Tesla attack started with a single phone call

The place for all news posts regarding hacking, activism, and security.

Tesla attack started with a single phone call

Post by parakkafaith on Sat Jun 06, 2015 8:32 pm
([msg=88369]see Tesla attack started with a single phone call[/msg])

Tesla attack started with a single phone call

Tesla Motors was recently the victim of a website defacement and a Twitter hijacking. While the details of the attack itself aren't particularly interesting (essentially promising free cars to callers), the simplicity of the methods used to gain access to the @TeslaMotors Twitter account makes for an interesting talking point.

Clichés exist for good reason, and in this case, the chain was only as strong as its weakest link. The link I'm referring to is AT&T customer support.

A lot of people around here are already familiar with the benefits of social engineering as a tool, but this story might shine a different light on it for those that don't know just how easy it can be, and just how far it can be taken with malicious intent.

You don't need a high degree of technical know-how to fraudulently spoof authorized personnel over the phone. In many cases, you can just hang up and try again if you fail. For a large company like Tesla Motors, having a competent support network is essential; It's also an inherent security risk.

It's hard to say if there's much that can be done to mitigate the security risks while simultaneously preserving the efficacy of your support staff.

What do you guys think?
"Any technology distinguishable from magic is insufficiently advanced."
- Probably not Arthur C. Clarke
User avatar
parakkafaith
Poster
Poster
 
Posts: 176
Joined: Fri Jan 07, 2011 10:59 pm
Blog: View Blog (0)


Re: Tesla attack started with a single phone call

Post by pretentious on Sun Jun 07, 2015 12:16 am
([msg=88380]see Re: Tesla attack started with a single phone call[/msg])

Maybe a little off topic but this reminded me.
It is very important to secure your email address, because It's pretty much a single point of failure for most online accounts.
You get someones email, you can do a password reset on anything and the link will be given to you
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1202
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Tesla attack started with a single phone call

Post by parakkafaith on Sat Jun 20, 2015 4:11 am
([msg=88590]see Re: Tesla attack started with a single phone call[/msg])

pretentious wrote:Maybe a little off topic but this reminded me.
It is very important to secure your email address, because It's pretty much a single point of failure for most online accounts.
You get someones email, you can do a password reset on anything and the link will be given to you


This is why I'd recommend people have a password they don't use for anything else as their email password. Ideally you don't reuse passwords at all, but for those that can't be bothered, at the very least do it for your email.
"Any technology distinguishable from magic is insufficiently advanced."
- Probably not Arthur C. Clarke
User avatar
parakkafaith
Poster
Poster
 
Posts: 176
Joined: Fri Jan 07, 2011 10:59 pm
Blog: View Blog (0)



Return to Activism and Security News

Who is online

Users browsing this forum: No registered users and 0 guests