Chapter 3. The Direct Attack: Just Asking for It

many social engineering attacks are intricate, involving a number of steps and elaborate planning, combining a mix of manipulation and technological know-how.

But I always find it striking that a skillful social engineer can often achieve his goal with a simple, straightforward, direct attack. Just asking outright for the information may be all that's needed—as you'll see.


Want to know someone's unlisted phone number? A social engineer can tell you half a dozen ways (and you'll find some of them described in other stories in these pages), but probably the simplest scenario is one that uses a single phone call, like this one.

Number, Please

The attacker dialed the private phone company number for the MLAC, the Mechanized Line Assignment Center. To the woman who answered, he said:

"Hey, this is Paul Anthony. I'm a cable splicer. Listen, a terminal box out here got fried in a fire. Cops think some creep tried to burn his own house down for the insurance. They got me out here alone trying to rewire this entire two hundred-pair terminal. I could really use some help right now. What facilities should be working at 6723 South Main?"

In other parts of the phone company, the person called would know that reverse lookup information on nonpub (nonpublished) numbers is supposed to be given out only to authorized phone company people. But MLAC is supposed to be known only to company employees. And while they'd never give out information ...

Get The Art of Deception: Controlling the Human Element of Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.