Monday, 30 March 2015

Social engineer your way out of prison

Vector illustration of a man in jail - stock vectorA man escaped from Wandsworth prison by using a smuggled mobile to email prison staff masquerading as a senior court clerk and issuing release instructions.
He set up a domain similar to the court service’s official one and sent an email from that domain. 

He was discovered missing three days later when his solicitor turned up to interview him and he wasn’t there.  He later handed himself in to police.

The prisoner had been convicted of various acts of fraud on the social engineering spectrum and was described as “ingenious” by both the prosecutor and the judge.
 
It isn't really all that ingenious, though.  It’s more that we’re all terribly vulnerable to this sort of attack.  We just don’t expect information coming through official-looking channels to be bogus.  We’re strange, hierarchical creatures, aren't we?

No comments:

Post a Comment