Xbox Live was not hacked. It had been conned.
This is an update to Major Nelson‘s head hitting the roof after hearing reports of fraud over Xbox Live and fearing that the network had been hacked. Xbox Live staff had gotten back to him and reconfirmed it: Xbox Live was not hacked, period (oh, thank goodness). The bad news was that Xbox Live was the victim of a commonplace e-commerce and computer security crime: social engineering.
Or, put more simply, they’ve just been had. (Oh, holy…)
Let’s make this quick: social engineering “is a collection of techniques used to manipulate people into performing actions or divulging confidential information.” In this case, it’s con artistry over a fiber-optic cable.
It seems that Xbox Live’s support staff had been conned into revealing account information they would not have done so otherwise. The Major mentions some “painful-to-listen-to audio files”: probably the full voice evidence of their own people getting hit by a truck and not even knowing it. It happens to the best of us, really (try visiting a convention for hackers or computer security, and ask about it).
As renowned (and reformed) former black hat hacker Kevin Mitnick so casually remarks (but not with these words), it’s a hell of a lot easier to dupe, lube, or seduce the password out of your victim than to hack into his or her PC.
Currently, Xbox Live engineers are training the customer support staff and partners to reduce their vulnerability to social engineering-type attacks. And it would be wise to repeat the earlier warning he gave: don’t just give your personal information out to anyone, although in this case it’s the support staff who have learned this lesson the hard way.
We’re not one to believe that there’s a sucker born every minute. Sometimes, it’s more like the devil inside is way more powerful than the better angels of our nature, whether up close and personal, or reaching out to touch someone.
This is an update to Major Nelson‘s head hitting the roof after hearing reports of fraud over Xbox Live and fearing that the network had been hacked. Xbox Live staff had gotten back to him and reconfirmed it: Xbox Live was not hacked, period (oh, thank goodness). The bad news was that Xbox Live was the victim of a commonplace e-commerce and computer security crime: social engineering.
Or, put more simply, they’ve just been had. (Oh, holy…)
Let’s make this quick: social engineering “is a collection of techniques used to manipulate people into performing actions or divulging confidential information.” In this case, it’s con artistry over a fiber-optic cable.
It seems that Xbox Live’s support staff had been conned into revealing account information they would not have done so otherwise. The Major mentions some “painful-to-listen-to audio files”: probably the full voice evidence of their own people getting hit by a truck and not even knowing it. It happens to the best of us, really (try visiting a convention for hackers or computer security, and ask about it).
As renowned (and reformed) former black hat hacker Kevin Mitnick so casually remarks (but not with these words), it’s a hell of a lot easier to dupe, lube, or seduce the password out of your victim than to hack into his or her PC.
Currently, Xbox Live engineers are training the customer support staff and partners to reduce their vulnerability to social engineering-type attacks. And it would be wise to repeat the earlier warning he gave: don’t just give your personal information out to anyone, although in this case it’s the support staff who have learned this lesson the hard way.
We’re not one to believe that there’s a sucker born every minute. Sometimes, it’s more like the devil inside is way more powerful than the better angels of our nature, whether up close and personal, or reaching out to touch someone.