Hacking is hard. Well, sometimes.

Other times, you just call up a company's IT service desk and pretend to be an employee who needs a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset... and it's done. Without even verifying your identity.

So you use that information to log in to the target network and discover a more trusted user who works in IT security. You call the IT service desk back, acting like you are now this second person, and you request the same thing: a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset. Again, the desk provides it, no identity verification needed.

Read full article

Comments

Twenty-eight-year-old Nathan Laatsch was, until yesterday, a cybersecurity employee at the Defense Intelligence Agency (DIA). He had a Top Secret clearance and worked in the Insider Threat Division. Laatsch spent his days—you'll understand the past tense in a moment—"enabling user monitoring on individuals with access to DIA systems," including employees under surreptitious internal investigation.

Given that Laatsch was one of those who "watched the watchers," he appears to have had supreme confidence in his own ability to avoid detection should he decide to go rogue. "Stupid mistakes" made by other idiots would "not be difficult for me to avoid," he once wrote. DIA couldn't even launch an investigation of Laatsch without him knowing that something was up.

The Greeks had a word for this: hubris.

Read full article

Comments

A teacher in high school once quoted an old proverb to me: "Do something you love, and you'll never work a day in your life!"

Perhaps 18-year-old Alan Filion encountered a similar teacher during his school years in California, because once Filion learned that he truly loved making fake "swatting" calls to law enforcement—well, he turned the crime into a job, using handles like "Nazgul Swattings" and "Third Reich of Kiwiswats." Originally it was all about the "power trip," but it soon became about "money and the power trip."

"Prices: $40-Gas leak/Fire for EMS/Fire/Gas Leak [$35 for returning customers]," Filion wrote in a 2023 advertisement that ran on various social media channels. "$50 for a major police response to the house [$40 for returning customers]; $75 for a bomb threat/mass shooting threat (they will shut down the school or public location for a day) [$60 for returning customers]. All swats will be done ASAP or present time."

Read full article

Comments