Social engineering

September 11, 2015

Neil Newman

I'm working alone in the lab late one night to meet an upcoming deadline, drinking some coffee in anticipation of a long night ahead. Suddenly, I hear some knocking, and open the door to greet a woman in a UBC hoodie who introduces herself as Jane. Jane tells me that she's a new student and that she'll be working in my lab. She complains that administration has been a bit slow on getting her UBC card the right permissions to open the door herself. I remark that it's a bit strange that I never saw her at the CSGSA orientation events, and she tells me that she has only just arrived in Vancouver due to some border complications. We make smalltalk for a while: Jane asks about my research, and for advice on what courses to take. Jane is pretty and funny, and I enjoy enlightening her with my knowledge as a senior masters student. Eventually, I remember my deadline and excuse myself to get back to work. Not long after, the coffee takes effect, and I head to the washroom. When I return, I'm suddenly unable to ssh into any of UBC's remote servers. I start to curse and bang the keyboard, and Jane asks me what's wrong. I tell her. "Why don't you see if you can access the servers from my laptop?", she suggests. I try to ssh from her computer, and everything works just fine. I thank her for her help, write an angry email to helpdesk, and, since there's nothing I can do until the issue is resolved, I head home for the night. Jane recovers my password from the keylogger she had been running on her machine and is amused but unsurprised to see it work on my gmail and financial accounts. The next morning, I receive a reply from helpdesk that I had mistakenly typed in my password incorrectly 15 times in a row, triggering the ban. I never see Jane again. Do you want to learn what you can do to avoid falling for Jane's tricks? Does the prospect of being Jane excite you? Today's UDLS will cover social engineering: the art of hacking human beings.