Successfully Social Engineering an ISP (Sympatico)

1. //Credits: http://www.hackcanada.com/canadian/scams/social_engineer.txt
2.  
3. Successfully Social Engineering an ISP (more specifically, Sympatico)
4.  
5. ***
6.  
7. Social Engineering at any ISP can be easy. Knowing how they operate is key,
8. knowing what the helpdesk is instructed to do and say in certain circumstances
9. is imperative.
10.  
11. DEFINITION
12. Social Engineering: Term used among crackers and samurai for cracking
13. techniques that rely on weaknesses in wetware rather than software; the aim is
14. to trick people into revealing passwords or other information that compromises
15. a target system's security. Classic scams include phoning up a mark who has
16. the required information and posing as a field service tech or a fellow
17. employee with an urgent access problem. See also the tiger team story in the
18. patch entry.
19.  
20. http://www.dictionary.com/cgi-bin/dict.pl?term=Social%20Engineering
21.  
22. THE BASICS
23. The first thing you need to do is determine what you want from the ISP. You
24. may only want a user id or password, or you might be at the other end of the
25. spectrum and want to create total havoc and chaos at the ISP. Either way,
26. specifically figure out what you need. I'm going to focus on getting the
27. password and user ID of Sympatico accounts.
28.  
29. BASIC INFORMATION & SCENARIOS
30. If it's your first shot at calling Sympatico Help Desk (310-SURF), I suggest
31. calling and asking the help desk agent some simple questions to get a good
32. idea of how stupid they are. Crack a few jokes and keep the conversation
33. light. Never EVER let on that you know anything technical. Always play stupid,
34. it'll make them feel smart and empowered (most help desk agents see themselves
35. as knowing more than you anyway, so there's no point in getting into a "i know
36. more than you" argument, it won't get you anywhere). As well, if they can't
37. answer your technical question they'll have to either ask their supervisor or
38. another help desk agent that may draw unnecessary attention to your call. I
39. can't stress enuf, how important it is to come off as being their "buddy". If
40. you sound nervous and unfriendly they'll question you and not feel bad about
41. withholding information.
42.  
43. At Sympatico, each call is logged in what they refer to as "tickets", they're
44. all kept in a database called "remedy". Some help desk agents are lazy and
45. don't log every call, as well, tickets are usually poorly written and not very
46. specific. The only department that logs tickets properly (most of the time) is
47. the Sympatico Abuse department, so be careful if you refer to that department.
48. The good thing is that most of the staff at Sympatico, whether it be a help
49. desk agent or supervisor (or who ever) doesn't know what the Abuse Department
50. does. The abuse department is responsible for answering complaints for network
51. abuse. Their only function is to either deal with people who get spammed or
52. hacked, or deal with people on the Sympatico network who do the spamming and
53. hacking (script kiddies mostly...). This is an important piece of knowledge
54. because if you are trying to get a password, you can use the excuse that the
55. Abuse Department reset your password and you can't remember it or you wrote it
56. down wrong because it doesn't work. If you are going to use that excuse,
57. you'll need to make up a sob story about how someone got your password and was
58. using your account to Spam, or send hate mail or whatever. Don't go overboard,
59. Make it believable! The help desk agent will feel sorry for you and will try
60. to look up the ticket where the password change was documented, so make sure
61. you make it a point to mention that you just got off the phone with the abuse
62. people. They'll hopefully conclude that either they are still working on the
63. "ticket" or that remedy isn't that quick. When you call Sympatico, the
64. automated system will ask you to enter your account number, depending on what
65. your strategy is you may or may not want to enter a number. The number you
66. enter will bring up an account when the help desk agent answers the call. This
67. can be a disadvantage or an advantage depending on how the help desk agent
68. answers the call. What I mean is, sometimes the help desk agents will answer
69. by saying the person's name, like "Sympatico Help Desk, How can I help you Mr.
70. Doe?" then you'll already have the person's last name, if you don't know the
71. first name you can always say you are Mr. Doe's daughter or son and that the
72. account is yours but your parent's pay for it (or whatever.). If the help desk
73. agent doesn't say the person's name (like they're supposed to) they'll say
74. something like "Sympatico Help Desk, Can I have your user ID please?". People
75. enter the wrong account number all the time, so it's no biggie - but you'll
76. have to have a user ID. User ID's usually begin with b1xxxx (the x's represent
77. numbers). If you live in the Yukon then they will start with y1xxxx, if you
78. live in Newfoundland they'll start with a1xxxx, some areas in Nova Scotia also
79. start with a1xxxx. Once you give them the user ID they may ask you for your
80. address. This is when you need to get creative, you can say you just moved and
81. don't remember so you have to look at a piece of mail - when the address
82. doesn't correspond with their address you can say "well, I changed it
83. yesterday with the Billing department. How long does it take for the address
84. change to show in your database?" The help desk agent more than likely won't
85. know that answer since the Billing department is responsible for address
86. changes and such. You can say something like "well, when we're done here can
87. you transfer me to billing so I can make sure they made the change? I don't
88. want to be late paying my bill", showing concern for the well being of the
89. account is always good, when they transfer you, just hang up. Just be creative
90. and pay attention. If the help desk agent says the account holder's name at
91. any point in time that's key. Even if it's some weird name and you aren't sure
92. how to spell it, you can simply complain that companies never spell your name
93. right and your bills have a different spelling on each one (or something like
94. that).
95.  
96. If you can get a Sympatico email address and you know the person's name then
97. getting a password from help desk is very simple. The Sympatico email
98. addresses resolve to the person's user id, so if you have the email address
99. then you have the user id. If you have access to any mail server, it doesn't
100. matter if it's in your name or not, telnet to the mail server and send
101. yourself an email (be sure to put your email address as a blind carbon copy
102. so your email address isn't visible), put the Sympatico email address in the
103. "To:" or "CC:" field and the mail server will resolve the user id for you so
104. when you get the email (they'll get the email too, so make sure you make it
105. look like Spam or something) all of the Sympatico email addresses you entered
106. will be in the form of their user id, it'll look like "b1xxxx@sympatico.ca".
107. I'm sure there's an easier way to resolve the addresses if you only have one
108. address to resolve, but if you have a bunch of email addresses (you can get
109. tons of email addresses from the Sympatico newsgroups by the way) it's easier
110. just to send yourself an email and it'll resolve all of the addresses at the
111. same time. Once you have the user id and email address, there are several
112. things you can do to get this account's password. The easier way would be to
113. call help desk and say that you can't get into your mail box because you get
114. an error message saying that the password is wrong (remember not to mention
115. authentication or anything, choose your words carefully - you want to sound as
116. computer illiterate as possible.). The help desk agent will ask you to verify
117. the password - the Sympatico passwords usually contain lower case letters and
118. numbers. The letters are always lower case and 8 characters long. You can say
119. that it's already in the password field but you can't see it because of the
120. *'s (asterisks) and that you had it written down somewhere (rustle paper
121. around and stuff, make it sound like you are looking for it), just say you
122. can't find it. Make up a convincing story about how you haven't changed it and
123. it's been in the password field and worked yesterday. Ask them if they are
124. having problems with mail (try not to mention mail servers, again this will
125. make you sound smarter than you want to sound), eventually the help desk agent
126. will get fed up and tell you to write down the password and they'll give it to
127. you. This has worked more times than not for me - the key to sound really
128. computer illiterate and really dumb. As with any call you make to the help
129. desk, it just depends on who you get and how convincing you sound.
130.  
131. The time you decide to call will also make things easier on you. It's always
132. worse to get someone at the beginning of their shift. Most shifts are at
133. either 7am - 3pm, 8am - 4pm, 4pm - midnight, 11pm - 7am (those are the
134. regularly scheduled shifts for the help desk.). The abuse department works
135. from 8am - 4pm and 4pm to midnight. So time your call properly and it'll make
136. everything that much easier for you. The people who work from 11pm - 7am are
137. never happy so if you call at like 2am, they're already sick of taking calls
138. from drunken bastards who piss them off - it's always better to avoid calling
139. those guys, they're tired and unpredictable! :)
140.  
141. If you have to call back and try again, make sure you do it during high peak
142. hours, like around 6pm (the help desk is in the eastern time zone ([-4 GMT],
143. EST) because if the help desk agent you last spoke to is free you will get
144. that person again. The system is designed to direct your call to the last
145. person you spoke to unless they are already talking to someone else. There are
146. probably a couple of hundred help desk agents, including billing and the high
147. speed agents, so if you call during high peak hours the chances of getting the
148. same person are slim. If you call back using the same user ID and/or account
149. information there will more than likely be a ticket already logged in remedy
150. that describes the last call. If you messed up really bad and the help desk
151. agent noticed, it would be logged in the ticket. Even if you mess up you can
152. always leave the call open by saying something like "I can't find the address
153. (or whatever piece of info it is you are stuck on), I'll have to call back"
154. then when you do call back it won't seem so weird because the fact that you
155. are calling back will be logged in the ticket.
156.  
157. CONCLUSION
158. Don't be afraid to use this information, the worst thing that can happen is
159. you won't get the information you want and will have to call back. Try not to
160. raise any suspicion by hanging up on the person, ride it out until they give
161. you the information you need. Be persistent and creative, you'll get what you
162. want. This information should help, it's not meant to be the official guide -
163. use it for tips and bits of information. As with everything else, you have to
164. figure stuff out on your own.
165.  
166.  
167. WonderWench
168.  
169. 12/28/2000
170.  
171. ***
172.  
173. resist, unlearn, defy
174.  
175. ***