Between June 2015 to February 2016, a 15-year-old was able to break into the private email accounts of the Director of the CIA and the US Director of National Intelligence. He was able to do this via phone by posing as a Verizon employee in order to trick the company into sharing personal information about his victims, resetting passwords, and changing security questions.
This technique provided access to the CIA Director’s emails, contacts, iCloud storage, and his wife’s iPad, as well as plans for intelligence operations in Afghanistan and Iran. He also targeted other victims in the Department of Homeland Security, FBI, White House, and the US Department of Justice.
While this may be an extreme example of a successful social engineering attack, it highlights the fact that anyone and everyone is at risk of falling prey to strategic deception methods.
In this episode of the InSecurity Podcast, host Matt Stephenson is joined by special guest Jenny Radcliffe, Head of Training and Consultancy at JennyRadcliffe.com, who explains how adversaries using psychological methods can be a huge threat to organizations, and how understanding the methodologies employed are a valuable tool for security professionals for defending against social engineering attacks, scams, and cons of all kinds.
About Jenny Radcliffe
Jenny Radcliffe (@Jenny_Radcliffe) – AKA “The People Hacker” – is an expert in social engineering (the human element of security), negotiations, non-verbal communication, and deception. She uses her skills to help clients from corporations and law enforcement to poker players, politicians, and the security industry to protect themselves from malicious social engineering attacks. She is also the host of The Human Factor Podcast.
Using a blend of anecdotes, science and humor, Radcliffe is an exceptional and highly impactful speaker. A regular keynote at major security events (Infosec, Rant, DISA, Nordic IT Security, ICS2, Cisco, NTT, Bright talk, Cyber Security Week) and TEDx contributor. Radcliffe has been a guest expert on security, scams, and social engineering for various television and radio shows, and is a regular media contributor on all aspects of the human element of security.
About Matt Stephenson
Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world.
Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come before.