server espionage

[hconnor2]

okay, this is a bit far-fetched, but here goes.

i'm looking for a way, in theory, to hack into a secure system to steal industrial secrets.

no, no this is not in the real world, its for a story.

i thought, maybe a scientific formula is in a secure area of a server and a high level employee gets into the CTO's office and uses his computer to obtain access. the employee somehow discovered the CTO's password.

What's the most credible way the hacker would do this to look professional?

Also, how do i eventually trace the security breach and track the hacker down.

all help gratefully appreciated.

 

[HKSturboKID]

First look at the sticky by the monitor. Most of the time, the password is there.

 

[Garion]

Show him infiltrating the company's wiring closet, tapping into a cable and running a sniffer to capture a password then break in.

- G

 

[TechnoPro]

Originally posted by: HKSturboKID
First look at the sticky by the monitor. Most of the time, the password is there.

So very true!

 

[CTR]

The hacker shows up posing as a liquor salesman with a suitcase full of booze. Once the CTO is passed-out drunk, the hacker (also drunk) takes the CTO's SecurID fob and gets into the system. Maybe he'll use his access to take control of a weather satellite.

 

[ScottMac]

More likely would be that the information would be "socially engineered" and access gained through information gathered.

No security or firewall can overcome ignorant / stupid humans that pass out information to someone that "sounds official."

For background, read Kevin Mitnick's book The Art of Deception. Lots of good stories there, all / most are quite credible.

Good Luck

Scott

 

[JackMDS]

I received to day the MyDoom of the day email.

The 22k zip attachment was attached.

This time the text in the email was clever.

It just said

Here is your info.

This File was Checked for Virus and it can be Opened.

During the day I showed the email to 4 Clients, and ask them what to do?

1 client said, I do not know.

3 clients. Said, you can open it says that it safe.

:Q

 

[hconnor2]

the post it note password is true, but too easy. the guy needs to work for it a little. the sniffer sounds cool. think i'll give it a try. thanks much!

 

[n0cmonkey]

MITM.

Of course, social engineering is the easiest way, and fun!