Hack a Day » social engineering

Reddit hacking for votes and profit

Mike Szczys — Fri, 08 Oct 2010 20:34:23 +0000

Looks like someone figured out how to game the Reddit system. This probably has been done before, but as far as we know nobody’s actually shared the methods in detail. [Esrun] wrote some scripts that allow him to register multiple accounts and use them to up-vote stories.

The hack goes something like this. A script registers a group of accounts. Each uses a different IP and the only part that requires intervention is typing in the Captcha. This doesn’t take long. You can see the script interface above as well as a demonstration video after the break.

Once the accounts have been acquired a story is submitted and the new accounts vote on it. They’re not all up-votes though, as having both up and down votes puts the article into the controversial section of Reddit (which is desirable), and doesn’t rouse as much suspicion from the moderators. He ran a few tests that he shares and it seems that as long as the article is interesting, this can be quite successful.

Great, more spam with our social media please.

[Thanks Joseph via Reddit]

Filed under: misc hacks

Simple, low-tech attack on Credit Unions

Brett Haddock — Thu, 27 Aug 2009 21:30:10 +0000

The National Credit Union Administration is warning all Credit Unions about malicious hackers and a low tech attack by mailing branches CDs with malware on them.

Using a somewhat dated but still effective Social Engineering attack, a package designed to look as though it was mailed by the NCUA is sent to the branch. The package contains CDs with the attacker’s malware on it, and an accompanying letter (PDF) which informs the branches, ironically, about phishing scams. The letter directs the personnel to review the “training material” on the enclosed CD. Once branch employees proceed as directed, the malware is executed and gives the attackers access to the branch computer systems. Credit Unions seem to be targeted because they tend to be smaller local associations rather then larger banks with higher budgets for computer security.

When people think computer security, they usually envision high tech systems comprising of long passwords, expensive hardware, and updating software with the latest security patches. However, as famed social engineer and hacker Kevin Mitnick once said, “There is no patch for stupidity”.

[via threat post]

Posted in news, security hacks

Hack your customer service rep

Strom Carlson — Fri, 15 Aug 2008 23:50:00 +0000

Hacks come in all forms, and psychological hacks are no different. [Noah Goldstein], a behavioral scientist at the University of Chicago, has written a book in which he details scientifically proven methods of persuading others. One of these methods stands out as being particularly useful at alleviating one of the most aggravating aspects of modern life: dealing with customer service representatives over the telephone.

The trick? Be nice, compliment the rep on doing a good job, and offer to write a letter of recommendation. Since it stands to reason that the customer service rep is probably having a crappier day than you (imagine having to talk to a hundred annoyed people five days a week and you’ll get the idea), making the rep feel appreciated is likely to make them want to do more for you in return.

[photo: brycej]

[via BoingBoing]