Social engineering FAIL

  My final exams are done and I am glad to say it all work as planned, now for the next 2 months i wont have much to do other then focus on my hobbies, and we all know what those are... gaming!

  While browsing the web I came across an interesting conversation about some kid who tried to scam another guy by posing as Steam employee in order to steal someone else's account, this is known as social engineering, its the act of tricking another person into giving you information/access you should not be allowed to have, one could also call it social hacking, this event reminded me of something someone tried to do to me back when I used to play Counter-Strike on steam several years ago, anyway here is the conversation:
br0kenrabbit says: hi
Greg_ValveOLS says: good evening
br0kenrabbit says: What's ip?
br0kenrabbit says: up?
Greg_ValveOLS says: my name is greg a member of the valve online Support team
br0kenrabbit says: On MSN?
Greg_ValveOLS says: yes :)
br0kenrabbit says: Why?
Greg_ValveOLS says: we logged multiple ips from your account and ned to verifi your information
br0kenrabbit says: My information?
Greg_ValveOLS says: we believe someone may have stolen your account mmmm you havent shared youre account infomation with anyone have you?
br0kenrabbit says: No. I don't even have it written down.
Greg_ValveOLS says: hmmm maybe a keylogger on you r PC then maybe you need a format?
br0kenrabbit says: Well...
Greg_ValveOLS says: if you can verify your account information to me i can insure that only your ip have access to it Its a new security feature were trying because this happens so muchlogin names and passwords aint safe anymroe You know. L:)
br0kenrabbit says: Well
Greg_ValveOLS says: dont worry this connect it secure
br0kenrabbit says: Can I be honest with you, Greg?
Greg_ValveOLS says: k
br0kenrabbit says: Look, I don't know how you go this MSN account name, don't really care, either.
br0kenrabbit says: Unlike you, I DO work for Valve. Trace my ip and you'll see.
Greg_ValveOLS says: huh?
Greg_ValveOLS says: bs
br0kenrabbit says: Trace it.
Greg_ValveOLS says: how
br0kenrabbit says: Start/run/cmd type Tracert and then my IP address and hit enter.
Greg_ValveOLS says: oh k
br0kenrabbit says: As an employee, I know that Valve employees will NEVER contact users over MSN. I also know a valve employee will NEVER ask a user for his/her username and password.
br0kenrabbit says: I'm putting a temporary hold on your Steam account.
Greg_ValveOLS says: why?
br0kenrabbit says: Have you read the ToS?
Greg_ValveOLS says: Tod?
Greg_ValveOLS says: tos
br0kenrabbit says: terms of service
Greg_ValveOLS says: were?
br0kenrabbit says: Greg, this is a serious infraction against the Tos. You are at risk of losing your account.
Greg_ValveOLS says: why
br0kenrabbit says: I just told you why
Greg_ValveOLS says: :(
br0kenrabbit says: I need some information from you if you want me to unlock you account. I'm going to write you up but I will only suspend you account for three days, since this is your first infraction, okay?
Greg_ValveOLS says: k
br0kenrabbit says: First, what is the name the account is registered to. Not the user name, the persons real name who created the account. This is for verification purposes.
Greg_ValveOLS says: xxxxx xxxxxxx
br0kenrabbit says: Is this you?
Greg_ValveOLS says: ya
br0kenrabbit says: Are you the only user of this account?
Greg_ValveOLS says: ya
br0kenrabbit says: Okay, and what is the username
Greg_ValveOLS says: xxxxxxxx
br0kenrabbit says: Okay.
br0kenrabbit says: I see you have purchased a few of our games, thank you. :)
Greg_ValveOLS says: some. dude
Greg_ValveOLS says: m
br0kenrabbit says: Do you always log on from the same IP?
Greg_ValveOLS says: ya
br0kenrabbit says: And who is your internet providers, your ISP?
Greg_ValveOLS says: xxxxxxx
br0kenrabbit says: Thank you. One moment, please, let me verify this information.
Greg_ValveOLS says: am i gonna be bale to play 2nite?
br0kenrabbit says: What is your city of residence?
br0kenrabbit says: That depends on if you cooperate. You're doing fine so far.
Greg_ValveOLS says: xxxxxx
br0kenrabbit says: Illinios?
Greg_ValveOLS says: yes
br0kenrabbit says: Okay. And what is the password associated with this account?
Greg_ValveOLS says: xxxxxxx
br0kenrabbit says: Okay. Do not try to log into steam. If you are connected now you need to log off.
Greg_ValveOLS says: why
br0kenrabbit says: So I can update your account.
Greg_ValveOLS says: can I play 2 nite
Greg_ValveOLS says: clan fight
Greg_ValveOLS says: wont win without me heh
br0kenrabbit says: Heh. You'll have to wait a few minutes. Are you logged off?
Greg_ValveOLS says: ya
br0kenrabbit says: Okay. Give me just a moment.
br0kenrabbit says: Try to log in now.
Greg_ValveOLS says: k
Greg_ValveOLS says: It says login failed wtf wtf!!@?
br0kenrabbit says: Greg
Greg_ValveOLS says: did u ban me???????????>WHY
br0kenrabbit says: Greg
Greg_ValveOLS says: what
br0kenrabbit says: Valve will never ask for your username and password.
  The most interesting part of this conversation was the fact that this kid was fooled with the same trick he himself was using in the first place which was most entertaining.

  Like I said this reminded me of a time when some random 13 year old asked me if  I wanted free full games in my steam account, it was such an obvious trap I wondered if the guy was being serious in his attempt to steal my account information, but I went along with it to see how far it would go.

  At some point he sent me a file, I don't remember if it was a .txt or a .doc file but either one was ludicrous, as I read the content of the file I laughed, it was a survey asking for several information two of which were the account name and password, I asked myself who would get caught by such a ridiculous scheme but then again I also knew several gullible people back then specially the younger generation who would probably be blinded by the prize to see the obvious.

  In the end I gave him the survey back with fake information, he then replied saying the information was not correct, I told him "really? are you sure?", he clearly didn't pick up on the sarcasm so I told the guy how what he was doing was as ridiculous as he was an idiot, of course he tried to defend his scheme saying how he had given access to several other people, then I blocked the guy from the friends list and never saw the guy again.

  I think the most saddest part of this is that this kid probably started doing this because someone else did it to him and he probably fell for it, otherwise there was no reason for him to think such a thing would actually work.

5 comments:

gamyguru said...

Hive Gamer,
Thats a great post and very good conversation, I must say.
I really enjoyed it also I read some reviews of the games and just liked your style of writing...

Keep up the good work, and thanks ... :)

Regards,
GamyGuru (http://gamyguru.wordpress.com)

Vague Raconteur said...

That was hilarious. I actually now am dying to find an idiot like that for an advantage of my own xD

Sa-chan said...

There's always something to laugh with these weird counter-strike attempts at deception...but really, txt? Some people only have their heads with them when they go out because it's attached :P

Magnum said...

I still can't believe that even these days there are people willing to give their trust to random strangers. Along with financial data. Personally, I'd never give away such data.

Shaw said...

fail indeed

Post a Comment

 
Powered by Blogger