Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

10 Fun Short IT Horror Stories


  • Please log in to reply
6 replies to this topic

#1 Darktune

Darktune

    Very Purple


  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:04:16 AM

Posted 09 December 2013 - 10:12 AM

Just read this in spiceworks, thought it was a worth a post. 

Credit to Stu Sjouwerman at Knowbe4 link here - http://community.spiceworks.com/topic/418253-10-fun-short-it-horror-stories?page=1#entry-2789746

 

---1) The Registry Hack---

A mid-size Credit Union's controller shares on Facebook that she is expecting a baby. She has a detailed profile on LinkedIn, and also creates a baby registry at Amazon. She receives an email from Amazon's marketing department that they want to interview her about the registry and that she can choose one of her registry items for free. She clicks on the link. Her workstation gets infected with a Trojan and the bad guys transfer $495,000 to the Ukraine over a long weekend.

---2) Legal File Corruption---

In-house counsel of a large defense contractor, working long days on a corruption lawsuit against a former VP Sales works closely with their outside attorneys when the case comes to trial. She receives an email from her counterpart who complains the email server of his office is down and if she can email him the case file immediately as he's on his way to court. The file is used by the competition to steal away a large deal.

---3) PCI Compliance Failure---

A system administrator gets an email from their credit card merchant account processor that his company has failed their PCI compliance and that their card processing will be shut down in 24 hours unless he immediately reports on the recent vulnerability scan what was done. A link is provided to confirm which patches have been applied. The system admin clicks and his workstation gets infected with a zero-day exploit that gives the bad guys the keys to the kingdom: admin credentials!

---4) Underperformance Review ---

Dozens of employees in a healthcare company get an email from their CEO who is asking to participate in an anonymous "How Are We Doing?" survey. The CEO explicitly asks for feedback on herself, and also if the employee please rate the performance of their direct supervisor. 65% of the employees click on the link and all of their workstations get infected causing the IT team four days of twenty-hour frantic wipe & rebuild time.

---5) iPhone Pwned ---

A CEO of a non-profit shares on LinkedIn he really likes the new iPhone with fingerprint recognition. A few weeks later he gets a text message from Apple that there is an important update of the fingerprint software, and that he should do that as soon as possible. It will require a reboot of his phone though. He complies right away, but what gets installed is mobile malware that steals the credentials of his office VPN. Bad guys add phantom employees to their payroll and they lose $15,000 to money mules in Direct Deposit the next Friday.

---6) Celebrity Trap---

The VP Sales of a large online ticket reservation site gets an email from the lead singer of his favorite band, inviting him to meet & greet backstage after the coming gig they have in his town. He's all excited and clicks on the link. That one click is enough to let the bad guys in, and exfiltrate their database with 275,000 full customer credit card transactions. Cha-Ching!

---7) Credit Card Security Con---

The wife of a mid-size bank's President gets a phone call from their credit card company. The rep explains they are offering a new security service, to make sure their account is resistant against cyber attacks. This service will send a text to her phone if there is a fraudulent charge, so she can tap "no" on the phone if she wants to dispute the charge. The rep asks her to type a domain name in her browser so she can get her cell phone subscribed to the new service. The domain is malicious and drops a Trojan on her PC which allows the bad guys to take over the home network, and infect the laptop of her husband who plugs it in the bank's network during the week. The bank itself gets penetrated that way, and $2 Million gets transferred to Russia out of the bank's customer accounts.

---8) Broken Cloud---

A few years ago, Chinese government-sponsored hackers opened a front office in the US and carefully developed it into a well-funded, up & coming cloud consultancy firm. They keep working at it, impressing cloud providers with whitepapers showing their in-depth knowledge of cloud security. They even hire unwitting US employees that have security clearance.
Finally they get invited by Amazon for a possible contracting job. They get access to the premises, are invited for a tour of the data center and manage to plug a small device in the ethernet jack of a conference room phone for a few seconds. That allows them to subtly sabotage that data center and write another whitepaper describing the specific problem. Next, they sit back and wait until they are called. Finally the call comes, they move in to "assist" and obtain full ownership of the cloud.

---9) PDF Deception---

The CIO of a large insurance company gets a call from an attractive sounding recruiter, stating that he's been selected for an interview to discuss a CEO position at an online competitor. He has not heard of the recruiting firm but checks out the rep on LinkedIn. It all seems legit and she's a looker. As part of the procedure, the CIO gets a PDF with a description of the company that is interested in him. The PDF does not open up for some reason and he closes the reader. He retries but the PDF fails again. You guessed it. There was a Trojan inside and his workstation is pnwed, allowing very valuable confidential information to be exfiltrated.

---10 Top Dog Social Engineer---

A man crafts a new web portal and establishes trust with new users, helping them to get ahead socially by sharing personal and work details, habits, and preferences. He collects all of this data, allows targeted advertising, and even goes public. It's unbelievable that he gets away with this when identity theft has become rampant and not giving out personal information is top priority. In case you did not guess, the Top Dog social engineer is Mark Zuckerberg, founder and CEO of Facebook. A billion people fell for his ruse. Remember, if you don't -pay- for the product you -are- the product.


It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,163 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:10:16 AM

Posted 09 December 2013 - 10:27 AM

OH, great stories! Thanks for sharing Darktune! :D

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Darktune

Darktune

    Very Purple

  • Topic Starter

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:04:16 AM

Posted 09 December 2013 - 10:48 AM

You're welcome :)


It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


#4 battyhippie

battyhippie

  • Members
  • 430 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 09 December 2013 - 12:17 PM

Thanks, Darktune, for the chuckle of the day. Compared to them, I'm Einstein...



#5 Darktune

Darktune

    Very Purple

  • Topic Starter

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:04:16 AM

Posted 09 December 2013 - 01:29 PM

Well in fairness all I did was repost :) But thanks.


It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


#6 Kilroy

Kilroy

  • BC Advisor
  • 3,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:09:16 PM

Posted 12 December 2013 - 04:01 PM

These are all social engineering scams proving the weakest link in security is the human factor.  I do doubt the validity of a few of them and would like a real link for reference.  I'm thinking it is all a setup for number 10.

 

Number 7 for example, the president of a bank does not have system access, he doesn't need it.  I worked in a bank for over 15 years in various positions.  When I worked in the Consumer Loan department I had access to customer accounts, when I moved to IT that access was removed.



#7 Darktune

Darktune

    Very Purple

  • Topic Starter

  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:04:16 AM

Posted 12 December 2013 - 06:47 PM

RKilroy, they're just a bit of fun. 

 

Nothing serious nor are they based on real life events.


It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users