and free stuff works for both genders.

You are way too serious, man. Where is your sense of humor. I was making a tongue-in-cheek example.

That was a good movie ... but it was a movie. And the story behind it took place at a time when everyone was a lot more naive and before use of social engineering became rampant.

When i quoted that movie, my intention was to show how social engineering works by attacking someone's weak spot. I was after the "concept". I didn't mean to imply that offering a necklace to a girl these days, would get you access to her Facebook password.

Whether people are more intelligent these days, it doesn't change the basics that if you want to attack a target using social engineering, it helps to know your target's weak spot.

Here's a pretty good and fairly recent paper, for anyone interested in further reading:

http://www.proceedings2010.imcsit.org/pliks/36.pdf

Here's a more serious (no tongue-in-cheek humor here), about how to penetrate supposedly secure corporate networks.... via Linkedin. It's from last year.

http://www.infosecurity-magazine.com/view/17422/linkedin-social-engineering-test-snares-68-of-users/

 

[NPer]

Of course, the prostitutes went about their normal business. They are normal prostitutes.

:lol:

 

[Peter]

I think you are missing the point, that their weakness was exposed. If you expose your weakness, it is open for exploitation by "not-your-normal" prostitutes in the future.

The danger is not just that they may divulge information to prostitutes but those agents would have been open to coersion. Those agents would not have wanted it known that they used prostitiues. Anyone in the know could have used this against them to convince them to give information for their silence.

This is most likely why the information was released. Release the information and it is no longer a secret. If it is no longer a secret then those agents cannot be coersed to give information for their silence.

On a side note in world war 2 the nazis set up brothels for their officers etc. Some of these prostitutes were used as spies. The officers would open up to the prostitutes while they were having their "fun"