a tale of social engineering

Posted on: Thu, 12/14/2006 - 16:05 By: Tom Swiss

Very interesting tale of social engineering at DarkReading.com:

I entered the bank lobby and was immediately greeted by a woman in a small glass-paneled workspace. I mentioned we called earlier, dropped the contact's name, and indicated I was here to service the copier/printer. Without hesitation I was escorted to the machine and left unattended. To make it appear as if I were working on the device, I opened every panel on the machine, pulled all the trays out, and placed my laptop on the glass surface of the copier/printer.

I was approached by a few people who needed to make copies, I apologized for the inconvenience and said the machine might be down for 30-40 minutes. I then disconnected the network cable from the copier/printer and attached my laptop. As soon as my laptop booted up, DHCP provided a network address and I was on the internal network. I started a few of our utilities and started sniffing the traffic on the network.