
Hackers penetrate bank IT network using social media info - tortilla
http://www.usfst.com/news/hackers-penetrate-mid-level-bank-IT-network/
======
dpritchett
Very creative attacks by the penetration testers:

\- Map out the organization's staff by Googling Facebook and LinkedIn pages
with relevant keywords

\- Do the same thing for the IT infrastructure by Googling IT job openings at
the target company to find the relevant security technologies

\- Submit a fake infosec job application to the target; use the phone screen
to pump them for additional security info

\- Exploit a PDF vulnerability that allows you to install a trojan on a bank
employee's machine.

The information gathering phase of the attack was fairly interesting. The
actual break-in seems to have been as simple as "find a current Acrobat
exploit".

Great read considering _FST_ doesn't appear to be a security-focused
publication.

~~~
dpritchett
For what it's worth the first two tactics could be useful for improving one's
chances in a legitimate job interview.

Just remember not to say "I watched all of your YouTube videos, read your
team's LinkedIn bios, and read every press release for the last 18 months" out
loud.

------
tortilla
Related blog post: <http://snosoft.blogspot.com/2010/04/hacking-your-
bank.html>

~~~
dpritchett
This part really stands out:

 _When we created the PDF, we used the new reverse https payload that was
recently released by the Metasploit Project. (Previously we were using similar
but more complex techniques for encapsulating our reverse connections in
HTTPS). We like reverse HTTPS connections for two reasons:

First, Intrusion Detection Technologies cannot monitor encrypted network
traffic. Using an encrypted reverse connection ensures that we are protected
from the prying eyes of Intrusion Detection Systems and less likely to trip
alarms.

Second, most companies allow outbound HTTPS (port 443) because its required to
view many websites. The reverse HTTPS payload that we used mimics normal web
browsing behavior and so is much less likely to set off any Intrusion
Detection events._

