[fein]

Social engineering is, and will always be, the fastest way to compromise a system.

Computers are pretty good at security; humans, especially underpaid and overworked helpdesk jockeys, are not.

[apozem]

I read the autobiography of hacker Kevin Mitnick and the thing that struck me the most was how his "hacking" consisted of manipulating people. I can recall one case in the book where he compromised a system on a purely technical level. Almost every other hack was based on convincing people to tell him things they should not.

Why break into a system when you can ask someone to unlock it for you?

[sliverstorm]

It definitely was a little disillusioning when I learned that many famous hackers were not technical wizards (like bunnie) but in fact basically con artists.

[flashman]

Take a broader view of hacking. A system is not just its code, it's the people that run it, too. If you want to break into a system, they are frequently the best point of entry.

[mikeyouse]

To paraphrase from the first season of Mr. Robot as they're looking over surveillance pictures of a secure data center compound with high walls, biometrics, security cameras, and 4 armed security guards;

"How do you break into a place with no weak points?"

"I see four weak points right there."

[ukyrgf]

"I see about six walking around."

[duiker101]

I find it interesting how Verizon didn't notice that they used a fake employee id. I wonder if they just made up one that looked like it could pass or if they had to generate one that passed a verification, and if so, how.

[eterm]

Even if they used a real Employee ID, would it be better?

The barrier to entry to become a Verizon employee is lower than the barrier to obtaining this info should be.

[tomschlick]

Fun fact: The telco's have the notion of a "VIP" customer where their information is restricted to a very small group of customer service reps who are trained to protect their privacy.

Their clients usually include celebs, pro athletes, etc... I'm surprised that the CIA chief isn't on that tier.

[gnud]

Isn't this basically the telcos admitting they don't protect the privacy of "normal" customers?

[edraferi]

No, it's understanding that different customers have different risk profiles and using that information to deploy your security resources efficiently. Verified accounts on Twitter use the same concept... not everybody needs that.

It would be nice to be able to purchase this kind of thing directly though.

[scintill76]

How do you become a VIP? Can you just ask? Do all the Michael Jordans just get to share automatic VIP status with the MJ?

[Splines]

A real employee ID could at least be verified.

> The barrier to entry to become a Verizon employee is lower than the barrier to obtaining this info should be.

The problem with this approach is that it leaves a pretty clear trail. At best you need to hand the customer info off to someone else with no obvious ties and claim you were social-engineered in giving up your employee id. Also you can really only do this once.

[Jemmeh]

Humans are the softy vulnerable underside of the computer-dragon.