Social Engineering construed as blackmail by Halifax Examiner
I fear that the need for salacious headlines from the Halifax Examiner has grossly misconstrued how social engineering works:
So, say one of the city’s IT guys has a down-low life as a S&M fetishist; he’s not hurting anyone beyond his self-selected group of fellow BDSM enthusiasts, but still, it’s not the kind of information he wants Richard Butts or the other managers at City Hall to find out about. The city, however, will now hire a hacker to try to break into the IT guy’s Facebook account, discover that he’s a member of the private “Halifax Bondage” group, and then try blackmail the guy…
This was in response to Halifax tendering a security assessment: Halifax Security Tender (PDF).
While social engineering could technically include such things, it’s fanciful to think that the person conducting the vulnerability assessment would go to such lengths(also, this would be illegal, there is no permission to blackmail given!). This is analogous to draining a lake to catch a fish; sure - it works, but nobody is going to do it, unless, that is, they’re writing a Hollywood movie. The goal of the security assessment is to get inside the network, not destroy someone’s life. There are better, more fruitful, attacks such as: spear phishing, “found” USB key attacks with specially crafted payloads, cloning legitimate websites, and many more. Security assessments aren’t charity work, nor are they witch hunts- they are billable time. The attacker isn’t going to invest precious billable time into this exotic situation constructed by the Examiner, rather, they’re going to leave a USB key on top of a urinal, or beside the coffee machine.
When it comes down to it, this is something that I can’t tolerate: irresponsible fear-mongering.
Furthermore, in my eyes, this completely destroyed the trust that I had in Tim Bosquet/The Halifax Examiner. I have a specialized skill set and knowledge, so when something that I know about is so grossly misrepresented, it makes me wonder about all the other things that have made good headlines. Trust is destroyed in a moment, and now it’s gone.
I was paying to receive this misinformation.