Spain
Portugal
💬 true story... Social Engineering.
• Technical security measures practically do not reduce the risks from attacks by Social Engineering methods. "There is no device that prohibits people from being idiots." Two years before the Snowden incident, the US Department of Homeland Security (DHS) checked people who are responsible for preventing threats nationwide, and they behaved like small children.
• The Internal Security Service scattered several CDs in the parking lot near the government building. Some of them were unmarked, and others had the DHS logo on them. Sitting down at the monitors of the surveillance cameras, the officers began to observe the behavior of people.
• 60% of the disks without labels were picked up and inserted into the drives of the working PCs of employees of various departments. In the group of disks with the logo of the ministry, this was done with respect to 90% of the blanks. Almost everyone thought that they had found a valuable loss, and wanted to feel like a hero of a spy story.
• A similar story happened in the spring of 2018 with the Israeli Ministry of Defense. The IDF-linked computer networks were infected in a way first tested during the spread of the primitive worm ILOVEYOU in 2000.
• To bypass antiviruses, the authors used the method of obfuscation, but the main focus was on the manual method of distribution. Emails with the subject "Girls from the Israel Defense Forces" and variations similar in meaning were sent to all publicly available addresses of the Israeli Defense Ministry and its contractors. Curious employees launched an attachment through one, even despite warnings from embedded security systems about a suspicious attachment.
